[jira] [Updated] (MESOS-5863) Enabling SSL causes fetcher fail to fetch from HTTPS sites.

Wed, 20 Jul 2016 13:41:33 -0700 

     [ 
https://issues.apache.org/jira/browse/MESOS-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jie Yu updated MESOS-5863:
--------------------------
          Sprint: Mesosphere Sprint 39
    Story Points: 3

> Enabling SSL causes fetcher fail to fetch from HTTPS sites.
> -----------------------------------------------------------
>
>                 Key: MESOS-5863
>                 URL: https://issues.apache.org/jira/browse/MESOS-5863
>             Project: Mesos
>          Issue Type: Bug
>    Affects Versions: 0.27.3, 0.28.2, 1.0.0
>            Reporter: Jie Yu
>            Assignee: Jie Yu
>
> This is because curl (which fetcher relies on) also relies on some of the 
> environment variables used by libprocess SSL support. For instance, 
> `SSL_CERT_FILE`. If the operator sets `SSL_CERT_FILE` env var for Mesos 
> agent, the fetcher will inherit this env var and cause curl to fail:
> {noformat}
> [centos@ip-10-10-0-205 ~]$ 
> SSL_CERT_FILE=/run/dcos/pki/tls/certs/mesos-slave.crt curl 
> https://registry-1.docker.io:443/v2/library/alpine/manifests/latest
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.haxx.se/docs/sslcerts.html
> curl performs SSL certificate verification by default, using a "bundle"
>  of Certificate Authority (CA) public keys (CA certs). If the default
>  bundle file isn't adequate, you can specify an alternate file
>  using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
>  the bundle, the certificate verification probably failed due to a
>  problem with the certificate (it might be expired, or the name might
>  not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
>  the -k (or --insecure) option.
> [centos@ip-10-10-0-205 ~]$ curl 
> https://registry-1.docker.io:443/v2/library/alpine/manifests/latest
> {"errors":[{"code":"UNAUTHORIZED","message":"authentication 
> required","detail":[{"Type":"repository","Name":"library/alpine","Action":"pull"}]}]}
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to