Sprint 56 (Sep 2019), Sprint 57 (Oct 2019)
If Zabbix server or proxy closes connection during TLS handshake then zabbix_sender may receive SIGPIPE signal.
Although there is a signal handler in data sending thread of zabbix_sender the SIGPIPE is not handled.
zabbix_sender returns 0 (success), but server/proxy has accepted no data at all.
This issue was noticed when working on support of LibreSSL and OpenSSL with no PSK.
Steps to reproduce: (Note: see a comment below for much simpler way to reproduce)
- Compile OpenSSL 1.1.1a with no PSK support.
- Compile Zabbix server to work with this special OpenSSL. As changes are not yet merged you need to take svn://svn.zabbix.com/branches/dev/ZBX-15552-30 branch which can handle OpenSSL with no PSK support.
- Run server with this special OpenSSL.
- Run standard zabbix_sender from a machine where zabbix_sender uses usual OpenSSL 1.1.1a (with PSK support enabled). Use connecting with PSK.
- Run zabbix_sender multiple times. Results are varying from time to time:
$ zabbix_sender -z 192.168.1.2 -s "host1" --tls-connect psk --tls-psk-identity=testid --tls-psk-file=/home/andris/zabbix_agentd.psk -k trapper_test -o abc Sending failed. Use option -vv for more detailed output. $ zabbix_sender -z 192.168.1.2 -s "host1" --tls-connect psk --tls-psk-identity=testid --tls-psk-file=/home/andris/zabbix_agentd.psk -k trapper_test -o abc sent: 1; skipped: 0; total: 1
zabbix_sender always reports error.
Could be OpenSSL-specific. It works as expected if zabbix sender uses GnuTLS 3.6.6. Also works if zabbix_sender sends to proxy which uses LibreSSL 2.8.2 (no PSK support).