it never prints out anything about the tls name mismatch
it never says where it is connecting, except for in the giant config dump. This is interesting because I came across this issue due to $VAULT_ADDR (silently) overriding the configuration file.
after the Ctrl-C it takes a full 30s (a whole context deadline exceeded interval) before Vault willingly dies.
Expected behavior
Some log messages like:
2022-02-22T15:21:33.957-0500 [ERROR] auth.handler: error authenticating: error="TLS Negotiation with https://example.com failed: the remote's server name 'example.com' does not match the configured tls_server_name 'totally-bogus.com'." backoff=1s
Environment:
Vault Server Version (retrieve with vault status): n/a (1.9.3)
Vault CLI Version (retrieve with vault version): Vault v1.9.3 (v1.9.3) (cgo)
Server Operating System/Architecture: x86_64 Linux / NixOS (but again, N/A)
Describe the bug
If I configure a Vault Agent to connect to a server but provide an invalid
tls_server_name
, the agent fails in a hard to diagnose way.To reproduce With the following configuration:
we get a reasonable error:
However we get no diagnostics if we add a mismatched
tls_server_name
directive. For example, with the following configuration:we get:
Some notes:
$VAULT_ADDR
(silently) overriding the configuration file.Expected behavior
Some log messages like:
Environment:
vault status
): n/a (1.9.3)vault version
): Vault v1.9.3 (v1.9.3) (cgo)Vault server configuration file(s):
Additional context n/a