Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-11761

PSK error should report attempted+supported keys

    Details

    • Team:
      Team A
    • Sprint:
      Sprint 47, Dec 2018, Sprint 48, Jan 2019
    • Story Points:
      0.5

      Description

      I have configured a bunch of zabbix agents, I work from a template, and once in a while I mess up the template, specifically I ended up with:

      TLSPSKIdentity=PSK 036# to match PSK identity below

      instead of:

      TLSPSKIdentity=PSK 036

      Agent passive error:

      24945:20170130:172308.495 failed to accept an incoming connection: from REMOTEIP: TLS handshake returned error code 1: file s3_srvr.c line 2764: error:1408B0DF:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:psk identity not found: TLS write fatal alert "unknown PSK identity"
      

      Agent active error:

      24946:20170130:171002.125 active check configuration update from [REMOTEHOST:10051] started to fail (TCP successful, cannot establish TLS to [[REMOTEHOST]:10051]: SSL_connect() returned SSL_ERROR_SSL: file s3_pkt.c line 1259: error:1409445B:SSL routines:SSL3_READ_BYTES:reason(1115): SSL alert number 115: TLS read fatal alert "unknown PSK identity")
      

      Server passive error:

      32399:20170130:193807.212 failed to accept an incoming connection: from REMOTEIP: TLS handshake returned error code 1: file s3_srvr.c line 2803: error:1408B0DF:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:psk identity not found: TLS write fatal alert "unknown PSK identity"
      

      Server active reporting:

      32396:20170130:191005.393 temporarily disabling Zabbix agent checks on host "HOSTNAME": host unavailable
      

      I'm pretty sure that with some effort zabbix can report the name of the PSK being provided and the name of the PSK that's supported.

      Doing that would vastly improve the UX for this.

      Also, I don't see why the Server-active case doesn't ever log the PSK failing specifically, the lack of symmetry seems odd.

        Attachments

          Activity

            People

            • Assignee:
              ak Andrejs Kozlovs
              Reporter:
              jsoref Josh Soref
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: