Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicate entries for servers with certs and CA with x509_cert #4903

Closed
adrianlzt opened this issue Oct 22, 2018 · 1 comment
Closed

Duplicate entries for servers with certs and CA with x509_cert #4903

adrianlzt opened this issue Oct 22, 2018 · 1 comment
Milestone
1.8.3

Comments

@adrianlzt
Copy link
Contributor

Relevant telegraf.conf:

[[inputs.x509_cert]]
  sources = ["https://google.es:443"]
  insecure_skip_verify = true

System info:

Telegraf 1.8.2 (git: HEAD 996a91f)

Steps to reproduce:

  1. telegraf/telegraf -config test.conf -test

Expected behavior:

Some tag to distinguish between the cert of the server and the CAs

Actual behavior:

Same tags for two different certs

> x509_cert,host=archer,source=https://google.es:443 age=1778537i,enddate=1545722940i,expiry=5479062i,startdate=1538465340i 1540243877000000000
> x509_cert,host=archer,source=https://google.es:443 age=42759035i,enddate=1639526442i,expiry=99282564i,startdate=1497484842i 1540243877000000000

Additional info:

We can see the two certs with, for example, gnut-tls:

- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=*.google.es,O=Google LLC,L=Mountain View,ST=California,C=US', issuer `CN=Google Internet Authority G3,O=Google Trust Services,C=US', serial 0x359fc6504265b421, RSA key 2048 bits, signed using RSA-SHA256, activated `2018-10-02 07:29:00 UTC', expires `2018-12-25 07:29:00 UTC', pin-sha256="DbEsCd/bn9gwI2cMqQ0BElz8wjP5WXjX7fuZs1JJf/8="

- Certificate[1] info:
 - subject `CN=Google Internet Authority G3,O=Google Trust Services,C=US', issuer `CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2', serial 0x01e3a9301cfc7206383f9a531d, RSA key 2048 bits, signed using RSA-SHA256, activated `2017-06-15 00:00:42 UTC', expires `2021-12-15 00:00:42 UTC', pin-sha256="f8NnEFZxQ4ExFOhSN7EiFWtiudZQVD2oY60uauV/n78="
@danielnelson
Copy link
Contributor

I think this will be fixed in 1.8.3 by #4873. Here is the output from the release-1.8 branch:

> x509_cert,common_name=*.google.es,country=US,locality=Mountain\ View,organization=Google\ LLC,province=California,source=https://google.es:443 age=1779598i,enddate=1545722940i,expiry=5478001i,startdate=1538465340i 1540244939000000000
> x509_cert,common_name=Google\ Internet\ Authority\ G3,country=US,organization=Google\ Trust\ Services,source=https://google.es:443 age=42760096i,enddate=1639526442i,expiry=99281503i,startdate=1497484842i 1540244939000000000

@danielnelson danielnelson added this to the 1.8.3 milestone Oct 22, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.8.3
Development

No branches or pull requests
2 participants
@danielnelson @adrianlzt