search

openziti / edge

Application-embedded connectivity and zero-trust components
Apache License 2.0
75 stars 19 forks source link

Using 'edge_transport' binding on non-encrypted service leads to Dial failure #349

Closed rentallect closed 3 years ago

rentallect commented 3 years ago

If you create a service that has encryptionRequired:false, and then create a terminator and Include "binding" : "edge_transport" in the POST payload given to the /terminators endpoint, the terminator is created, but it will lead to a down-stream Dial failure when the SDK client attempts to connect to the service.

Here is an example error seen in smoketest:

{
    "file": "/home/travis/gopath/pkg/mod/github.com/openziti/edge@v0.16.35/tunnel/tunnel.go:31",
    "func": "github.com/openziti/edge/tunnel.DialAndRun",
    "level": "error",
    "msg": "zt.Dial(ziti_smoketest_files) failed: unable to dial service 'ziti_smoketest_files' (attempt to use closed connection: error creating route for [s/xyPp] (error preparing e2e crypto: failed key exchange: bad point length: 0, expected 32))",
    "time": "2020-10-14T17:09:20Z"
}
andrewpmartinez commented 3 years ago

Looking at the code in edge/router/xgres_edge_transport/dialer.go it appears this might be caused by a client/edgeRouter sending in a PublicKeyHeader with no value. If the header was omitted there wouldn't be an issue.