Ok so this is the log that i see in icinga debug log under /var/log/icinga2
This is for a successful curl command. After i do CTRL+C there is the 3rd line which says HTTP client disconnected, which is fine
[2020-12-09 20:35:14 +0530] information/ApiListener: New client connection from [15.122.63.12]:41697 (no client certificate)
[2020-12-09 20:35:14 +0530] information/HttpServerConnection: Request: POST /v1/events?queue=america&types=CheckResult (from [15.122.63.12]:41697), user: root, agent: curl/7.29.0).
[2020-12-09 20:35:35 +0530] information/HttpServerConnection: HTTP client disconnected (from [15.122.63.12]:41697)
This is the log when i enable the SSL verification in Postman which is equivalent to curl without -k option
[2020-12-09 22:17:19 +0530] information/ApiListener: New client connection from [15.122.78.39]:56708 (no client certificate)
[2020-12-09 22:17:19 +0530] information/ApiListener: No data received on new API connection from [15.122.78.39]:56708. Ensure that the remote endpoints are properly configured in a cluster setup.
The below is the error in the icinga log when i do Curl without -k option
[2020-12-09 20:36:02 +0530] critical/ApiListener: Client TLS handshake failed (from [15.122.63.12]:43015): tlsv1 alert unknown ca
This is the icinga log for the connection from java client
[2020-12-09 20:47:00 +0530] information/ApiListener: New client connection from [15.114.90.247]:58202 (no client certificate)
[2020-12-09 20:47:01 +0530] information/HttpServerConnection: Request: POST /v1/events?queue=opscx&types=StateChange (from [15.114.90.247]:58202), user: root, agent: Apache-HttpClient/4.5.3 (Java/1.8.0_172)).
There is no TLS or SSL certificate error. But still there is no response in the stream and the application times out. Similar to what happens with postman.
There error with client cert verification seems to be different because it says handshake failed clearly.
This is very much confusing. Without any error in the Icinga side, why is it not able to send any data to the stream to java client and postman ?
There should ideally be a Handshake error or certificate error that should be thrown from the icinga api server but strangely it just accepts the request but does not send a data to the stream. This looks like an issue from the icinga side, doesn’t it ?
So when i don’t use -k option in the curl, it does not hang or timeout. It gives a reasonable error related to certificate. And with Postman, if i enable SSL verification, there is an error, but icinga shows a different log unlike for Curl, as seen above. And in postman, if i disable SSL verification, i receive 200OK from the server, but the response hangs, there is no data. When server is sending 200OK, then it must be sending data too, isn’t it ?
And with the same Postman and same Java client, i get the data for another api call
https://XXXX.net:5665/v1/objects/hosts?attrs=name
I get 200OK and the data immediately. In the java client as well. It is only with the event stream i see this problem.