Re: [openstack-dev] [magnum] k8s api tls_enabled mode testing

2015-10-25 Thread OTSUKA , Motohiro 
Hi, Eli Qiao

If ca or client certs is wrong, I think client will get error before `client 
hello`.
I tested broken ca cert and client cert in my local environment.
See below logs.

yuanying@devstack:~/temp$ curl https://192.168.19.92:6443 --tlsv1.0 -v  --key 
./client.key --cert ./client.crt --cacert ./ca.crt
* Rebuilt URL to: https://192.168.19.92:6443/
* Hostname was NOT found in DNS cache
*   Trying 192.168.19.92...
* Connected to 192.168.19.92 (192.168.19.92) port 6443 (#0)
* unable to use client certificate (no key found or wrong pass phrase?)
* Closing connection 0
curl: (58) unable to use client certificate (no key found or wrong pass phrase?)



--  
OTSUKA, Motohiro
Sent with Sparrow (http://www.sparrowmailapp.com/?sig)


On Wednesday, October 21, 2015 at 20:34, Qiao, Liyong wrote:

> Hello,
> I need your help on k8s api tls_enabled mode.
> Here’s my patch https://review.openstack.org/232421
>   
> It is always failed on gate, but it works in my setup.
> Debug more I found that the ca cert return api return length with difference:
>   
> On my setup:
> 10.238.157.49 - - [21/Oct/2015 19:16:17] "POST /v1/certificates HTTP/1.1" 201 
> 3360
> …
> 10.238.157.49 - - [21/Oct/2015 19:16:17] "GET 
> /v1/certificates/d4bf6135-a3d0-4980-a785-e3f2900ca315 HTTP/1.1" 200 1357
>   
> On gate:
>   
> 127.0.0.1 - - [21/Oct/2015 10:59:40] "POST /v1/certificates HTTP/1.1" 201 3352
> 127.0.0.1 - - [21/Oct/2015 10:59:40] "GET 
> /v1/certificates/a9aa1bbd-d624-4791-a4b9-e7a076c8bf58 HTTP/1.1" 200 1349
>   
> Misses 8 Bit.
>   
> I also print out the cert file content, but the length of both on gate and my 
> setup are same.
> But failed on gate due to SSL exception.
> Does anyone know what will be the root cause?
>   
>   
>   
> BR, Eli(Li Yong)Qiao
>   
>  
>  
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe 
> (mailto:openstack-dev-requ...@lists.openstack.org?subject:unsubscribe)
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>  
>  


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [magnum] k8s api tls_enabled mode testing

2015-10-21 Thread Qiao, Liyong 
Hello,
I need your help on k8s api tls_enabled mode.
Here’s my patch https://review.openstack.org/232421

It is always failed on gate, but it works in my setup.
Debug more I found that the ca cert return api return length with difference:

On my setup:
10.238.157.49 - - [21/Oct/2015 19:16:17] "POST /v1/certificates HTTP/1.1" 201 
3360
…
10.238.157.49 - - [21/Oct/2015 19:16:17] "GET 
/v1/certificates/d4bf6135-a3d0-4980-a785-e3f2900ca315 HTTP/1.1" 200 1357

On gate:

127.0.0.1 - - [21/Oct/2015 10:59:40] "POST /v1/certificates HTTP/1.1" 201 3352

127.0.0.1 - - [21/Oct/2015 10:59:40] "GET 
/v1/certificates/a9aa1bbd-d624-4791-a4b9-e7a076c8bf58 HTTP/1.1" 200 1349



Misses 8 Bit.



I also print out the cert file content, but the length of both on gate and my 
setup are same.

But failed on gate due to SSL exception.

Does anyone know what will be the root cause?




BR, Eli(Li Yong)Qiao

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev