Team A
[ZBX-16264] Proxy doesn't require TLSAccept Created: 2019 Jun 14 Updated: 2024 Apr 10 Resolved: 2019 Jul 07 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Proxy (P) |
| Affects Version/s: | 4.0.9 |
| Fix Version/s: | 4.4 (plan) |
| Type: | Documentation task | Priority: | Trivial |
| Reporter: | Pascal Uhlmann | Assignee: | Andrejs Kozlovs |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | proxy, tls, tls_accept, tls_connect | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Ubuntu 18.04.2 LTS |
||
| Team: | Team A |
| Sprint: | Sprint 53 (Jun 2019), Sprint 54 (Jul 2019) |
| Story Points: | 0 |
| Description |
|
According to the documentation the configuration parameter TLSAccept is mandatory "if TLS certificate or PSK parameters are defined". But in fact the proxy also works without setting this parameter. In contrast the agent fails to start if TLSAccept is missing. The relevant proxy configuration parameters are set as follows: ProxyMode=0 So if it really needs to be set the proxy should behave like the agent and refuse to start. Otherwise the documentation should be corrected. |
| Comments |
| Comment by Andrejs Sitals (Inactive) [ 2019 Jun 14 ] |
|
Documentation says that TLSAccept is "Used for a passive proxy, ignored on an active proxy." In your case proxy is in active mode (ProxyMode=0). |
| Comment by Pascal Uhlmann [ 2019 Jun 14 ] |
|
OK, that makes sense. But anyway I'd suggest to clarify the documentation of TLSAccept and TLSConnect. For example it could be changed to the following: TLSAccept: yes for passive proxy, if TLS certificate or PSK parameters are defined (even for unencrypted connection), otherwise no |
| Comment by Andrejs Kozlovs [ 2019 Jun 19 ] |
|
Agree, "Mandatory" field should be updated accordingly for TLSAccept and TLSConnect . "Description" field dos not give full understanding about those parameters mandatory. |