Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#56309 - [stunnel] 5.43 does not accept connections on server side

Attached to Project: Community Packages
Opened by bonob (bonob) - Monday, 13 November 2017, 10:38 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 16 November 2017, 14:18 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
stunnel 5.43 does not accept connections on the server side.
After downgrading to 5.42, the server works normally, using the same config file (server_config.txt attached).
Logs attached are using debug = 7.

Additional info:
* package versions: 5.43 on the server and the client side
* config and log files:
- client_config.txt: the server stunnel config
- server_config.txt: the client stunnel config
- client_log_5-43.txt: client log, unsuccessful connection when the server is in 5.43; there is no log at all on the server side in this case
- client_log_5-42.txt and server_log_5-42.txt: client and server logs, successful connection when the server is in 5.42; the client remains in 5.43, and the config files used are the same.

Step to reproduce:
On the client, open an ssh connection through stunnel:
$ ssh localhost -p 8022

Ssh connection successful when the server is in 5.42

Ssh connection fails when the server is in 5.43; the command results in the following error:
ssh_exchange_identification: read: Connection reset by peer
   client_config.txt (0.1 KiB)
   server_config.txt (0.2 KiB)
   client_log_5-43.txt (1.2 KiB)
   client_log_5-42.txt (3.2 KiB)
   server_log_5-42.txt (3.6 KiB)
This task depends upon

Closed by  Doug Newgard (Scimmia)
Thursday, 16 November 2017, 14:18 GMT
Reason for closing:  Not a bug
Additional comments about closing:  Config issue
Comment by Steve Tom (dcipha) - Wednesday, 15 November 2017, 15:02 GMT
Add the IP address of the interface you want to connect to in the "accept" option in your server config. That should fix it. The new version only binds to localhost if only the port is specified.

Example:
accept = xxx.xxx.xxx.xxx:8022
Comment by bonob (bonob) - Thursday, 16 November 2017, 07:37 GMT
Indeed, it works when specifying the interface IP.
Not clear that this is the intended behavior, and it has just been reported upstream too: https://www.stunnel.org/pipermail/stunnel-users/2017-November/005882.html

I will request closure of this ticket.

Loading...