Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API-server TLS is failing #17

Open
isido opened this issue Aug 19, 2019 · 1 comment
Open

API-server TLS is failing #17

isido opened this issue Aug 19, 2019 · 1 comment

Comments

@isido
Copy link

isido commented Aug 19, 2019

When I try to access API-server (initially with drone-map, but here with curl), I get the following error:

$ curl -v --insecure https://localhost:11013
* Expire in 0 ms for 6 (transfer 0x55b3d596fdd0)
* Expire in 1 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 1 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 1 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 1 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 1 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 1 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 1 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
* Expire in 0 ms for 1 (transfer 0x55b3d596fdd0)
*   Trying ::1...
* TCP_NODELAY set
* Expire in 150000 ms for 3 (transfer 0x55b3d596fdd0)
* Expire in 200 ms for 4 (transfer 0x55b3d596fdd0)
* Connected to localhost (::1) port 11013 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

This might be related to some changes in Caddy's TLS handling (there seem to be multiple issues and some disagreement on proper course to take, but maybe caddyserver/caddy#2356 and caddyserver/caddy#2438 are relevant to the issue?

Caddy version is:

$ sudo docker run -it lair-docker_caddy /usr/bin/caddy --version
Caddy v1.0.3 (h1:i9gRhBgvc5ifchwWtSe7pDpsdS9+Q0Rw9oYQmYUTw1w=)
@onefishblowfish
Copy link

I was having the same issue, and it seemed to be related to Caddy. I tried using other releases, and they had the same error, so instead I updated my Dockerfile to use the same version of Caddy that is mentioned in the Lair installation wiki. My commit can be seen here. I don't know if this is the best solution, but it is working with the older version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants