Explore the latest product updates and best practices at our hybrid Checkmk Conference #12 from June 16-18, 2026 – Register here
back to website

Werk #19705: stunnel: Livestatus queries over TLS may return truncated responses

Component Livestatus
Title stunnel: Livestatus queries over TLS may return truncated responses
Date May 6, 2026
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.6.0b1
Not yet released 		Checkmk Pro, Checkmk Ultimate, Checkmk Cloud, Checkmk Ultimate MT
2.5.0p4 Checkmk Pro, Checkmk Ultimate, Checkmk Cloud, Checkmk Ultimate MT
2.4.0p30 Checkmk Pro, Checkmk Ultimate, Checkmk Cloud, Checkmk Ultimate MT

Livestatus queries sent over TLS (via stunnel) could return fewer lines than expected. The number of truncated lines varied between connections.

The root cause was a race condition in stunnel: when the Livestatus backend closed the connection after sending the data, the OS could signal the connection closure before signalling that data was ready to read. stunnel then closed its side without forwarding the remaining buffered data.

stunnel was updated to the latest version 5.78. A patch to stunnel is now included that ensures any buffered data is always flushed before the connection is closed. A pull request has been opened upstream: https://github.com/mtrojnar/stunnel/pull/23

To the list of all Werks