Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inputs.x509_cert trims leading 0 for serial_number #16418

Open
atartareanu opened this issue Jan 21, 2025 · 0 comments · May be fixed by #16447
Open

inputs.x509_cert trims leading 0 for serial_number #16418

atartareanu opened this issue Jan 21, 2025 · 0 comments · May be fixed by #16447
Labels
bug unexpected problem or unintended behavior

Comments

@atartareanu
Copy link

Relevant telegraf.conf

[[inputs.x509_cert]]
  ## List certificate sources, support wildcard expands for files
  ## Prefix your entry with 'file://' if you intend to use relative paths
	sources = ["https://example.com:443"]

Logs from Telegraf

> x509_cert,common_name=*.example.com,country=US,host=EC2AMAZ-O9TGCGG,issuer_common_name=DigiCert\ Global\ G3\ TLS\ ECC\ SHA384\ 2020\ CA1,locality=Los\ Angeles,ocsp_stapled=yes,ocsp_status=good,ocsp_verified=yes,organization=Internet\ Corporation\ for\ Assigned\ Names\ and\ Numbers,province=California,public_key_algorithm=ECDSA,san=*.example.com\,example.com,serial_number=ad893bafa68b0b7fb7a404f06ecaf9a,signature_algorithm=ECDSA-SHA384,source=https://example.com:443,type=leaf,verification=valid age=578404i,enddate=1768521599i,expiry=31043994i,ocsp_next_update=1738013222i,ocsp_produced_at=1737412984i,ocsp_status_code=0i,ocsp_this_update=1737412022i,startdate=1736899200i,verification_code=0i 1737477606000000000

System info

Telegraf 1.33.1 (git: HEAD@44f3a504)

Docker

As you can see, the serial number for the certificate is
serial_number=ad893bafa68b0b7fb7a404f06ecaf9a
but the true certificate serial is
0AD893BAFA68B0B7FB7A404F06ECAF9A

Steps to reproduce

all the details are in the log, also the true serial number can be obtained with the command
openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -serial -noout
serial=0AD893BAFA68B0B7FB7A404F06ECAF9A

Expected behavior

the serial_number should be 0AD893BAFA68B0B7FB7A404F06ECAF9A

Actual behavior

the serial number is ad893bafa68b0b7fb7a404f06ecaf9a

Additional info

No response
@atartareanu atartareanu added the bug unexpected problem or unintended behavior label Jan 21, 2025
@DStrand1 DStrand1 linked a pull request Jan 29, 2025 that will close this issue
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug unexpected problem or unintended behavior
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(inputs.x509_cert): Add config to left-pad serial number to 128-bits DStrand1/telegraf
1 participant
@atartareanu