On Tue, Apr 15, 2014 at 09:55:42AM -0400, Nigel Horne wrote: > On 15/04/2014 09:47, Peter Pentchev wrote: > >On Tue, Apr 15, 2014 at 09:22:17AM -0400, Nigel Horne wrote: > >>Peter, > >> > >>Thanks for your prompt response. > >> > >> > >>When I run /etc/init.d/stunnel4 start I get this cryptic message: > >> > >>[Failed: /etc/stunnel/smtp.verizon.net.conf] > >>You should check that you have specified the pid= in you [sic] > >>configuration file > >> > >>What does it mean? How do I rememdy the situation? > >> > >>'man stunnel' gives no clue about to do to fix it. > >> > >>>Hi, > >>> > >>>Thanks for trying out the still quite fresh version of stunnel! > >>> > >>>Could you edit your smtp.verizon.net.conf file and add a 'debug=5' > >>>setting in the global section? After that, restarting it will probably > >>>supply a more meaningful error message. Also, is there an 'output' > >>>setting in your config file - and if there is, has stunnel logged some > >>>error messages in the file specified there? If there isn't, has stunnel > >>>logged some error messages through syslog? > >>Here's the output with debug=5: > >Thanks, I see the problem now: > > > >>root@compaq:/etc/stunnel# /etc/init.d/stunnel4 restart > >>Restarting SSL tunnels: [ ] Clients allowed=500 > >>[.] stunnel 5.01 on x86_64-pc-linux-gnu platform > >>[.] Compiled/running with OpenSSL 1.0.1g 7 Apr 2014 > >>[.] Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP > >>[ ] errno: (*__errno_location ()) > >>[.] Reading configuration from file /etc/stunnel/smtp.verizon.net.conf > >>[.] FIPS mode disabled > >>[ ] Compression disabled > >>[ ] Snagged 64 random bytes from /root/.rnd > >>[ ] Wrote 1024 new random bytes to /root/.rnd > >>[ ] PRNG seeded successfully > >>[ ] Initializing service [ req ] > >>[ ] No private key specified > >>[ ] SSL options set: 0x00000004 > >>[.] Configuration successful > >So far so good, but... > > > >>[!] Error binding service [ req ] to 0.0.0.0:2525 > >>[!] bind: Address already in use (98) > >These two lines show the problem. There is already something else > >listening on port 2525. > > > >Now I see two possibilities: > >- you have another stunnel instance (something else in > > /etc/stunnel/*.conf) that also tries to listen on port 2525 > >- you have another program that also tries to listen on port 2525 > > I wonder then if the upgrade process (I ran apt-get update today) failed to > stop the old version?
Hm, in theory it's possible, but it shouldn't have. On second thoughts, see below, yes, I do believe that this is exactly the problem. > >Could you run these two commands as root and show me their output? > > > >netstat -atpn | fgrep -e :80 > root@compaq:/home/njh# netstat -atpn | fgrep -e :80 > tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 3283/perl > tcp 0 0 192.168.1.2:8080 0.0.0.0:* LISTEN 3283/perl > tcp6 0 0 :::80 :::* LISTEN 2413/apache2 Oof, I'm stupid. I meant fgrep -e :2525, of course. Anyway, see below. > root@compaq:/home/njh# > > > >fgrep -we accept /etc/stunnel/*.conf > root@compaq:/home/njh# fgrep -we accept /etc/stunnel/*.conf > accept = 2525 > root@compaq:/home/njh# ...ok, so you only have this in a single file (and it seems that you only have a single *.conf file in /etc/stunnel/ anyway, so grep didn't bother showing file names). That looks fine. Well, this is interesting. I think I know what the problem is now. It's related to the fact that in version 5.00 the author of stunnel decided to turn off the automatic pid file setting, and your config file does not explicitly specify a pid file (it didn't need to until now). Thus, when the upgrade process tries to stop the running stunnel service, it doesn't know how to - it doesn't know which pid file to look for, since that's not specified in the config file. Hmm. Shouldn't it have figured it out by itself? (no, I'm not asking you, just thinking out loud here :)) OK, so now can you do the following for me? 1. Still, let's see the output of netstat -atpn | fgrep -e :2525 2. Don't kill the running stunnel process yet, I'd like to check what's going on. 3. Show me the output of: ls /var/run/*.pid ls /var/run/stunnel/*.pid ls /var/run/stunnel4/*.pid (it's okay if the second command gives back an error, I expect that; it's also kind of okay if the third one gives an error, but I'd still like to see that :)) 4. Run the following command: service stunnel4 stop 2>&1 | tee /tmp/stunnel-stop.log ...and then show me the full contents of /tmp/stunnel-stop.log I *think* that after you've run these commands I'll have enough info to fix this bug for other people's upgrades, so after that you'll be free to kill the stunnel process, if the netstat command shows that it is indeed an stunnel process listening on port 2525. After that, it'd be best if you add a line to the global section of your config file saying something like: pid = /var/run/stunnel4/smtp.verizon.pid ...and then "service stunnel4 start" and "service stunnel4 stop" should work properly. I'm almost thinking of reverting this part of upstream's change, so that pid files are created by default again, but I'll have to think about this a little bit more. Thanks for reporting the bug and for your assistance! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 I am the thought you are now thinking. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
