Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CA cert is not used by uaac curl #128

Closed
bgoerzig opened this issue Nov 16, 2023 · 2 comments · Fixed by #130
Closed

CA cert is not used by uaac curl #128

bgoerzig opened this issue Nov 16, 2023 · 2 comments · Fixed by #130
Assignees
@strehle

Comments

@bgoerzig
Copy link

bgoerzig commented Nov 16, 2023
edited
Loading

The uaac curl subcommand doesn't use the CA certificate specified by uaac target --ca-cert /path/to/ca.crt:

$ uaac version
UAA client 4.17.0

$ uaac target <uaa-server-url> --ca-cert ca.crt

Target: <uaa-server-url>
Context: ...

$ uaac groups
...
$ echo $?
0
$ uaac curl '/Groups'
GET <uaa-server-url>/Groups

uaac error
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=<uaa-server-ip>:443 state=error: certificate verify failed (self-signed certificate in certificate chain)

$ echo $?
1
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

@bgoerzig bgoerzig changed the title uaa target --ca-cert is not respected by uaac curl uaa target --ca-cert is not used by uaac curl Nov 16, 2023
@bgoerzig bgoerzig changed the title uaa target --ca-cert is not used by uaac curl CA cert is not used by uaac curl Nov 16, 2023
@strehle
Copy link
Member

strehle commented Nov 16, 2023

Ok, yes so seems that simply missing in curl case
curl: https://github.com/cloudfoundry/cf-uaac/blob/main/lib/uaa/cli/curl.rb#L66-L67
http via cf-uaa-lib: https://github.com/cloudfoundry/cf-uaa-lib/blob/master/lib/uaa/http.rb#L199-L201

@strehle strehle linked a pull request Nov 18, 2023 that will close this issue
Support ca_file for http client in curl mode #130
Merged
@strehle strehle self-assigned this Nov 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@strehle strehle

Labels
None yet
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support ca_file for http client in curl mode cloudfoundry/cf-uaac
3 participants
@cf-gitbot @bgoerzig @strehle