Open qrkourier opened 1 year ago
❯ apport-unpack /var/crash/_opt_openziti_bin_ziti-edge-tunnel.1000.crash /tmp/crashpack
❯ gdb $(realpath $(which ziti-edge-tunnel)) -c /tmp/crashpack/CoreDump
GNU gdb (Ubuntu 12.1-0ubuntu1~22.04) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /opt/openziti/bin/ziti-edge-tunnel...
[New LWP 841720]
[New LWP 841722]
[New LWP 841721]
[New LWP 841723]
[New LWP 841724]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `ziti-edge-tunnel enroll --cert /home/kbingham/.config/ziti/environments/pki/mag'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
74 ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
[Current thread is 1 (Thread 0x7f95711eb740 (LWP 841720))]
(gdb)
(gdb) bt
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:74
#1 0x00005591a620719a in enroll_cb (er=0x5591a888d280, err=<optimized out>, enroll_ctx=0x5591a887fa00) at /github/workspace/build/_deps/ziti-sdk-c-src/library/ziti_enroll.c:250
#2 0x00005591a62088c0 in ctrl_default_cb (s=<optimized out>, e=<optimized out>, resp=0x5591a88811a0) at /github/workspace/build/_deps/ziti-sdk-c-src/library/ziti_ctrl.c:197
#3 0x00005591a6209a08 in ctrl_body_cb (req=0x5591a8881240, b=<optimized out>, len=<optimized out>) at /github/workspace/build/_deps/ziti-sdk-c-src/library/ziti_ctrl.c:369
#4 0x00005591a623e085 in http_message_cb (parser=<optimized out>) at /github/workspace/build/_deps/tlsuv-src/src/http_req.c:270
#5 0x00005591a624598a in llhttp.internal_execute ()
#6 0x00005591a623e2ef in http_req_process (req=req@entry=0x5591a8881240,
buf=0x5591a8899f80 "HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\nContent-Length: 42\r\nContent-Type: application/json\r\nServer: ziti-controller/v0.28.0\r\nZiti-Instance-Id: clilsmet700000d9r2huknzsu\r\nDate: Wed, 14 Jun 2023 20:55:"..., len=len@entry=252) at /github/workspace/build/_deps/tlsuv-src/src/http_req.c:77
#7 0x00005591a623c956 in http_read_cb (link=<optimized out>, nread=252, buf=0x7ffc9f877700) at /github/workspace/build/_deps/tlsuv-src/src/http.c:86
#8 0x00005591a6242bc2 in uv_link_propagate_read_cb (link=<optimized out>, nread=<optimized out>, buf=<optimized out>) at /github/workspace/build/_deps/tlsuv-src/deps/uv_link_t/src/uv_link_t.c:295
#9 0x00005591a623f630 in tls_read_cb (l=0x5591a8880e40, nread=<optimized out>, b=0x7ffc9f877700) at /github/workspace/build/_deps/tlsuv-src/src/tls_link.c:178
#10 0x00005591a6242bc2 in uv_link_propagate_read_cb (link=<optimized out>, nread=<optimized out>, buf=<optimized out>) at /github/workspace/build/_deps/tlsuv-src/deps/uv_link_t/src/uv_link_t.c:295
#11 0x00005591a625a61f in uv.read ()
#12 0x00005591a625af30 in uv.stream_io ()
#13 0x00005591a6262d1d in uv.io_poll ()
#14 0x00005591a6250046 in uv_run ()
#15 0x00005591a61f0a68 in enroll (argc=<optimized out>, argv=<optimized out>) at /github/workspace/programs/ziti-edge-tunnel/ziti-edge-tunnel.c:2185
#16 0x00005591a61ee3e0 in main (argc=12, argv=0x7ffc9f87ac18) at /github/workspace/programs/ziti-edge-tunnel/ziti-edge-tunnel.c:3198
❯ ziti edge list cas 'name="kentest magenta CA"' -j | jq
{
"data": [
{
"_links": {
"jwt": {
"href": "./cas/1Mh6VPNScwB6Adk8aKsS6N/jwt"
},
"self": {
"href": "./cas/1Mh6VPNScwB6Adk8aKsS6N"
}
},
"createdAt": "2023-06-14T20:50:09.895Z",
"id": "1Mh6VPNScwB6Adk8aKsS6N",
"tags": {},
"updatedAt": "2023-06-14T20:51:05.288Z",
"certPem": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIQEQG1pb7zuKbPhcE7i/+K1TANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzESMBAGA1UEBxMJQ2hhcmxvdHRlMRMwEQYDVQQKEwpOZXRG\nb3VuZHJ5MRAwDgYDVQQLEwdBRFYtREVWMRAwDgYDVQQDEwdtYWdlbnRhMB4XDTIz\nMDYxNDIwNDgwNFoXDTMzMDYxMTIwNDkwM1owWjELMAkGA1UEBhMCVVMxEjAQBgNV\nBAcTCUNoYXJsb3R0ZTETMBEGA1UEChMKTmV0Rm91bmRyeTEQMA4GA1UECxMHQURW\nLURFVjEQMA4GA1UEAxMHbWFnZW50YTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC\nAgoCggIBAOe1PyqxRmHRwoHdfBVf7AmhkP7gj9d4aG/LH7Gt6wOI8I/pEjOlFPyv\nuGoJQRFaiKZp8NPmI1YNry+bTlgZe9hy1hO398Kdr7w0KfU0ySkMo5vH3GiqIqt0\n201IUeekrN9JvF4r55G8XL5AcHXXeJrcEcs5j0VdRTcfHpk2XTAZzSBgi+4RH5lN\nos0Kwqa4eYJIwZA8ygj7c+xGJKtvK1ofPXlUB0Lbjxuo1ctC59JQIS3LG0EflTFO\nz710+sJkO/vA156oTNxADFcUkhVW13VzkhVGJ9k+9tP1jVdLsAflLysflFeTpdgF\nz/h5TRSwsOrJs4GdDhh23S+Po79fmNwqM/uKe82TLF3XL866ear2YY82JBdoYur7\nTITMSHWGQQ8XVRhQcYVX3s9tEl7NPAD3y0gDg7ltJcodjsFKMhOxTpp9qsZIlzVw\n7wnPs2Gv3nhLqFFR/81tS3NWeqBKArDoVyr/dumiNVPHz9brpqu8MGMguBlt/kdm\nAJRTIUPNpRsqCgsFHQJH3OjooE+r3tG7mEFPP9aatTPEMmdOwX9brZrpHopPAfRx\nF5mWmqqDP4X/n5amOQtLIt3HvDeSvsHFkcASywJgjXpOJ4CfFcMWVGjXhasWrlhK\nHVhbbhY8W5fXqQRmBjsNsUitb1kwFpMZax17qv5z91PGcPYn4xh3AgMBAAGjYzBh\nMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRKF5J/\n5O4DB3UdnRn6u4K9awONMjAfBgNVHSMEGDAWgBRKF5J/5O4DB3UdnRn6u4K9awON\nMjANBgkqhkiG9w0BAQsFAAOCAgEAYHdYVH0tk6PgYMnnceHZUMHD7blFYbvpX7Sf\nvRXEGTaDztlEj2ktds592nt21aUo4KiW8ueO8AvbNusI08kkhhzUtVdP69p0ImS0\nSn+rGEOJ3NEUVIBgUI8jwDkIapOhAbkN4S2z/2sCo+vQHYQsgLifOzhQ9U1DQ8aB\ne4ZKWRFR6EXngtPG33nv1ImJlvqXYUMLbYU0a4sflotaCSwhfo5TyfnARpIhlilZ\nCJh6RoSCZwcyPMHjRrAkjVWXdh7cbRqZxV8W/TsuPgv4TjWMxaZpb8mmI5ZbrioG\neiitOyWzANtMpWkCCd9Y8XtKfriD35GQqG00db2MCvFdp+a2HCA5V/lDQL3fPwmy\n3JCDto8aoFu5k6Q77skVgOM/NUyr4FMyAyzzN1BiqYh7srMCgPG7Keevg/Jtc0+m\n6oBJwsK1eahIk8kd4ixa40znlUPM9puqngzuF4rvyGBf+HsfmSaEJzYkmuyi4dx7\nF0IFkHSlMHIeHRNi5mirS5zszbosjwdv2l7GfDo4LKZeAZQqssQBTpV7WxDS3j3m\nm3W6FvSHr0zdZyLrmYR7QXWz/8vSLrgIWk0gIRpKnn4UfLaoR7ocCBAynmFbV0Hr\nUN+Cj0PNjFNgBO1Xj+8gbOg8Rw0yncJEdsPO1aGcwuja2zJW/0xilm38w3zILhng\nUy17T2w=\n-----END CERTIFICATE-----\n",
"fingerprint": "1a851410c3e2125b6b28d5aa48b209d63eea68a6",
"identityNameFormat": "[caName]-[commonName]",
"identityRoles": null,
"isAuthEnabled": true,
"isAutoCaEnrollmentEnabled": true,
"isOttCaEnrollmentEnabled": false,
"isVerified": true,
"name": "kentest magenta CA",
"verificationToken": "Jbc0GkWU0"
}
],
"meta": {
