[stunnel-users] tstunnel.exe fails to start after updating from 5.67 to 5.68

Yasuhiro Kimura Mon, 20 Feb 2023 02:03:50 -0800

Hello,

I install stunnel to my 64bit Windows 10 22H2 PC with official Windows
installer and use tstunnel.exe to create TLS connection to IMAP server
with configuration file as following ("debug=debug" line is added for
debugging purpose).


----------------------------------------------------------------------
client=yes
verify=2
checkHost=imap.example.org
CApath=C:/Users/yasu/.certs
debug=debug
[13579]
accept=localhost:13579
connect=imap.example.org:143
protocol=imap
----------------------------------------------------------------------

With version 5.67, tstunnel.exe successfully starts as following.

----------------------------------------------------------------------
C:\Users\yasu>tstunnel C:\Users\yasu\Temp\tstunnel.conf
2023.02.19 04:29:11 LOG6[ui]: Initializing inetd mode configuration
2023.02.19 04:29:11 LOG7[ui]: Running on Windows 6.2
2023.02.19 04:29:11 LOG7[ui]: No limit detected for the number of clients
2023.02.19 04:29:11 LOG5[ui]: stunnel 5.67 on x64-pc-mingw32-gnu platform
2023.02.19 04:29:11 LOG5[ui]: Compiled/running with OpenSSL 3.0.7 1 Nov 2022
2023.02.19 04:29:11 LOG5[ui]: Threading:WIN32 Sockets:SELECT,IPv6 
TLS:ENGINE,FIPS,OCSP,PSK,SNI
2023.02.19 04:29:11 LOG7[ui]: errno: (*_errno())
2023.02.19 04:29:11 LOG6[ui]: Initializing inetd mode configuration
2023.02.19 04:29:11 LOG7[ui]: Running on Windows 6.2
2023.02.19 04:29:11 LOG5[ui]: Reading configuration from file 
C:\Users\yasu\Temp\tstunnel.conf
2023.02.19 04:29:11 LOG5[ui]: UTF-8 byte order mark not detected
2023.02.19 04:29:11 LOG5[ui]: FIPS mode disabled
2023.02.19 04:29:11 LOG6[ui]: Compression disabled
2023.02.19 04:29:11 LOG7[ui]: No PRNG seeding was required
2023.02.19 04:29:11 LOG6[ui]: Initializing service [13579]
2023.02.19 04:29:11 LOG6[ui]: stunnel default security level set: 2
2023.02.19 04:29:11 LOG7[ui]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2023.02.19 04:29:11 LOG7[ui]: TLSv1.3 ciphersuites: 
TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
2023.02.19 04:29:11 LOG7[ui]: TLS options: 0x2100000 (+0x0, -0x0)
2023.02.19 04:29:11 LOG6[ui]: Session resumption enabled
2023.02.19 04:29:11 LOG7[ui]: No certificate or private key specified
2023.02.19 04:29:11 LOG6[ui]: DH initialization skipped: client section
2023.02.19 04:29:11 LOG7[ui]: ECDH initialization
2023.02.19 04:29:11 LOG7[ui]: ECDH initialized with curves 
X25519:P-256:X448:P-521:P-384
2023.02.19 04:29:11 LOG5[ui]: Configuration successful
2023.02.19 04:29:11 LOG7[ui]: Deallocating deployed section defaults
2023.02.19 04:29:11 LOG7[ui]: Binding service [13579]
2023.02.19 04:29:11 LOG7[ui]: Listening file descriptor created (FD=524)
2023.02.19 04:29:11 LOG7[ui]: Setting accept socket options (FD=524)
2023.02.19 04:29:11 LOG7[ui]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2023.02.19 04:29:11 LOG6[ui]: Service [13579] (FD=524) bound to ::1:13579
2023.02.19 04:29:11 LOG7[ui]: Listening file descriptor created (FD=528)
2023.02.19 04:29:11 LOG7[ui]: Setting accept socket options (FD=528)
2023.02.19 04:29:11 LOG7[ui]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2023.02.19 04:29:11 LOG6[ui]: Service [13579] (FD=528) bound to 127.0.0.1:13579
2023.02.19 04:29:11 LOG7[cron]: Cron thread initialized
2023.02.19 04:29:11 LOG6[cron]: Executing cron jobs
2023.02.19 04:29:11 LOG6[cron]: Cron jobs completed in 0 seconds
2023.02.19 04:29:11 LOG7[cron]: Waiting 86400 seconds
----------------------------------------------------------------------

And if I try `telnet localhost 13579`, then I can successfully connect
to IMAP server.

But after updating from 5.67 to 5.68, it fails to start as following.

----------------------------------------------------------------------
C:\Users\yasu>tstunnel C:\Users\yasu\Temp\tstunnel.conf
[ ] Initializing inetd mode configuration
[ ] Running on Windows 6.2
[ ] No limit detected for the number of clients
[.] stunnel 5.68 on x64-pc-mingw32-gnu platform
[.] Compiled/running with OpenSSL 3.0.8 7 Feb 2023
[.] Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
[ ] errno: (*_errno())
[ ] Initializing inetd mode configuration
[ ] Running on Windows 6.2
[.] Reading configuration from file C:\Users\yasu\Temp\tstunnel.conf
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [13579]
[ ] stunnel default security level set: 2
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLSv1.3 ciphersuites: 
TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
[ ] TLS options: 0x2100000 (+0x0, -0x0)
[ ] Session resumption enabled
[ ] No certificate or private key specified
[!] No trusted certificates found
[!] Service [13579]: Failed to initialize TLS context
[!] Configuration failed
[ ] Deallocating temporary section defaults
[ ] Deallocating section [13579]
----------------------------------------------------------------------

Why these different results happen? Is it bug of 5.68? Or it there any
incompatible change between 5.67 and 5.68?

---
Yasuhiro Kimura
_______________________________________________
stunnel-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[stunnel-users] tstunnel.exe fails to start after updating from 5.67 to 5.68

Reply via email to