@qrkourier filed a ziti edge tunnel issue over at https://github.com/openziti/ziti-tunnel-sdk-c/issues/517 After investigation, we see the generate_csr function only returns 0, regardless of what happens in the function's openssl calls. There are numerous opportunities in that generate_csr for return openssl values to be checked which are not currently being checked.
It seems to have something to do with RedHat 9 since it is only observed when running a tunneler in RedHat 9 (not RedHat 8 or other environments).
Since this function always returns 0, when something openssl + RedHat 9 related goes wrong, the CSR is an empty string/uninitialize and thus the tunneler ends up sending an CSR to the controller.
qrkourier
commented
2 years ago
@qrkourier filed a ziti edge tunnel issue over at https://github.com/openziti/ziti-tunnel-sdk-c/issues/517 After investigation, we see the
generate_csrfunction only returns 0, regardless of what happens in the function's openssl calls. There are numerous opportunities in thatgenerate_csrfor return openssl values to be checked which are not currently being checked.It seems to have something to do with RedHat 9 since it is only observed when running a tunneler in RedHat 9 (not RedHat 8 or other environments).
Since this function always returns 0, when something openssl + RedHat 9 related goes wrong, the CSR is an empty string/uninitialize and thus the tunneler ends up sending an CSR to the controller.
Update the engine_openssl.c to return/log errors