From 470e5cc036a99b7403ee4c7ce01ea1f3470b32b8 Mon Sep 17 00:00:00 2001
From: Christian Stein <cstein@netways.de>
Date: Fri, 27 Mar 2020 16:43:18 +0100
Subject: [PATCH] Adds error handling for SSLStreams and adds eventlog
 pre-defined messages

---
 lib/core/logging/Icinga_EventLog_Enums.psm1 | 12 ++++++++++++
 lib/web/New-IcingaSSLStream.psm1            |  9 +++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/lib/core/logging/Icinga_EventLog_Enums.psm1 b/lib/core/logging/Icinga_EventLog_Enums.psm1
index 2b9c9e5..2eae150 100644
--- a/lib/core/logging/Icinga_EventLog_Enums.psm1
+++ b/lib/core/logging/Icinga_EventLog_Enums.psm1
@@ -13,6 +13,18 @@
             'Details'   = 'The Framework or is components can issue generic debug message in case the debug log is enabled. Please ensure to disable it, if not used. You can do so with the command "Disable-IcingaFrameworkDebugMode"';
             'EventId'   = 1000;
         };
+        1500 = @{
+            'EntryType' = 'Error';
+            'Message'   = 'Failed to securely establish a communiation between this server and the client';
+            'Details'   = 'The client connection could not be established between this server. This issue is mostly caused by using Self-Signed/Icinga 2 Agent certificates for the server and the client not trusting the certificate. To resolve this issue, either use trusted certificates signed by your trusted CA or setup the client to accept untrusted certificates';
+            'EventId'   = 1500;
+        };
+        1501 = @{
+            'EntryType' = 'Error';
+            'Message'   = 'Client connection was interrupted because of invalid SSL stream';
+            'Details'   = 'A client connection was terminated by the Framework because no secure SSL handshake could be established. This issue in general is followed by EventId 1500.';
+            'EventId'   = 1501;
+        };
     }
 };
 
diff --git a/lib/web/New-IcingaSSLStream.psm1 b/lib/web/New-IcingaSSLStream.psm1
index 556ac12..250566a 100644
--- a/lib/web/New-IcingaSSLStream.psm1
+++ b/lib/web/New-IcingaSSLStream.psm1
@@ -9,8 +9,13 @@ function New-IcingaSSLStream()
         return $null;
     }
 
-    $SSLStream = New-Object System.Net.Security.SslStream($Client.GetStream(), $false)
-    $SSLStream.AuthenticateAsServer($Certificate, $false, [System.Security.Authentication.SslProtocols]::Tls12, $true) | Out-Null;
+    try {
+        $SSLStream = New-Object System.Net.Security.SslStream($Client.GetStream(), $false)
+        $SSLStream.AuthenticateAsServer($Certificate, $false, [System.Security.Authentication.SslProtocols]::Tls12, $true) | Out-Null;
+    } catch {
+        Write-IcingaEventMessage -EventId 1500 -Namespace 'Framework' -Objects $Client.Client;
+        return $null;
+    }
 
     return $SSLStream;
 }