backport #1204 dird fix tls psk crendential not found#1208
Merged
pstorz merged 4 commits intobareos:bareos-21from Jul 25, 2022
Conversation
When creating a Job name, we do a truncation to add a suffix and make sure the string does not pass the 128 character limit. Later, during TLS-PSK authentication process, a prefix `R_JOB^` is added to the job name to create the identification key, and another truncation needs to happen in order to comply with OpenSSL1.1's 128 character limit for identity. This second truncation eats the last part of the Jobname containing our custom suffix, and thus creates problems. This issue does not show up with OpenSSL3, as the identity limit was changed to 256 characters. This commit then anticipates the extra 6 characters needed for the "R_JOB^" prefix added in the psk identity string.
- Test job with Name exceeding 104 char length so jobname got truncated while adding the 24 char suffix .2022-06-30_12:12:12_12 - This cause tls-psk authentification between fd and sd to failed with Fatal error: Connect failure: ERR=error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure Fatal error: Bad response to Storage command: wanted 2000 OK storage, got 2902 Bad storage Fatal error: Director's comm line to SD dropped. Signed-off-by: Bruno Friedmann <bruno.friedmann@bareos.com> (cherry picked from commit 2fd376d)
Signed-off-by: Bruno Friedmann <bruno.friedmann@bareos.com>
111d921 to
2d6bb2a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a backport of PR #1204 to bareos-21 including tests.
Please check
If you have any questions or problems, please give a comment in the PR.
Helpful documentation and best practices
Checklist for the reviewer of the PR (will be processed by the Bareos team)
General
Source code quality
bareos-check-sources --since-mergedoes not report any problemsgit statusshould not report modifications in the source tree after building and testingTests