[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift v3 now running in HTTPS mode by default



I have yet to get the HTTPS enabled server working with either curl or httpie using our origin vagrant VM. Some example errors:

$ curl --cacert ./openshift.local.certificates/master/root.crt -X POST -d @hello-deployment.json localhost:8443/osapi/v1beta1/deploymentConfigs

2015/01/22 09:39:33 http: TLS handshake error from [::1]:41917: tls: oversized record received with length 21536

$ http --verify=openshift.local.certificates/master/root.crt localhost:8443/osapi/v1beta1/deploymentConfigs < hello-deployment.json

2015/01/22 09:39:38 http: TLS handshake error from [::1]:41918: tls: oversized record received with length 21536

$ openssl s_client -connect localhost:8443 -cipher RC4-SHA -tls1 

CONNECTED(00000003)
depth=1 CN = 10 0 2 15 1421878442
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/CN=10.0.2.15
   i:/CN=10 0 2 15 1421878442
 1 s:/CN=10 0 2 15 1421878442
   i:/CN=10 0 2 15 1421878442
---
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
subject=/CN=10.0.2.15
issuer=/CN=10 0 2 15 1421878442
---
No client certificate CA names sent
---
SSL handshake has read 1812 bytes and written 389 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID: 3AD45DE66C0987AAA84B7E1E9D653163389756474AED7307C81E5BBF82A704CF
    Session-ID-ctx: 
    Master-Key: 46B924FE4FE33E7BC9F9E32D52BCD540610DE9624CC0011E7AEF1C49E256E9DF3CCBE67BF62BA015298949A0DF578F00
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:

<snip>
 Start Time: 1421937519
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)


Any clue what I'm doing wrong?


----- Original Message -----
> From: "Clayton Coleman" <ccoleman redhat com>
> To: "Jordan Liggitt" <jliggitt redhat com>
> Cc: "[PUBLIC] Openshift Dev" <dev lists openshift redhat com>
> Sent: Thursday, January 22, 2015 9:31:53 AM
> Subject: Re: OpenShift v3 now running in HTTPS mode by default
> 
> We should probably default the protocol on master to listen. The original
> goal was for people not to specify master - instead, to give just enough
> info to make the right decisions. I've noticed people starting to hardcode
> those, but we should make the function more intuitive.
> 
> --listen= http://:0.0.0.0:8080 should be all most people need
> 
> 
> On Jan 22, 2015, at 9:26 AM, Jordan Liggitt < jliggitt redhat com > wrote:
> 
> 
> 
> 
> On 01/21/2015 01:52 PM, Jordan Liggitt wrote:
> 
> 
> How do I go back to HTTP?
> Why would you even ask that? You're making the EFF cry :-(
> 
> If you really need to, you can do the following to get the old default
> behaviour back:
> 
> openshift start: pass "--master= http://:8080 "
> osc: pass "--server= http://localhost:8080 "
> 
> 
> Follow-up: To run in http, you'll also need to pass "--listen=
> http://0.0.0.0:8080 " to openshift start
> 
> --master controls what address things should contact the API server on, and
> defaults to https:// <detected IP>:8443
> 
> --listen controls what the API server actually binds to on startup, and
> defaults to https://0.0.0.0:8443
> 
> 
> If you change the scheme or port using --master, you also need to specify
> --listen to match. So to get back to a completely unsecured state:
> 
> openshift start --master= http://:8080 --listen= http://0.0.0.0:8080
> 
> osc --server= http://localhost:8080
> 
> 
> 
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> 
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]