<div dir="ltr"><div>Before trying at OSX, make sure it works on your LXD host.</div><div><br></div>Follow the steps for hacking on:<div><br></div><div><a href="https://github.com/lxc/lxd">https://github.com/lxc/lxd</a><br></div><div><br></div><div>It works for me.</div><div><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif">Hacking</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Sometimes it is useful to view the raw response that LXD sends; you can do this by:</p><pre style="overflow:auto;font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;margin-top:0px;margin-bottom:16px;font-stretch:normal;line-height:1.45;padding:16px;border-radius:3px;word-wrap:normal;color:rgb(51,51,51);background-color:rgb(247,247,247)"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;padding:0px;margin:0px;border-radius:3px;word-break:normal;border:0px;display:inline;max-width:initial;overflow:initial;line-height:inherit;word-wrap:normal;background:transparent">lxc config set password foo
lxc remote add local <a href="http://127.0.0.1:8443">127.0.0.1:8443</a>
wget --no-check-certificate <a href="https://127.0.0.1:8443/1.0/finger">https://127.0.0.1:8443/1.0/finger</a> --certificate=$HOME/.config/lxc/client.crt --private-key=$HOME/.config/lxc/client.key -O - -q</code></pre><pre style="overflow:auto;font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;margin-top:0px;margin-bottom:16px;font-stretch:normal;line-height:1.45;padding:16px;border-radius:3px;word-wrap:normal;color:rgb(51,51,51);background-color:rgb(247,247,247)"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;padding:0px;margin:0px;border-radius:3px;word-break:normal;border:0px;display:inline;max-width:initial;overflow:initial;line-height:inherit;word-wrap:normal;background:transparent"><br></code></pre></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-05-23 21:13 GMT+02:00 Kevin LaTona <span dir="ltr"><<a href="mailto:lists@studiosola.com" target="_blank">lists@studiosola.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
I noticed I did not run the lxc config trust add client.crt call as suggested earlier.<br>
<br>
So I<br>
<br>
cd<br>
/root/.config/lxc<br>
<span class=""><br>
lxc config trust add client.crt<br>
<br>
<br>
</span>then<br>
<br>
lxc config trust list<br>
<br>
and got to finger prints back<br>
<br>
<br>
<br>
Next ran<br>
<span class=""><br>
<br>
curl -v -k <a href="https://192.168.0.50:8443/1.0/images" target="_blank">https://192.168.0.50:8443/1.0/images</a><br>
<br>
* Hostname was NOT found in DNS cache<br>
* Trying 192.168.0.50...<br>
* Connected to 192.168.0.50 (192.168.0.50) port 8443 (#0)<br>
* successfully set certificate verify locations:<br>
* CAfile: none<br>
CApath: /etc/ssl/certs<br>
* SSLv3, TLS handshake, Client hello (1):<br>
* SSLv3, TLS handshake, Server hello (2):<br>
* SSLv3, TLS handshake, CERT (11):<br>
* SSLv3, TLS handshake, Server key exchange (12):<br>
* SSLv3, TLS handshake, Request CERT (13):<br>
* SSLv3, TLS handshake, Server finished (14):<br>
* SSLv3, TLS handshake, CERT (11):<br>
* SSLv3, TLS handshake, Client key exchange (16):<br>
* SSLv3, TLS change cipher, Client hello (1):<br>
* SSLv3, TLS handshake, Finished (20):<br>
* SSLv3, TLS alert, Server hello (2):<br>
* error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate<br>
* Closing connection 0<br>
curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate<br>
<br>
<br>
root@c5:~#<br>
<br>
<br>
<br>
<br>
</span>Unless I am missing another config step here.<br>
<br>
Sure looks like the LDX image server is sending out bad certs into the wild.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
-Kevin<br>
_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></div></div></blockquote></div><br></div>