Stunnel代理发送文件未找到错误

Question

我在RedHatLinux6.8上有一个Stunnel 4.29，它不会启动，并会发出一个‘没有这样的文件或目录’错误：

# /usr/bin/stunnel /etc/stunnel/agent/dynatrace-agent.conf 
2017.05.03 19:04:26 LOG7[3880:140667243153344]: Snagged 64 random bytes from /root/.rnd
2017.05.03 19:04:26 LOG7[3880:140667243153344]: Wrote 1024 new random bytes to /root/.rnd
2017.05.03 19:04:26 LOG7[3880:140667243153344]: RAND_status claims sufficient entropy for the PRNG
2017.05.03 19:04:26 LOG7[3880:140667243153344]: PRNG seeded successfully
2017.05.03 19:04:26 LOG3[3880:140667243153344]: nil: No such file or directory (2)

使用strace，我看到一个可疑的尝试，试图统计一个文件‘0’：

# strace -e trace=stat -f /usr/bin/stunnel /etc/stunnel/agent/dynatrace-agent.conf 
stat("/root/.rnd", {st_mode=S_IFREG|0600, st_size=1024, ...}) = 0
stat("/root/.rnd", {st_mode=S_IFREG|0600, st_size=1024, ...}) = 0
stat("/root/.rnd", {st_mode=S_IFREG|0600, st_size=1024, ...}) = 0
stat("nil", 0x7ffe119643d0)             = -1 ENOENT (No such file or directory)
2017.05.03 19:11:30 LOG7[3916:140189915436992]: Snagged 64 random bytes from /root/.rnd
2017.05.03 19:11:30 LOG7[3916:140189915436992]: Wrote 1024 new random bytes to /root/.rnd
2017.05.03 19:11:30 LOG7[3916:140189915436992]: RAND_status claims sufficient entropy for the PRNG
2017.05.03 19:11:30 LOG7[3916:140189915436992]: PRNG seeded successfully
2017.05.03 19:11:30 LOG3[3916:140189915436992]: nil: No such file or directory (2)
+++ exited with 1 +++

我还看到连接到套接字的尝试失败：

# strace -e trace=connect -f /usr/bin/stunnel /etc/stunnel/agent/dynatrace-agent.conf                                                                                               
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
2017.05.03 19:12:54 LOG7[3928:139643326924736]: Snagged 64 random bytes from /root/.rnd
2017.05.03 19:12:54 LOG7[3928:139643326924736]: Wrote 1024 new random bytes to /root/.rnd
2017.05.03 19:12:54 LOG7[3928:139643326924736]: RAND_status claims sufficient entropy for the PRNG
2017.05.03 19:12:54 LOG7[3928:139643326924736]: PRNG seeded successfully
2017.05.03 19:12:54 LOG3[3928:139643326924736]: nil: No such file or directory (2)
+++ exited with 1 +++

这是我的配置文件：

# cat /etc/stunnel/agent/dynatrace-agent.conf 
; This stunnel config is managed by Puppet.

cert = nil
key = nil
CAfile = nil
CRLfile = nil
sslVersion = TLSv1
verify = 2

chroot = /var/lib/stunnel/dynatrace-agent
setuid = dtagent
setgid = dtagent
pid = dynatrace-agent.pid

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

debug = 7
output = /var/log/dynatrace-agent.log

client = yes

[dynatrace-agent]
accept = localhost:9998
connect = x.x.x.x:7443

版本信息：

# stunnel -version
stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013
Threading:PTHREAD SSL:ENGINE,FIPS Sockets:POLL,IPv6 Auth:LIBWRAP

Global options
debug           = 5
pid             = /var/run/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /etc/stunnel/stunnel.pem
ciphers         = ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES
curve                  = prime256v1
key             = /etc/stunnel/stunnel.pem
session         = 300 seconds
stack           = 65536 bytes
sslVersion      = all
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

Answer 1

出现令人困惑的错误消息nil: No such file or directory (2)实际上是因为我们使用的木偶模块将字符串cert = nil等放置在配置文件中，这不是一个有效的替身配置。我已经提出了修复木偶模块这里的拉请求。