Hi Server's response of closing the connection is solved by mentioning CAfile = C:\Program Files (x86)\stunnel\peer-LMAX-fix-tunnel-DEMO-MktData.pem in conf file but now I am getting "CERT: Verification error: unable to get local issuer certificate" error.
Please suggest how to solve it. Thanks&Regards Vivek Gupta 9971514343 On Mon, October 6, 2014 8:21 pm, Graham Nayler \(work\) wrote: > Vivek, > > > "Problem is stunnel is receiving the data from Client but this data is > not being forwarded to server" No it is not. From the evidence provided by > you: (Connection closed: 150 > byte(s) sent to SSL, 0 byte(s) sent to socket) the message has been passed > on to the server, but it has responded by shutting down the link without > returning any data. This is what was confirmed by Michal in his tests > using "openssl s_client...." and "curl ....". I've also just tried > acceessing that server from a browser and got "No data received". > > Now it's possible/likely that neither Michal nor myself have sent the > server anything that would return valid data, so there is other > information you need to provide. What are you sending to the server and > what return to you expect? You need to post that (obviously something not > commercially sensitive) Do you have an application that IS receiving data > from that server not using stunnel? I see that trade.lmaxtrader.com > responds with a login screen. Is the fix-md-ate url only available after > some kind of login? Or do you need to provide it with a specific > certificate to get an authorized response? > > (The next two are highly unlikely, if this is part of LMAX which appears > to be a sizeable organisation) Do you have any control over how that server > is implemented? If the server is securing its end of the conversation with > Stunnel, it's > possible that there is a bug there: Stunnel 5.xx prior to 5.05 had a race > condition bug whereby it may close the connection without returning data. > That has now been fixed in 5.05...but it may be worth checking. > > > The problem is most likely something wrong with what you (and we) are > sending, or you need to contact the owner of the server site. (I only > looked at your problem because it has the same symptoms I had with the > server-side bug, but it's not likely that this is your problem) > > Graham > > > > ----- Original Message ----- > From: "Vivek Gupta" <[email protected]> > To: "Michal Trojnara" <[email protected]> > Cc: <[email protected]> > Sent: Monday, October 06, 2014 1:33 PM > Subject: Re: [stunnel-users] STunnel Connection closed: 150 byte(s) sent > to SSL, 0 byte(s) sent to socket > > > >> Hi Michal >> >> >> Problem is stunnel is receiving the data from Client but this data is >> not being forwarded to server and then connection is closed. I am stuck >> in that. >> >> My config options is as follows: >> >> >> fips = yes cert = stunnel.pem key = stunnel.pem socket = l:TCP_NODELAY=1 >> socket = r:TCP_NODELAY=1 client = yes accept = 127.0.0.1:40003 connect = >> fix-md-ate.lmaxtrader.com:443 >> >> >> Thanks & Regards >> Vivek Gupta >> 9971514343 >> >> >> >> On Mon, October 6, 2014 5:17 pm, Michal Trojnara wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Hi Vivek, >>> >>> >>> >>> I tried connecting fix-md-ate.lmaxtrader.com:443 with s_client: >>> $ openssl s_client -connect fix-md-ate.lmaxtrader.com:443 -tls1 >>> >>> >>> >>> The service behaves the same way as with stunnel: it negotiates TLS, >>> and then disconnects the TCP session without sending any data. I >>> cannot see any stunnel error here. >>> >>> Another example: >>> $ curl -1 https://fix-md-ate.lmaxtrader.com >>> curl: (52) Empty reply from server >>> >>> >>> >>> Mike >>> >>> >>> >>> Vivek Gupta wrote: >>> >>> >>>> Hi >>>> >>>> >>>> >>>> I am using sTunnel for communication betweem my TCP client and a >>>> remote SERVER but I am getting error as always- >>>> >>>> Signal pipe is empty Service [LMAX-fix-tunnel-DEMO-MktData] >>>> accepted (FD=348) from 127.0.0.1:55919 2014.10.06 :34:56 LOG7[4220]: >>>> Creating a new thread New thread created Service >>>> [LMAX-fix-tunnel-DEMO-MktData] started Service >>>> [LMAX-fix-tunnel-DEMO-MktData] accepted connection from >>>> 127.0.0.1:55919 s_connect: connecting 91.215.165.69:443 s_connect: >>>> s_poll_wait 91.215.165.69:443: waiting 10 seconds s_connect: >>>> connected 91.215.165.69:443 Service [LMAX-fix-tunnel-DEMO-MktData] >>>> connected remote server from 192.168.1.5:55920 Remote socket >>>> (FD=352) >>>> initialized SNI: sending servername: fix-md-ate.lmaxtrader.com SSL >>>> state (connect): before/connect >>>> initialization SSL state (connect): SSLv3 write client hello A SSL >>>> state (connect): SSLv3 read server hello A SSL state (connect): >>>> SSLv3 read server certificate A SSL state (connect): SSLv3 read >>>> server done A SSL state (connect): SSLv3 write client key exchange A >>>> SSL >>>> state (connect): SSLv3 write change cipher spec A SSL state >>>> (connect): >>>> SSLv3 write finished A SSL state (connect): SSLv3 flush >>>> data SSL state (connect): SSLv3 read finished A 1 items in the >>>> session cache 1 client connects (SSL_connect()) 1 client connects >>>> that finished 0 client renegotiations requested 0 server connects >>>> (SSL_accept()) 0 >>>> server connects that finished 0 server renegotiations requested 0 >>>> session cache hits 0 external session cache hits 0 session cache >>>> misses 0 session cache timeouts Peer certificate was cached (3944 >>>> bytes) SSL connected: new session >>>> negotiated Negotiated TLSv1/SSLv3 ciphersuite: AES128-SHA (128-bit >>>> encryption) Compression: null, expansion: null SSL_read returned >>>> WANT_READ: retrying SSL socket closed (SSL_read) Sent socket write >>>> shutdown Connection closed: 150 byte(s) sent to SSL, 0 byte(s) sent >>>> to socket Remote socket (FD=352) closed Local socket (FD=348) closed >>>> Service [LMAX-fix-tunnel-DEMO-MktData] finished (0 left) >>>> >>>> >>>> >>>> Please suggest. _______________________________________________ >>>> stunnel-users mailing list [email protected] >>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >>>> >>>> >>>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 >>> >>> >>> >>> iEYEARECAAYFAlQygVoACgkQ/NU+nXTHMtHRAQCeP6yfrYGrP4bBt1T2CnNR8lhK >>> abQAoKeGCx2RqhefgIoVDdrInjK6TxUx =MHiJ -----END PGP SIGNATURE----- >>> _______________________________________________ >>> stunnel-users mailing list [email protected] >>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >>> >>> >>> >> >> _______________________________________________ >> stunnel-users mailing list [email protected] >> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >> >> > > _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
