Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lscert | Error fetching certificates chain: connectex: An attempt was made to access a socket in a way forbidden by its access permissions #990

Open
atc0005 opened this issue Oct 16, 2024 · 2 comments
Open

lscert | Error fetching certificates chain: connectex: An attempt was made to access a socket in a way forbidden by its access permissions #990

atc0005 opened this issue Oct 16, 2024 · 2 comments
Assignees
@atc0005
Labels
app/lscert bug Something isn't working
Milestone
v0.27.0

Comments

@atc0005
Copy link
Owner

atc0005 commented Oct 16, 2024

Someone gave this lscert binary a try on a Windows 10 systems:

They attempted to run:

$ ./lscert-windows-amd64 host1.example.com

from a Cygwin console. They then repeated the attempt from an elevated Command prompt.

Same error:

github.com/atc0005/check-cert/cmd/lscert/main.go:200 > Error fetching certificates chain error="error connecting to server (host: host1.example.com, IP: W.X.Y.Z): dial tcp W.X.Y.Z:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions." age_critical=15 age_warning=30 app_type=inspector cert_check_timeout=10s filename= logging_level=info port=443 server=host1.example.com version="check-cert v0.19.0 (https://github.com/atc0005/check-cert)"

I typed this manually and attempted to sanitize the host details, so I could have introduced a typo somewhere.

I'll try to replicate on a Windows 10 system under different access restrictions.

I should note that this was executed on the host environment and not within VMware Workstation (or similar local hypervisors).
@atc0005 atc0005 added bug Something isn't working app/lscert labels Oct 16, 2024
@atc0005 atc0005 added this to the Future milestone Oct 16, 2024
@atc0005 atc0005 self-assigned this Oct 16, 2024
@atc0005
Copy link
Owner Author

atc0005 commented Oct 17, 2024

Everything I'm finding so far points to antivirus or other security software getting in the way. The consensus seems to be "check Windows firewall, then explicitly allow the app".

Samples:

@atc0005
Copy link
Owner Author

atc0005 commented Oct 17, 2024

It's probably worth doing (at least) two things:

  • expand the error/advice mapping used for Nagios plugins to specifically handle this scenario (WSAEACCES)
  • add explicit handling for this in this project with a focus on lscert, certsum and cpcert since those are the most likely tools to be used from a Windows system

@atc0005 atc0005 modified the milestones: Future, v0.21.0, v0.22.0, v0.23.0 Nov 15, 2024
@atc0005 atc0005 modified the milestones: v0.23.0, v0.24.0 Nov 23, 2024
@atc0005 atc0005 modified the milestones: v0.26.0, v0.27.0 Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
app/lscert bug Something isn't working
Projects
None yet
Milestone
v0.27.0
Development

No branches or pull requests
1 participant
@atc0005