ziti-sdk-c
ziti-sdk-c copied to clipboard
openziti
Smoketest fails with crypto error
Logs attached.
Example run:
ubuntu@ip-10-0-0-234:~$ curl -k --header "Host: ziti-smoketest-files.s3-us-west-1.amazonaws.com" --fail-early --fail-with-body -SL -o afb12cc2-86a0-40e9-aedd-f9b24d401fa3 https://files-zet.s3-us-west-1.amazonaws.ziti/1KB.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (7) Failed to connect to files-zet.s3-us-west-1.amazonaws.ziti port 443 after 104 ms: Connection refused
Client side shows crypto error:
ubuntu@ip-10-0-0-234:~$ tail -f logs/ziti-edge-tunnel-client.log | grep crypto
(28525)[ 872.950] ERROR ziti-sdk:connect.c:724 establish_crypto() conn[0.9/Lm5YQ-04/Connecting] failed to establish encryption: crypto error
(28525)[ 872.950] ERROR tunnel-cbs:ziti_tunnel_cbs.c:103 on_ziti_connect() ziti dial failed: crypto failure
(28525)[ 874.379] ERROR ziti-sdk:connect.c:724 establish_crypto() conn[0.10/WESXB5wi/Connecting] failed to establish encryption: crypto error
(28525)[ 874.379] ERROR tunnel-cbs:ziti_tunnel_cbs.c:103 on_ziti_connect() ziti dial failed: crypto failure
(28525)[ 874.897] ERROR ziti-sdk:connect.c:724 establish_crypto() conn[0.11/C7s1Iis6/Connecting] failed to establish encryption: crypto error
(28525)[ 874.897] ERROR tunnel-cbs:ziti_tunnel_cbs.c:103 on_ziti_connect() ziti dial failed: crypto failure
hosting side doesn't show error:
(22638)[ 256.586] DEBUG tunnel-cbs:ziti_hosting.c:635 on_hosted_client_connect_resolved() hosted_service[zet-files], client[ziti-edge-tunnel-client] client_src_addr[tcp:100.64.0.1:50442]: getaddrinfo(tcp:ziti-smoketest-files.s3-us-west-1.amazonaws.com:443) returned multiple results; using first
(22638)[ 256.586] DEBUG tunnel-cbs:ziti_hosting.c:650 on_hosted_client_connect_resolved() hosted_service[zet-files] client[ziti-edge-tunnel-client] client_src_addr[tcp:100.64.0.1:50442] initiating connection to tcp:3.5.160.24:443
(22638)[ 256.607] DEBUG tunnel-cbs:ziti_hosting.c:228 on_hosted_tcp_server_connect_complete() hosted_service[zet-files], client[ziti-edge-tunnel-client] client_src_addr[tcp:100.64.0.1:50442]: connected to server tcp:3.5.160.24:443
(22638)[ 256.607] DEBUG ziti-sdk:channel.c:246 ziti_channel_add_receiver() ch[0] added receiver[11]
(22638)[ 256.608] DEBUG tunnel-cbs:ziti_hosting.c:187 on_hosted_client_connect_complete() hosted_service[zet-files] client[ziti-edge-tunnel-client] client_src_addr[tcp:100.64.0.1:50442] local_addr[10.0.0.217:59438] fd[18] server[tcp:3.5.160.24:443] connected 16
(22638)[ 256.608] DEBUG ziti-sdk:conn_bridge.c:98 ziti_conn_bridge() br[0.11] connected
[logs.tar.gz](https://github.com/openziti/ziti-sdk-c/files/15098458/logs.tar.gz)
this seem like the bug fixed in #636. make sure we use fixed tunneler version in smoke test
I don't recall which version of zet was in use when this occurred. Based on commits to smoketest.go it could have been either zet 0.22.25 (csdk 0.36.7, which did not contain #636) or zet 0.22.28 (csdk 0.36.10, which did contain #636).
@plorenz do you remember the zet version that was in play?
(28525)[ 0.000] INFO ziti-sdk:utils.c:170 ziti_log_init() Ziti C SDK version 0.36.9 @d336721(HEAD) starting at (2024-04-24T17:28:13.803)
Thought I had attached the logs, but I hadn't. From the logs ^^
Hmm. The only zet version that used csdk 0.36.9 was zet 0.22.26 (and .27, which was only pre-release). Perhaps the smoketest was using a custom kit when this issue came up?
In any case #636 debuted in ziti-sdk-c 0.36.9, so whatever happened during this smoke test was not fixed by #636.