Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StrERROR: Problem with the local SSL certificate #256

Open
jason-i-vv opened this issue Nov 26, 2024 · 5 comments
Open

StrERROR: Problem with the local SSL certificate #256

jason-i-vv opened this issue Nov 26, 2024 · 5 comments
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@jason-i-vv
Copy link

test ./list_pod_bin failed ,because of SSL certificate,

this is my kube config:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EUXdNVEV3TlRNME1sb1hEVE0wTURNek1ERXdOVE0wTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFhCjVrY3k0d094bVhmcW1TZll0dEdIRjg5N3JOM0wrV2haRHRlbzQreEZNT1hEcnVGK0RGOUFqcFRodWVWVUttQ3IKUTFWb0svYS9Id0d3ZlMxQ2VwaXZoN1FRbGV2YXp6UkhVcW1JdUtwcW95akNJRjBOK3E3QU16alI1dVRmeVZiTQpjTjFRTmFwZm95RFZyYVN2UGtVcysvYmVQS0hFYTBiL1dXWDRhSjBudGhUQmdPNGwwSkk3b2hoY1FDWjV4OHhFClF5QlZjYnZnSksvU09rWkxKRTAxSHYyS3RGeWZGV3FycnVuR25WdEtreWR5ajZXMFZiaitJK0JNRk0wS056SUkKTkp6RlB4NDExNVhWMFJoWlE1WjBqRnRBNUdHaXU0UTM5RjdwRjNFSUl4azd1bDN6MDl0WXN6MFNZTUJCVFNIZAo1MHVlL0ZlaHp1MU1UM3UrdGNNQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZGUEVlenNYSmw0ekdQUitjYlpNZG0vRHBtUStNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBR01LYk5jN0k0d3pvZ3ZPaDI1RgpiK3dOUFRWRGFBTWJwVTZuWEhKcHdJVGgxNXRUVGdESzF1MWdmVmtvZXVMc2crc0NMaUN0SStjRGtEUEczZVdMCnhOYmo4MlQyZGgwVHF3cXM3RXpnOE5BRGh3WXJLcm8xbi9XMG1jQlBleTFmd3VlT0dLTUY2ZXoyMExkVjEwdVYKcnQ5bzFxQ0l3VlNhQUd6bVVzdXlSM3k1YU40eklWckxpbUVjT2RVdkVPWGtNa3NtYm9Bd053bnREUXZzSUVsRwpIN3dEOUJPdG05TlY2NnROb1RqNldCNC9DNktEMnhaalNWbzZiZ09Rdi8wS0oxRi9YcnpNODE0ak1oSkxMbFVPCnI4SkpTTVl4NHpzeWVoaGcrd3lySFVERTA0ZkVJcGFya1RXemNHSFJwN1k4MHN5VytDUi9hQnlQN1R6NFFFd2EKMlFvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://10.16.128.121:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    namespace: default
    user: mapping-admin
  name: mapping-admin@kubernetes
current-context: mapping-admin@kubernetes
kind: Config
users:
- name: mapping-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNNRENDQVJnQ0ZFLy9aUXZsaGxtRTNsSlVGMFA4SVR1c09JRTRNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NalF3TkRBeE1UQTFPREF6V2hjTk16UXdNek13TVRBMQpPREF6V2pBWU1SWXdGQVlEVlFRRERBMXRZWEJ3YVc1bkxXRmtiV2x1TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBCkE0R05BRENCaVFLQmdRRGI4ZXB4T3Q3YXdBZGU3RGVjTzlxdTVIdFJseEFaRldxQ1cxenZJWXJ4UDEwbmF1YXcKVHppVElxaXhHYndBNnpjYmoyQnl6WHBxR0NlWjNHbVJJUmtXeTVxVzg2eTUxcXZxbFpkZzRzbEpHWUpJWVozTwpwWVQyVjZtS0pPcms0S29POGtDZ3V0bjlaLzhGWDJRWmpid1RzeE5ydTI3WXB0bmw5VXRQcHR2MHZRSURBUUFCCk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ25Pa2Z6TDFVcEM5VUpXZzBiK3MvSVlFUVRqY2lxTjIvUnc4MzgKZ0QxOTU0cWFEOHNiaElObktHUGNDa1dzWkhUMHYwbk9MMXBKVlZxL1l5amRGK1k4dVJhbDdnVTY5OStuWlNKTApKTjYzWkFSMnhSTW45T3pnb0NxRThxU3BIWU5GY3ZlLzQ3aDJQbGtVYXNwVmkrTzFyRDJvZUtKaDRuOXBFRlo3ClBKZlhVZytFcktQamhGV1k0TjFVU0VSTnFrWEFVZWRnazE3b1dlanhTRldBSmgza05lK1RtQzY0b2xOVGdIbWIKT0lPREpaQmdUTzdUMERhbWxtTzhYNGRBTTg5L095NWRiSUl2cGxDZ2tyOXBINXZaZmQ3dU1NOEtRaE1KUGJiLwowTEwzc2t5bEdHWUUzU2k5M2VCM1R6WnR2bk5YQkF6THFHeE9EdG9Gb1VwT1l6ZHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNkd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Fd2dnSmRBZ0VBQW9HQkFOdng2bkU2M3RyQUIxN3MKTjV3NzJxN2tlMUdYRUJrVmFvSmJYTzhoaXZFL1hTZHE1ckJQT0pNaXFMRVp2QURyTnh1UFlITE5lbW9ZSjVuYwphWkVoR1JiTG1wYnpyTG5XcStxVmwyRGl5VWtaZ2toaG5jNmxoUFpYcVlvazZ1VGdxZzd5UUtDNjJmMW4vd1ZmClpCbU52Qk96RTJ1N2J0aW0yZVgxUzArbTIvUzlBZ01CQUFFQ2dZQVNsRHpaazc5L2V2a2thNC9IQXNkV1ByYXMKRGJhdVo4QzNna0EzY3YzcG94Q2JZOHhZMkZoUEZYNXFkMklLTWRSVjM2YW1DL1ZyUU44WGdDYnF1NEVDNDhsaQpWZVRPY3BKbXpTKzNkWDgwem4vYitUaEEzMzZudS82aEkzaERFRVNZL2wxZWEyRFN1aThuNFdnMXEycURKbGk2CmQ2WVlxa2hsTWRpT1BvQlpnUUpCQVByaGZSbHE0c0Y2YkQ3MVczZkx1dlIxV1k1N09La2xoeHZ5WEtuNThnMzgKak5zZmRmY1dRZEJoVEx4VTFEWktTQnlmRFhyN2ExaGpCdGdWemViYU5YOENRUURnYnRSV09qMlY1Tm9hWnAyWAowSytMcmI1UCt1ZkJOQy9ad2FzcDIrMzlQSjRScC9tSElRdTdDeUR2UTNtMHFWcFlmckJjaWxsUDVTTnpJNzdWCmgwdkRBa0VBencrUU9vdzNQc3lWenBpZXQ0N1ViTEwyQ1Z5MTlSVGVJRGkyTml2dWxaQ2RpTFM4bmdRbXFaL0UKdjZPYnluc2diVTd3eDFIKzFPSldZYjROUkwxUWJRSkJBTE9uWkNmbUZSaGhDa25wN0tyekxTS2xvTnRMSUt0aQp5QThLM2FYelhFM0RjVkQyNG1MT0RDTGM1SzlDbHpFTUE3c2xKcTNkUFdNY0xFVmx6c1FFdXBzQ1FIam91ZmpRCm1vUzdsR0VtTy9wUktJdUF3SmlOTnRHYThFRVJ2ZXhwQUVhRW5YcEVFSVladTV3c08yZkZxZmlXT3JmK0tJTFQKandNbWhsS1JkQTF6VENVPQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
@jason-i-vv
Copy link
Author

  • Trying 10.16.128.121:6443...
  • Connected to 10.16.128.121 (10.16.128.121) port 6443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • could not load PEM client certificate, OpenSSL error error:0A00018F:SSL routines::ee key too small, (no key found, wrong pass phrase, or wrong file format?)
  • Closing connection 0
    curl_easy_perform() failed

@ityuhui
Copy link
Member

ityuhui commented Nov 26, 2024

I tried in my env using kind, the client works.

Have you tried with kubectl commandline to fetch a pod ? e.g. kubectl get po -A

@jason-i-vv
Copy link
Author

yes,kubectl get po is ok . And i print some logs for debug.

./list_pod_bin
user->client_certificate_data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNNRENDQVJnQ0ZFLy9aUXZsaGxtRTNsSlVGMFA4SVR1c09JRTRNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NalF3TkRBeE1UQTFPREF6V2hjTk16UXdNek13TVRBMQpPREF6V2pBWU1SWXdGQVlEVlFRRERBMXRZWEJ3YVc1bkxXRmtiV2x1TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBCkE0R05BRENCaVFLQmdRRGI4ZXB4T3Q3YXdBZGU3RGVjTzlxdTVIdFJseEFaRldxQ1cxenZJWXJ4UDEwbmF1YXcKVHppVElxaXhHYndBNnpjYmoyQnl6WHBxR0NlWjNHbVJJUmtXeTVxVzg2eTUxcXZxbFpkZzRzbEpHWUpJWVozTwpwWVQyVjZtS0pPcms0S29POGtDZ3V0bjlaLzhGWDJRWmpid1RzeE5ydTI3WXB0bmw5VXRQcHR2MHZRSURBUUFCCk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ25Pa2Z6TDFVcEM5VUpXZzBiK3MvSVlFUVRqY2lxTjIvUnc4MzgKZ0QxOTU0cWFEOHNiaElObktHUGNDa1dzWkhUMHYwbk9MMXBKVlZxL1l5amRGK1k4dVJhbDdnVTY5OStuWlNKTApKTjYzWkFSMnhSTW45T3pnb0NxRThxU3BIWU5GY3ZlLzQ3aDJQbGtVYXNwVmkrTzFyRDJvZUtKaDRuOXBFRlo3ClBKZlhVZytFcktQamhGV1k0TjFVU0VSTnFrWEFVZWRnazE3b1dlanhTRldBSmgza05lK1RtQzY0b2xOVGdIbWIKT0lPREpaQmdUTzdUMERhbWxtTzhYNGRBTTg5L095NWRiSUl2cGxDZ2tyOXBINXZaZmQ3dU1NOEtRaE1KUGJiLwowTEwzc2t5bEdHWUUzU2k5M2VCM1R6WnR2bk5YQkF6THFHeE9EdG9Gb1VwT1l6ZHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
user->client_key_data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNkd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Fd2dnSmRBZ0VBQW9HQkFOdng2bkU2M3RyQUIxN3MKTjV3NzJxN2tlMUdYRUJrVmFvSmJYTzhoaXZFL1hTZHE1ckJQT0pNaXFMRVp2QURyTnh1UFlITE5lbW9ZSjVuYwphWkVoR1JiTG1wYnpyTG5XcStxVmwyRGl5VWtaZ2toaG5jNmxoUFpYcVlvazZ1VGdxZzd5UUtDNjJmMW4vd1ZmClpCbU52Qk96RTJ1N2J0aW0yZVgxUzArbTIvUzlBZ01CQUFFQ2dZQVNsRHpaazc5L2V2a2thNC9IQXNkV1ByYXMKRGJhdVo4QzNna0EzY3YzcG94Q2JZOHhZMkZoUEZYNXFkMklLTWRSVjM2YW1DL1ZyUU44WGdDYnF1NEVDNDhsaQpWZVRPY3BKbXpTKzNkWDgwem4vYitUaEEzMzZudS82aEkzaERFRVNZL2wxZWEyRFN1aThuNFdnMXEycURKbGk2CmQ2WVlxa2hsTWRpT1BvQlpnUUpCQVByaGZSbHE0c0Y2YkQ3MVczZkx1dlIxV1k1N09La2xoeHZ5WEtuNThnMzgKak5zZmRmY1dRZEJoVEx4VTFEWktTQnlmRFhyN2ExaGpCdGdWemViYU5YOENRUURnYnRSV09qMlY1Tm9hWnAyWAowSytMcmI1UCt1ZkJOQy9ad2FzcDIrMzlQSjRScC9tSElRdTdDeUR2UTNtMHFWcFlmckJjaWxsUDVTTnpJNzdWCmgwdkRBa0VBencrUU9vdzNQc3lWenBpZXQ0N1ViTEwyQ1Z5MTlSVGVJRGkyTml2dWxaQ2RpTFM4bmdRbXFaL0UKdjZPYnluc2diVTd3eDFIKzFPSldZYjROUkwxUWJRSkJBTE9uWkNmbUZSaGhDa25wN0tyekxTS2xvTnRMSUt0aQp5QThLM2FYelhFM0RjVkQyNG1MT0RDTGM1SzlDbHpFTUE3c2xKcTNkUFdNY0xFVmx6c1FFdXBzQ1FIam91ZmpRCm1vUzdsR0VtTy9wUktJdUF3SmlOTnRHYThFRVJ2ZXhwQUVhRW5YcEVFSVladTV3c08yZkZxZmlXT3JmK0tJTFQKandNbWhsS1JkQTF6VENVPQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
cluster->certificate_authority_data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EUXdNVEV3TlRNME1sb1hEVE0wTURNek1ERXdOVE0wTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFhCjVrY3k0d094bVhmcW1TZll0dEdIRjg5N3JOM0wrV2haRHRlbzQreEZNT1hEcnVGK0RGOUFqcFRodWVWVUttQ3IKUTFWb0svYS9Id0d3ZlMxQ2VwaXZoN1FRbGV2YXp6UkhVcW1JdUtwcW95akNJRjBOK3E3QU16alI1dVRmeVZiTQpjTjFRTmFwZm95RFZyYVN2UGtVcysvYmVQS0hFYTBiL1dXWDRhSjBudGhUQmdPNGwwSkk3b2hoY1FDWjV4OHhFClF5QlZjYnZnSksvU09rWkxKRTAxSHYyS3RGeWZGV3FycnVuR25WdEtreWR5ajZXMFZiaitJK0JNRk0wS056SUkKTkp6RlB4NDExNVhWMFJoWlE1WjBqRnRBNUdHaXU0UTM5RjdwRjNFSUl4azd1bDN6MDl0WXN6MFNZTUJCVFNIZAo1MHVlL0ZlaHp1MU1UM3UrdGNNQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZGUEVlenNYSmw0ekdQUitjYlpNZG0vRHBtUStNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBR01LYk5jN0k0d3pvZ3ZPaDI1RgpiK3dOUFRWRGFBTWJwVTZuWEhKcHdJVGgxNXRUVGdESzF1MWdmVmtvZXVMc2crc0NMaUN0SStjRGtEUEczZVdMCnhOYmo4MlQyZGgwVHF3cXM3RXpnOE5BRGh3WXJLcm8xbi9XMG1jQlBleTFmd3VlT0dLTUY2ZXoyMExkVjEwdVYKcnQ5bzFxQ0l3VlNhQUd6bVVzdXlSM3k1YU40eklWckxpbUVjT2RVdkVPWGtNa3NtYm9Bd053bnREUXZzSUVsRwpIN3dEOUJPdG05TlY2NnROb1RqNldCNC9DNktEMnhaalNWbzZiZ09Rdi8wS0oxRi9YcnpNODE0ak1oSkxMbFVPCnI4SkpTTVl4NHpzeWVoaGcrd3lySFVERTA0ZkVJcGFya1RXemNHSFJwN1k4MHN5VytDUi9hQnlQN1R6NFFFd2EKMlFvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
sslConfig->insecureSkipTlsVerify: 0
sslConfig->clientCertFile: /tmp/kubeconfig-A79SBv
sslConfig->clientKeyFile: /tmp/kubeconfig-EuVH6s
sslConfig->CACertFile: /tmp/kubeconfig-E9jEyy
rc = 0
apiClient = 0x563e5d370720
apiClient->basePath = https://10.16.128.121:6443
apiClient->sslConfig = 0x563e5d371ba0
apiClient->response_code = 0
apiClient->dataReceived = (nil)
apiClient->dataReceivedLen = 0
localVarPath: /api/v1/namespaces/default/pods
localVarBodyParameters: (null)
*   Trying 10.16.128.121:6443...
* Connected to 10.16.128.121 (10.16.128.121) port 6443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* could not load PEM client certificate, OpenSSL error error:0A00018F:SSL routines::ee key too small, (no key found, wrong pass phrase, or wrong file format?)
* Closing connection 0
curl_easy_perform() failed

URL: https://10.16.128.121:6443/api/v1/namespaces/default/pods
IP: 10.16.128.121
PORT: 6443
SCHEME: HTTPS
StrERROR: Problem with the local SSL certificate
The return code of HTTP request=0
Cannot get any pod.

@ityuhui
Copy link
Member

ityuhui commented Nov 30, 2024

I'm guessing it's a bug that the client certificate is being truncated before being provided to the API server. Perhaps your client certificate is longer than the buffer. Can you do some investigation to print the contents of the client certificate or debug this?

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ityuhui @jason-i-vv @k8s-ci-robot @k8s-triage-robot