[lxc-users] What is the best way to report bug issues with LXD rest server?
Janjaap Bos
janjaapbos at gmail.com
Sat May 23 07:13:49 UTC 2015
Yes, you are a step further now that TLS is spoken. However, I would
suggest to first get your test working locally on the lxd server, since my
homebrew OSX curl has further restrictions. You can only use certificates
that are in the keychain:
* WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure Transport. The private
key must be in the Keychain.
* WARNING: SSL: Certificate type not set, assuming PKCS#12 format.
When trying your example on my lxd server, I do the following steps (as
root user).
# cd /root/.config/lxc
# ls
client.crt client.key config.yml servercerts
Now, if you don't have these files, use can get them by doing the following:
# lxc remote add lxc-org images.linuxcontainers.org
This should also initialise the local client certificate if it does not
exist.
Then:
# lxc config trust add client.crt
# lxc config trust list
This should list the fingerprint.
And it should work:
# curl --key client.key --cert client.crt -v -k
https://localhost:8443/1.0/images
(do not use the -s option as it will suppress the output)
2015-05-23 7:53 GMT+02:00 Kevin LaTona <lists at studiosola.com>:
>
> On May 22, 2015, at 10:33 PM, Kevin LaTona <lists at studiosola.com> wrote:
>
> Ok, but you are testing with a curl that does not support TLS. That is why
> you cannot connect to that particular LXD instance. Depending on the OS and
> distribution, other LXD instances may still support SSL.
>
>
>
>
>
> I did a quick upgrade of curl to 7.42.1
>
> Now when I try it
>
> /usr/local/Cellar/curl/7.42.1/bin/curl -s --cert server.crt --key
> server.key -k https://192.168.0.50:8443/1.0/images
>
> I know I don't want to mess with Apple's install of Curl for now.
>
>
> I get ………… curl: (35) SSL peer handshake failed, the server most likely
> requires a client certificate to connect
>
> So maybe I am getting closer and some thing is off with the cert I just
> made.
>
>
> Would be nice to know what version of LDX is running at
> linuxcontainers.org
>
> It sure might help saving lots of time chasing after another avenue that
> in the end may or may not solve problem.
>
> -Kevin
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150523/5f74a605/attachment.html>
More information about the lxc-users
mailing list