-
Problem report
-
Resolution: Fixed
-
Trivial
-
None
-
Sprint 47, Dec 2018, Sprint 48, Jan 2019
-
0.5
I have configured a bunch of zabbix agents, I work from a template, and once in a while I mess up the template, specifically I ended up with:
TLSPSKIdentity=PSK 036# to match PSK identity below
instead of:
TLSPSKIdentity=PSK 036
Agent passive error:
24945:20170130:172308.495 failed to accept an incoming connection: from REMOTEIP: TLS handshake returned error code 1: file s3_srvr.c line 2764: error:1408B0DF:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:psk identity not found: TLS write fatal alert "unknown PSK identity"
Agent active error:
24946:20170130:171002.125 active check configuration update from [REMOTEHOST:10051] started to fail (TCP successful, cannot establish TLS to [[REMOTEHOST]:10051]: SSL_connect() returned SSL_ERROR_SSL: file s3_pkt.c line 1259: error:1409445B:SSL routines:SSL3_READ_BYTES:reason(1115): SSL alert number 115: TLS read fatal alert "unknown PSK identity")
Server passive error:
32399:20170130:193807.212 failed to accept an incoming connection: from REMOTEIP: TLS handshake returned error code 1: file s3_srvr.c line 2803: error:1408B0DF:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:psk identity not found: TLS write fatal alert "unknown PSK identity"
Server active reporting:
32396:20170130:191005.393 temporarily disabling Zabbix agent checks on host "HOSTNAME": host unavailable
I'm pretty sure that with some effort zabbix can report the name of the PSK being provided and the name of the PSK that's supported.
Doing that would vastly improve the UX for this.
Also, I don't see why the Server-active case doesn't ever log the PSK failing specifically, the lack of symmetry seems odd.
