Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-11531

SSL_ERROR_ZERO_RETURN in zbx_tls_read() is treated as error

XMLWordPrintable

      Generally speaking, it shouldn't be. It is possible that peer had sent all he/she wanted and closed socket for writing, but is still waiting for our response. At the moment we don't use such half-open connections anywhere in Zabbix so it is difficult to find an observable consequence of this bug. But I suggest that we change the behaviour before it becomes a real bug and gets attention from users. It is potentially a very subtle and difficult to track down issue.

      How to reproduce in trunk (around r64000):

      • compile server and agent with OpenSSL;
      • configure agent to accept both unencrypted and encrypted connections;
      • create a host and configure encryption for it;
      • configure a passive check with 2047 characters (or 2047 bytes in UTF-8 encoding, to be precise) in item key, you will need to use macros for this;
      • increase log level for agent's listeners;
      • switch "connections to host" setting back and forth between unencrypted and encrypted and observe agent's log file.

      Due to ZBX-10191 agent will hang when accepting server request of 2048 bytes (2047 key bytes + '\n'). Server will close connection after timeout. Agent's zbx_tls/tcp_read() will finally return, but the error message will be different for encrypted and unencrypted connections.

      Without encryption:

       14438:20161125:150405.370 __zbx_zbx_setproctitle() title:'listener #2 [processing request]'
 14438:20161125:150408.370 Process listener error: ZBX_TCP_READ() timed out
 14438:20161125:150408.370 __zbx_zbx_setproctitle() title:'listener #2 [waiting for connection]'

      With encryption:

       14439:20161125:145543.503 __zbx_zbx_setproctitle() title:'listener #3 [waiting for connection]'
 14439:20161125:145558.891 In zbx_tls_accept()
 14439:20161125:145558.892 zbx_psk_server_cb() requested PSK identity "sender"
 14439:20161125:145558.892 End of zbx_tls_accept():SUCCEED (established TLSv1.2 PSK-AES128-CBC-SHA)
 14439:20161125:145558.892 __zbx_zbx_setproctitle() title:'listener #3 [processing request]'
 14439:20161125:145601.891 Process listener error: connection closed during read
 14439:20161125:145601.892 __zbx_zbx_setproctitle() title:'listener #3 [waiting for connection]'

            Unassigned Unassigned
            glebs.ivanovskis Glebs Ivanovskis (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: