- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: STUNNEL start-up problem
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2008 07:38 AM
тАО02-08-2008 07:38 AM
STUNNEL start-up problem
Today I was trying to get STUNNEL working on my Alpha boxes running VMS8.3 and TCP/IP V5.6 - ECO 2.
I did run into problems running the startup-scripts (stunnel_startup_client.com & stunnel_startup_server.com). In both cases the stunnel process crashes when it tries to read the "PEM pass phrase" (from SYS$INPUT ???).
It seems that the "run/detach/input=sys$syste:loginout.exe" is the bottleneck in this case, since when I replace this by a "spawn/nowait" stunnel starts and works as expected.
The read of the "PEM pass phrase" occurs somewhere in the (Open)SSL library. Why does this fail in detached mode?
As is obvious, I prefer to run stunnel in detach-mode.
Jouk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2008 08:02 AM
тАО02-08-2008 08:02 AM
Re: STUNNEL start-up problem
That command line is broken.
Is that a cut & paste or a bad retype?
probably needs to be something like:
run/detach/input=some.file sys$systeM:loginout.exe
Cheers,
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2008 10:03 AM
тАО02-08-2008 10:03 AM
Re: STUNNEL start-up problem
I had the same problem about the PEM pass phrase.
The stunnel startup scripts creates another temporary script file with a name like STUNNEL_DETACHED.COM, containing the actual stunnel command that will be executed.
This temporary script needs to have the PEM pass phrase, when one is necessary (e.g. encrypted private keys?), immediately after the stunnel command.
Take a look at both stunnel_client_startup.com and stunnel_startup_server.com. You'll see these two commands right near the bottom:
$ write run_stunnel_file stunnel_command
$ close run_stunnel_file
Between these insert a line like this:
$ write run_stunnel_file -
"Insert your actual PEM passphrase here, between the double quotes"
Then right after the close statement:
$ set file/prot=(s,o:red,g,w)/erase_on_delete stunnel_detached.com
It's too bad the pass phrase has to be imbedded like this, so we protect it against everybody else and set it to be erased when deleted.
Hope this helps.
Galen
I'll be out until Monday morning, but let me know how it goes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2008 11:01 AM
тАО02-08-2008 11:01 AM
Re: STUNNEL start-up problem
You can not have it do a $DELET/ERASE, that is to say that will give an acces conflict warning, be a regulare delete is fine.
If interested check out this example:
----------------- test_delete_while_used.com ----
$create tmp.tmp
$DECK/DOLLAR
$ tmp_file = f$environment ("procedure")
$ dir/date 'tmp_file ! Proof it is there
$ delete/log 'tmp_file ! Show it go
$ type sys$input
$EOD
$OPEN/APPEN tmp tmp.tmp
$write tmp "Doing secret stuff here"
$write tmp "$ exit
$close tmp
$SET FILE/ERASE_ON_DELETE tmp.tmp
$@tmp.tmp
$dir tmp.tmp ! Proof it is gone
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2008 12:13 AM
тАО02-11-2008 12:13 AM
Re: STUNNEL start-up problem
$ STUNNEL :== $SYS$DISK:[]stunnel_alpha.exe
$ STUNNEL SYS$DISK:[]STUNNEL_SERVER.conf
Hein of course I did some cutting/pasting.
The actual not working command with the above command procedurte is:
$ run /detach sys$system:loginout /input=SYS$DISK:[]stunnel_detached.com -
/process_name='stunnel_proc_name' -
/output=nl:
If I use the following command it works like a charm
$ spaw/nowait/proc='stunnel_proc_name' @SYS$DISK:[]stunnel_detached.com
The problem with the /detach is the reading of the password.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2008 03:49 AM
тАО02-11-2008 03:49 AM
Re: STUNNEL start-up problem
$ def/us sys$command sys$input
just before the startup of stunnel.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2008 04:03 AM
тАО02-11-2008 04:03 AM
Re: STUNNEL start-up problem
This results in an even "worse" error:
Error opening primary input file SYS$INPUT
File not found
Jouk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2008 04:39 AM
тАО02-11-2008 04:39 AM
Re: STUNNEL start-up problem
>> Hein of course I did some cutting/pasting.
The actual not working command with the above command procedurte is...
Yeah, well, that seems likely. But you failed to give a good command, and failed to give a good error message "the stunnel process crashes" so why trust you? :-)
What does 'crash' really mean? ACCVIO
use process dump to analyze?
>> (from SYS$INPUT ???).
That may well be critical.
Maybe it erroneouls reads from "TT:" and you have that defined?
Just to be sure I tested the basic sequence with a tivial command file:
$ create tmp.com
$ typ tmp.com
$ copy sys$input tmp.tmp
aap noot mies
$ open/appen tmp tmp.tmp
$ write tmp f$mode()
$ close tmp
$
$ @tmp.com
$ spawn tmp.com
$ run/detac sys$system:loginout /input=SYS$DISK:[]tmp.com /out=nl:
... it all works.
The differenence (of course) is that the detached example puts 'OTHER' in the file, the others 'INTERACTIVE'.
Does yout (sy)login.com create a different environment for process mode OTHER which is not acceptable for STUNNEL?
How about testing with a similar silly command file which just does a
$DEFINE SYS$OUTPUT tmp.tmp
$SHOW SYMB*
$SHOW LOG *
Now $DIFF the output files...
Groetjes,
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2008 08:59 AM
тАО02-11-2008 08:59 AM
Re: STUNNEL start-up problem
Try changing the /OUT=NL: to something like /OUT=SYS$MANAGER:STUNNEL_SERVER_RUN.LOG
You may learn a little more about this or other problems by catching this output rather than trash-canning it.
I was not impressed with the quality of the startup and shutdown command scripts. The shutdown scripts were flat out broken, but it's not hard to combine their functions into one file. Unfortunately it's too long to type here (does that sound like a famous marginal note by Fermat? :-) and my VMS systems are on a classified network so I can't just copy it over.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-12-2008 12:32 AM
тАО02-12-2008 12:32 AM
Re: STUNNEL start-up problem
You probably gave a clue to the source of the problem, however I have no idea how to solve it.
With your command-procedure slightly modified:
$ create tmp.com
$ typ tmp.com
$ copy sys$input tmp.tmp
wim zus jet
$ open/appen tmp tmp.tmp
$ write tmp f$mode()
$ close tmp
$
$ @tmp.com
$ spawn @tmp.com
$ run/detac sys$system:loginout /input=SYS$DISK:[]tmp.com /out=nl:
I get always INTERACTIVE as last line of tmp.tmp. I used the system account which does defines nothing in its login.com to produce this. The syslogin.com is the system default (it dates 6-Oct-1995, which is even older than the first installation on the machine)
So probably because of the f$mode=INTERACTIVE in the detached mode Stunnel tries to read from the wrong source.
Jouk