Skip to content

fix: add error handling on HTTP client errors #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
matlec wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: add error handling on HTTP client errors #167

matlec wants to merge 1 commit into from

Conversation

@matlec
Copy link

@matlec matlec commented Sep 9, 2025

When the HTTP client returns an error, it is not safe to access the response objectresp (e.g. when the server presents a certificate that the client does not trust) and the provider process will likely crash with a segfault exception.

@matlec
fix: add error handling on HTTP client errors
bb652b9 
When the HTTP client returns an error, it
is not safe to access the response object
`resp` (e.g. when the server presents a
certificate that the client does not trust)
and the provider process will likely crash
with a segfault exception.
eriknordmark
eriknordmark reviewed Sep 12, 2025
View reviewed changes
Copy link
Collaborator

@eriknordmark eriknordmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any idea why we don't see crashes die to this issue? Can we somehow force the http get to fail so we can exercise this error path before and after your fix?

@matlec
Copy link
Author

matlec commented Sep 15, 2025

Probably we didn't see this error earlier as any ZEDEDA control server that is exposed to the Internet presents a certificate that is signed by a public CA, hence typically trusted by clients. But there could also be other failure modes (e.g. if a user configures a ZedCloud URL with an invalid URL scheme) that lead to a crash of the provider.

Examples to reproduce the error:

# Example 1: connect to a server with an untrusted root certificate
export TF_VAR_zedcloud_url=https://untrusted-root.badssl.com
# Example 2: configure an invalid URL scheme for the server address
export TF_VAR_zedcloud_url=invalid://zedcontrol.zededa.net

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eriknordmark eriknordmark eriknordmark left review comments

@ikurakin-zededa ikurakin-zededa ikurakin-zededa approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matlec @eriknordmark @ikurakin-zededa