"filterableFields": [
"isVerified",
"isAutoCaEnrollmentEnabled",
"isOttCaEnrollmentEnabled",
"isAuthEnabled",
"createdAt",
"name",
"fingerprint",
"isSystem",
"verificationToken",
"id",
"updatedAt",
"tags"
],
"pagination": {
"limit": 10,
"offset": 0,
"totalCount": 1
}
}
}
❯ ziti edge list identities 'id="KwAfGkbB0"' -j | jq
{
"data": [
{
"_links": {
"auth-policies": {
"href": "./auth-policies/default"
},
"authenticators": {
"href": "./identities/KwAfGkbB0/authenticators"
},
"edge-router-policies": {
"href": "./identities/KwAfGkbB0/edge-router-policies"
},
"edge-routers": {
"href": "./identities/KwAfGkbB0/edge-routers"
},
"enrollments": {
"href": "./identities/KwAfGkbB0/enrollments"
},
"failed-service-requests": {
"href": "./identities/KwAfGkbB0/failed-service-requests"
},
"posture-data": {
"href": "./identities/KwAfGkbB0/posture-data"
},
"self": {
"href": "./identities/KwAfGkbB0"
},
"service-configs": {
"href": "./identities/KwAfGkbB0/service-configs"
},
"service-policies": {
"href": "./identities/KwAfGkbB0/service-policies"
},
"services": {
"href": "./identities/KwAfGkbB0/services"
}
},
"createdAt": "2023-06-14T20:55:47.961Z",
"id": "KwAfGkbB0",
"tags": {},
"updatedAt": "2023-06-14T20:55:47.961Z",
"appData": {},
"authPolicy": {
"_links": {
"self": {
"href": "./auth-policies/default"
}
},
"entity": "auth-policies",
"id": "default",
"name": "Default"
},
"authPolicyId": "default",
"authenticators": {
"cert": {
"fingerprint": "4c9fe2db45b95aa064aa2c9c6cee5f2d5d84501e",
"id": "ldJZGkbU0"
}
},
"defaultHostingCost": 0,
"defaultHostingPrecedence": "default",
"disabled": false,
"enrollment": {},
"envInfo": {},
"externalId": null,
"hasApiSession": false,
"hasEdgeRouterConnection": false,
"isAdmin": false,
"isDefaultAdmin": false,
"isMfaEnabled": false,
"name": "kentest magenta CA-kentest-client0",
"roleAttributes": null,
"sdkInfo": {},
"serviceHostingCosts": {},
"serviceHostingPrecedences": {},
"type": {
"_links": {
"self": {
"href": "./identity-types/Device"
}
},
"entity": "identity-types",
"id": "Device",
"name": "Device"
},
"typeId": "Device"
}
],
"meta": {
"filterableFields": [
"createdAt",
"tags",
"type",
"authPolicyId",
"id",
"updatedAt",
"isSystem",
"roleAttributes",
"name",
"externalId",
"isAdmin",
"isDefaultAdmin"
],
"pagination": {
"limit": 10,
"offset": 0,
"totalCount": 1
}
}
}
I confirmed the segfault recurs when the enroll --name
flag is not present.
I didn't have any problem enrolling with a third client cert with ziti edge enroll
, and I'm able to connect to services with the resulting identity JSON file.
I added and verified a CA enabled for auto-enroll. I issued a client cert from the external CA that I'd verified. I downloaded the verified CA's JWT. I attempted to enroll with latest
ziti-edge-tunnel
. The controller is 0.28.0. After enroll the identity exists but the output file is empty.Analysis of the reusable autoca token: