Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZWEAM511E message is misleading #1871

Closed
CarsonCook opened this issue Oct 29, 2021 · 1 comment
Closed

ZWEAM511E message is misleading #1871

CarsonCook opened this issue Oct 29, 2021 · 1 comment
Assignees
@CarsonCook
Labels
bug Verified defect in functionality Priority: High

Comments

@CarsonCook
Copy link
Contributor

Describe the bug
The ZWEAM511E message says certificates aren't trusted, but this is inaccurate. For example,

"messageNumber": "ZWEAM511E",
    "messageContent": "The certificate of the service accessed using URL '/zss/api/v1/unixfile/contents/%2Fu%2F/carson' is not trusted by the API Gateway: java.net.SocketException: Connection reset",

was logged, when the issue was actually around a configured IP address. This message is also logged when certificate validation is turned off, which makes no sense.

Steps to Reproduce

  1. Start Zowe with certificates not being verified and ZWED_agent_http_ipAddresses=0.0.0.0 -> http instead of https will mislead ZSS
  2. Run a request via APIML that goes to ZSS
  3. See the error message that the certificate isn't trusted

Expected behavior
A message that isn't misleading, ideally it can point to specific details, but the nature of this type of error is it's going to be various problems.

https://github.com/zowe/api-layer/wiki/Issue-management
@CarsonCook CarsonCook added bug Verified defect in functionality new New issue that has not been worked on yet labels Oct 29, 2021
@balhar-jakub balhar-jakub added clarification Issue is being clarified in the discussion with the creator of the issue and removed new New issue that has not been worked on yet labels Nov 24, 2021
@CarsonCook
Copy link
Contributor Author

CarsonCook commented Dec 6, 2021
edited
Loading

This message is returned when an SSLException is thrown. There can be a variety of causes, making it difficult to capture a good error message. Some options:

  1. Look in the thrown exception message for text indicating different types of problems that can cause SSLException to be thrown. This may be brittle and flaky, and would still require a generic message if none of the hardcoded checks are found.

  2. Change the error message to a generic message that there's an SSL error. This won't mislead anyone, but also won't help anyone.

  3. Add potential causes to the error message itself (it already lists two possible causes). This is essentially option 1, but easier to maintain as it doesn't involve java code changes.

  4. Potentially in addition to other options, add to the error message an indication of how to view the actual error message as the thrown exception message is logged in debug mode.

  5. Potentially in addition to other options, add debug logging to indicate the state of the GW - e.g. if certs are being validated (indicating cert trust is not an issue)

@CarsonCook CarsonCook self-assigned this Dec 6, 2021
@anton-brezina anton-brezina removed the clarification Issue is being clarified in the discussion with the creator of the issue label Dec 13, 2021
@CarsonCook CarsonCook self-assigned this Jan 4, 2022
@CarsonCook CarsonCook mentioned this issue Jan 4, 2022
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CarsonCook CarsonCook

Labels
bug Verified defect in functionality Priority: High
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@balhar-jakub @CarsonCook @anton-brezina