Hi,I forwarded your question to upstream author of stunnel, here is his answer below.
best Regards, Julien
There is a way to close HTTP/1.1 in a clean way: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.10 This is how this problem should be solved. Alternative solution is "TIMEOUTclose=0" in stunnel.conf, but it is not recommended. gary ng wrote:
Package: stunnel4 Version: 3:4.18-2 Severity: minor I use stunnel to get SSL feature in lua through unix domain socket by dup2 the stdin with a socketpair() then fork(), exec() stunnel. It works very well except one thing, closing the domain socket would take 60 seconds(waitpid) for stunnel to exit. For many protocols, there is explicit "EXIT" command which I can use but not for HTTP 1.1 with keep-alive. The server would wait for the client socket to close which in the case of stunnel needs to "relay" to it. Just hope there is a parameter for me to shorten this wait time as by the time I close the client side, I would not need the connection anymore. At the moment, I just skip the waitpid() but that leaves lots of zombie in the process table. It is not a big issue, just ugly when doing "top". -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-co-0.8 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages stunnel4 depends on: ii adduser 3.100 Add and remove users and groups ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libssl0.9.8 0.9.8c-4 SSL shared libraries ii libwrap0 7.6.dbs-12 Wietse Venema's TCP wrappers libra ii netbase 4.27 Basic TCP/IP networking system ii openssl 0.9.8c-4 Secure Socket Layer (SSL) binary a ii perl-modules 5.8.8-6.1 Core Perl modules ii zlib1g 1:1.2.3-13 compression library - runtime stunnel4 recommends no packages. -- no debconf information
smime.p7s
Description: S/MIME Cryptographic Signature
