Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

mender show-artifact gives SSL errors

Description

After running through onboarding I ran the following command:

pi@raspberrypi:~ $ sudo mender -show-artifact ERRO[0000] Failed to Load the Server certificate. Err SSL errors: WARN[0000] Failed to load the server TLS certificate settings: SSL errors: hello-world pi@raspberrypi:~ $

Why does it show these SSL errors? They seem to be empty as well?
This is also the case if you run "show-provides" and potentially other local commands.

After some initial investigation:

It seems to be triggered by incorrect use of "ClientProtocol" field in mender.conf, which to our current knowledge we shouldn't need and should be completely removed.

Acceptance criteria:

  • ClientProtocol is removed from mender.conf

  • mTLS via OpenSSL works as expected

Affects versions

Environment

None

Checklist

Activity

Show:

Lluis CamposMarch 3, 2021 at 11:52 AM

eystein.maloy.stenbergFebruary 15, 2021 at 10:21 PM

A user reported being concerned/confused about this message as well a few days ago.

eystein.maloy.stenbergFebruary 2, 2021 at 7:55 PM

thank you.

Lluis CamposFebruary 2, 2021 at 12:33 PM

That seems to be the right solution, I'll increase the estimate to account for a bit more code clean-up.

Alf-Rune SiqvelandFebruary 2, 2021 at 11:08 AM

(Discussed during standup)
The ClientProtocol config is redundant as the protocol should be derived from the ServerURL scheme. So the "correct" thing to do here is deprecate/remove the ClientProtocol config and change the logic for how the HTTP client is initialized. That is, client TLS configurations should only depend on the HttpsClient configuration options.

Fixed

Details

Assignee

Reporter

Labels

Story Points

Priority

Days in progress

1

Fix versions

Sprint

Backlog

yes

Zendesk Support

Checklist

Created January 22, 2021 at 10:51 PM
Updated March 4, 2021 at 7:06 PM
Resolved March 4, 2021 at 7:06 PM