[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift v3 now running in HTTPS mode by default



Add "https://"; to your curl request urls?

On 01/22/2015 09:42 AM, Dan Mace wrote:
> I have yet to get the HTTPS enabled server working with either curl or httpie using our origin vagrant VM. Some example errors:
>
> $ curl --cacert ./openshift.local.certificates/master/root.crt -X POST -d @hello-deployment.json localhost:8443/osapi/v1beta1/deploymentConfigs
>
> 2015/01/22 09:39:33 http: TLS handshake error from [::1]:41917: tls: oversized record received with length 21536
>
> $ http --verify=openshift.local.certificates/master/root.crt localhost:8443/osapi/v1beta1/deploymentConfigs < hello-deployment.json
>
> 2015/01/22 09:39:38 http: TLS handshake error from [::1]:41918: tls: oversized record received with length 21536
>
> $ openssl s_client -connect localhost:8443 -cipher RC4-SHA -tls1 
>
> CONNECTED(00000003)
> depth=1 CN = 10 0 2 15 1421878442
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
> Certificate chain
>  0 s:/CN=10.0.2.15
>    i:/CN=10 0 2 15 1421878442
>  1 s:/CN=10 0 2 15 1421878442
>    i:/CN=10 0 2 15 1421878442
> ---
> -----BEGIN CERTIFICATE-----
> <snip>
> -----END CERTIFICATE-----
> subject=/CN=10.0.2.15
> issuer=/CN=10 0 2 15 1421878442
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1812 bytes and written 389 bytes
> ---
> New, TLSv1/SSLv3, Cipher is RC4-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : RC4-SHA
>     Session-ID: 3AD45DE66C0987AAA84B7E1E9D653163389756474AED7307C81E5BBF82A704CF
>     Session-ID-ctx: 
>     Master-Key: 46B924FE4FE33E7BC9F9E32D52BCD540610DE9624CC0011E7AEF1C49E256E9DF3CCBE67BF62BA015298949A0DF578F00
>     Key-Arg   : None
>     Krb5 Principal: None
>     PSK identity: None
>     PSK identity hint: None
>     TLS session ticket:
>
> <snip>
>  Start Time: 1421937519
>     Timeout   : 7200 (sec)
>     Verify return code: 19 (self signed certificate in certificate chain)
>
>
> Any clue what I'm doing wrong?
>
>
> ----- Original Message -----
>> From: "Clayton Coleman" <ccoleman redhat com>
>> To: "Jordan Liggitt" <jliggitt redhat com>
>> Cc: "[PUBLIC] Openshift Dev" <dev lists openshift redhat com>
>> Sent: Thursday, January 22, 2015 9:31:53 AM
>> Subject: Re: OpenShift v3 now running in HTTPS mode by default
>>
>> We should probably default the protocol on master to listen. The original
>> goal was for people not to specify master - instead, to give just enough
>> info to make the right decisions. I've noticed people starting to hardcode
>> those, but we should make the function more intuitive.
>>
>> --listen= http://:0.0.0.0:8080 should be all most people need
>>
>>
>> On Jan 22, 2015, at 9:26 AM, Jordan Liggitt < jliggitt redhat com > wrote:
>>
>>
>>
>>
>> On 01/21/2015 01:52 PM, Jordan Liggitt wrote:
>>
>>
>> How do I go back to HTTP?
>> Why would you even ask that? You're making the EFF cry :-(
>>
>> If you really need to, you can do the following to get the old default
>> behaviour back:
>>
>> openshift start: pass "--master= http://:8080 "
>> osc: pass "--server= http://localhost:8080 "
>>
>>
>> Follow-up: To run in http, you'll also need to pass "--listen=
>> http://0.0.0.0:8080 " to openshift start
>>
>> --master controls what address things should contact the API server on, and
>> defaults to https:// <detected IP>:8443
>>
>> --listen controls what the API server actually binds to on startup, and
>> defaults to https://0.0.0.0:8443
>>
>>
>> If you change the scheme or port using --master, you also need to specify
>> --listen to match. So to get back to a completely unsecured state:
>>
>> openshift start --master= http://:8080 --listen= http://0.0.0.0:8080
>>
>> osc --server= http://localhost:8080
>>
>>
>>
>> _______________________________________________
>> dev mailing list
>> dev lists openshift redhat com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>
>> _______________________________________________
>> dev mailing list
>> dev lists openshift redhat com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]