juju login on unregistered controller fails with cert errors
Bug #1921557 reported by
Garry Lawrence
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Thomas Miller | ||
2.8 |
Fix Released
|
High
|
Thomas Miller |
Bug Description
Steps to reproduce:
Prepare to bootstrap on localhost cloud as usual.
Run bootstrap command, note controller IP address in output
Run juju change-
Run juju login [IP-ADDRESS]:17070 -c test_name --debug
This will prompt the user to decide whether they trust the CA fingerprint on 2.6.x and 2.7.x, debug output from 2.8.x is in an attachment.
Openssl s_client indicates that the CA certificate is not being sent by the controller as part of its cert chain during the TLS handshake.
description: | updated |
Changed in juju: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 2.9-rc9 |
assignee: | nobody → John A Meinel (jameinel) |
assignee: | John A Meinel (jameinel) → Thomas Miller (tlmiller) |
Changed in juju: | |
status: | Triaged → In Progress |
Changed in juju: | |
milestone: | 2.9-rc9 → 2.9-rc10 |
Changed in juju: | |
status: | In Progress → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I don't have a build chain for juju set up to test with yet so I can't test my theory, but I haven't found a replacement for the logic removed here: https:/ /github. com/juju/ juju/commit/ b406e62d560a19f fdf9159189d7586 6c5ce9a967# diff-42e98acd99 86b3325c2815635 3acadd15911a144 2a0018ebc04e7ec 42aea25e7L174- L180