Type: Defect (Security)
Affects Version/s: 3.0.27
Sprint:Sprint 56 (Sep 2019), Sprint 55 (Aug 2019), Sprint 57 (Oct 2019)
Steps to reproduce:
- Configure zabbix_agentd.conf with TLS using certificate, for example:
- TLSServerCertIssuer=CN=Signing CA,OU=development,O=Zabbix,DC=zabbix,DC=com
- Configure host in frontend with TLS, Certificate.
- Run server and agent.
Agent does not notice that server certificate has the issuer and subject other than required by agent configuration (validation is broken).
Agent refuses to talk to server which has other certificate issuer/subject than configured in zabbix_agentd.conf.