Bug 1333885 - client ID should logged when SSL connection fails
Summary: client ID should logged when SSL connection fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: core
Version: rhgs-3.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: RHGS 3.2.0
Assignee: Mohit Agrawal
QA Contact: Byreddy
URL:
Whiteboard:
Depends On:
Blocks: 1333912 1333913 1333914 1351515 1351530 1351878 1353429 1380275 1383879 1383882
TreeView+ depends on / blocked
 
Reported: 2016-05-06 14:40 UTC by Raghavendra Bhat
Modified: 2017-03-23 05:30 UTC (History)
7 users (show)

Fixed In Version: glusterfs-3.8.4-3
Doc Type: Bug Fix
Doc Text:
When a client attempted to connect using SSL and the connection failed, the client identifier was not part of the log message. The client identifier is now included in the log message to make it easier to determine which client was attempting to connect.
Clone Of:
: 1333912 1333913 1333914 1380275 1383879 1383882 (view as bug list)
Environment:
Last Closed: 2017-03-23 05:30:05 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0486 normal SHIPPED_LIVE Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update 2017-03-23 09:18:45 UTC

Description Raghavendra Bhat 2016-05-06 14:40:15 UTC
Description of problem:

when a client tries to connect using SSl, and the connection fails, the client identifier (either IP address or the hostname) should be logged to help identify which client was attempting the connect.

[2016-04-04 13:06:57.982869] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:06:57.983084] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-04-04 13:06:57.983276] E [socket.c:2388:socket_poller] 0-socket.management: server setup failed
[2016-04-04 13:07:00.987987] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:07:00.988203] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

In the above logs ssl_setup_connection does not log the client identifier.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Atin Mukherjee 2016-07-01 05:34:35 UTC
Upstream patch http://review.gluster.org/14242 is now merged.

Comment 4 Atin Mukherjee 2016-09-17 12:04:29 UTC
Upstream mainline : http://review.gluster.org/14242
Upstream 3.8 : http://review.gluster.org/14845

And the fix is available in rhgs-3.2.0 as part of rebase to GlusterFS 3.8.4.

Comment 7 Byreddy 2016-09-28 06:37:26 UTC
Client ID is not printing  when SSL connection is failed.

I am getting the below errors when SSL connection is failed with out Client ID:


<GLUSTERD_LOG_START>

[2016-09-28 06:29:16.490558] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:29:16.490703] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:29:16.490747] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed


[2016-09-28 06:30:03.726466] E [socket.c:2527:socket_poller] 0-socket.management: poll error on socket
[2016-09-28 06:30:28.076039] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:30:28.076197] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:30:28.076250] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed

</GLUSTERD_LOG_END>

One more thing, Client ID is not printing for the successful SSL CONNECTION as well

getting below message,

[2016-09-28 06:09:24.279862] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: )

Moving back to Assigned state.

Comment 8 Atin Mukherjee 2016-10-03 04:34:50 UTC
Upstream patch http://review.gluster.org/15596 posted for review.

Comment 9 Atin Mukherjee 2016-10-12 12:11:44 UTC
Upstream mainline : http://review.gluster.org/15596
Upstream 3.8 : http://review.gluster.org/15624
Downstream patch : https://code.engineering.redhat.com/gerrit/#/c/86906/

All the patches are merged now. We should be able to move this bug for reverification once the next build is in place.

Comment 10 Milind Changire 2016-10-25 04:36:09 UTC
added BZ to erratum: https://errata.devel.redhat.com/advisory/24866
moving to ON_QA

Comment 11 Byreddy 2016-10-28 07:20:59 UTC
Verified this bug using the build - 3.8.4-3.

I am seeing the SSL connection error with client ID in the glusterd log when client failed to mount the volume.

[2016-10-28 07:00:04.434145] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: CLIENT_IP:1023)
[2016-10-28 07:00:04.434305] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-10-28 07:00:04.434349] E [socket.c:2436:socket_poller] 0-socket.management: server setup failed


Moving to verified state.

Comment 15 errata-xmlrpc 2017-03-23 05:30:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0486.html


Note You need to log in before you can comment on or make changes to this bug.