间歇性云数据库连接失败,系统日志报告“CURL ERROR: error signaled by ssl ctx callback”

间歇性云数据库连接失败,系统日志报告“CURL ERROR: error signaled by ssl ctx callback”

15450
Created On 10/31/23 03:05 AM - Last Modified 12/19/23 05:19 AM


Symptom


  • 无法间歇性地连接到选定的云服务器(例如:serverlist2.urlcloud.paloaltonetworks.com)
  • 系统日志 (show log system) 指示 Curl 错误
info     url-fil    cloud-e 0  CLOUD ELECTION: serverlist2.urlcloud.paloaltonetworks.com IP: 10.x.x.253 was elected, measured alive test 83542.
high     url-fil    url-clo 0  CURL ERROR: error signaled by ssl ctx callback
  • Devsrv.log(较少的mp-log devsrv.log)也显示相同的错误
 +0000 Cloud serverlist3.urlcloud.paloaltonetworks.com
 +0000 URL HTTPS://serverlist3.urlcloud.paloaltonetworks.com:443/hello2 IP 10.x.x.253
 +0000 Source IP 10.y.y.226
 +0000 name lookup time 0.000022 second
 +0000 connect time 0.006282 second
 +0000 ssl connect time 0.000000 second
 +0000 total time 0.014606 second
 +0000 server certificate chain: 0 certinfo(s)
 +0000 curl error: error signaled by ssl ctx callback   
 +0000 fail to set thermite client cert in pandb ssl ctx, fallback to use old client cert   
 +0000 sending alive request msg with len 192
 +0000 CLOUD_ELECTION: in wait_t 0 secs.

Environment


  • 帕洛阿尔托防火墙
  • PAN-OS 10.1.10 或更低版本;10.2.5 或以下
  • URL 筛选


Cause


使用错误的证书尝试连接到 URL 云,这将被拒绝。

 

Resolution


  1. 此问题已在 PAN-OS 10.1.11、10.2.6、11.0.3 和 11.1.0 中的 PAN-216775 下得到解决。
  2. 升级 PAN-OS 将解决该问题。
  3. 如果需要解决方法,请联系 支持人员 并提及此知识文章。
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008VgmCAE&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language