[ZBX-11761] PSK error should report attempted+supported keys Created: 2017 Jan 31 Updated: 2019 Jan 28 Resolved: 2019 Jan 28 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Agent (G), Server (S) |
Affects Version/s: | None |
Fix Version/s: | 3.0.25rc1, 4.0.4rc1, 4.2.0alpha3, 4.2 (plan) |
Type: | Problem report | Priority: | Trivial |
Reporter: | Josh Soref | Assignee: | Andrejs Kozlovs |
Resolution: | Fixed | Votes: | 1 |
Labels: | usability | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Team: | Team A |
Sprint: | Sprint 47, Dec 2018, Sprint 48, Jan 2019 |
Story Points: | 0.5 |
Description |
I have configured a bunch of zabbix agents, I work from a template, and once in a while I mess up the template, specifically I ended up with:
instead of:
Agent passive error:
24945:20170130:172308.495 failed to accept an incoming connection: from REMOTEIP: TLS handshake returned error code 1: file s3_srvr.c line 2764: error:1408B0DF:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:psk identity not found: TLS write fatal alert "unknown PSK identity"
Agent active error:
24946:20170130:171002.125 active check configuration update from [REMOTEHOST:10051] started to fail (TCP successful, cannot establish TLS to [[REMOTEHOST]:10051]: SSL_connect() returned SSL_ERROR_SSL: file s3_pkt.c line 1259: error:1409445B:SSL routines:SSL3_READ_BYTES:reason(1115): SSL alert number 115: TLS read fatal alert "unknown PSK identity")
Server passive error:
32399:20170130:193807.212 failed to accept an incoming connection: from REMOTEIP: TLS handshake returned error code 1: file s3_srvr.c line 2803: error:1408B0DF:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:psk identity not found: TLS write fatal alert "unknown PSK identity"
Server active reporting:
32396:20170130:191005.393 temporarily disabling Zabbix agent checks on host "HOSTNAME": host unavailable
I'm pretty sure that with some effort zabbix can report the name of the PSK being provided and the name of the PSK that's supported. Doing that would vastly improve the UX for this. Also, I don't see why the Server-active case doesn't ever log the PSK failing specifically, the lack of symmetry seems odd. |
Comments |
Comment by Glebs Ivanovskis (Inactive) [ 2017 Feb 07 ] |
The error which is missing in the log file must be present in the frontend next to failed item in Configuration -> Hosts. |
Comment by Josh Soref [ 2017 Feb 07 ] |
I'm pretty sure it is. But it's pretty odd that 1/4 is only available in that other location. And please note, that's more of an aside, it isn't the key point of the ticket (I don't even need help sorting out my PSKs, they're fixed). |
Comment by Andrejs Kozlovs [ 2019 Jan 22 ] |
Fixed in:
|