-
Type:
Problem report
-
Resolution: Unresolved
-
Priority:
Trivial
-
None
-
Affects Version/s: 7.0.22
-
Component/s: Agent2 (G)
-
None
Desctiption:
I encountered an issue with the MQTT plugin in Zabbix Agent 2 where enabling TLS with only TLSCAFile (for server authentication) causes an error.
The agent attempts to load the client certificate key pair (tls.LoadX509KeyPair) even if TLSCertFile and TLSKeyFile are not specified (empty), resulting in an "open : no such file or directory" error.
According to standard TLS usage and the documentation, providing a client certificate/key should not be mandatory when only Server Authentication is required.
Steps to reproduce:
- Configure zabbix_agent2.conf with MQTT plugin settings.
- Set Plugins.MQTT.Default.TLSCAFile to a valid CA certificate path.
- Leave Plugins.MQTT.Default.TLSCertFile and Plugins.MQTT.Default.TLSKeyFile empty (commented out).
- Restart Zabbix Agent 2.
Expected result: The plugin connects to the MQTT broker using TLS (Server Authentication) without requiring a client certificate.
Actual result: The agent fails to start or connect with the following error: failed to load key pair: open : no such file or directory
Analysis: It seems that the code attempts to call tls.LoadX509KeyPair when TLSCAFile is present, regardless of whether TLSCertFile/TLSKeyFile are set. The loading of the key pair should be conditional, checking if both Cert and Key parameters are provided.
