RSA modulus is not a positive number
Issue
We are seeing this issue trying to eval OpenShift V3 training examples. Steps to reproduce...
Configure docker to access external registries using OurCompany's web proxy config, e.g., in /etc/sysconfig/docker:
OPTIONS='--insecure-registry=0.0.0.0/0 --selinux-enabled'
HTTP_PROXY=http://webproxy.example.com:8080
HTTPS_PROXY=http://webproxy.example.com:8080
Try a docker pull that goes to index.docker.io, for example:
# docker pull openshift/hello-openshift
Observe error:
Trying to pull repository registry.access.redhat.com/openshift/hello-openshift ... not found
Trying to pull repository docker.io/openshift/hello-openshift ... failed
FATA[0002] Get https://index.docker.io/v1/repositories/openshift/hello-openshift/images: tls: failed to parse certificate from server: x509: RSA modulus is not a positive number
Other observations.
Using curl from the same box to access the same resource works, for example:
# curl -s -k -D - -x webproxy.example.com:8080 https://index.docker.io/v1/repositories/openshift/hello-openshift/images | head
HTTP/1.1 200 Connection established
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Wed, 15 Jul 2015 20:18:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Can you help me figure out is this a bug in the way go parses certs (since curl works fine with same cert) or is there something actually wrong or non-standard about the MITM cert that I can take back to our firewall overlords? In the meantime, any ideas on how to work around this?
Environment
- Red Hat Enterprise Linux 7.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.