RSA modulus is not a positive number

Solution In Progress - Updated -

Issue

We are seeing this issue trying to eval OpenShift V3 training examples. Steps to reproduce...
Configure docker to access external registries using OurCompany's web proxy config, e.g., in /etc/sysconfig/docker:

OPTIONS='--insecure-registry=0.0.0.0/0 --selinux-enabled'
HTTP_PROXY=http://webproxy.example.com:8080
HTTPS_PROXY=http://webproxy.example.com:8080

Try a docker pull that goes to index.docker.io, for example:

# docker pull openshift/hello-openshift

Observe error:

Trying to pull repository registry.access.redhat.com/openshift/hello-openshift ... not found
Trying to pull repository docker.io/openshift/hello-openshift ... failed
FATA[0002] Get https://index.docker.io/v1/repositories/openshift/hello-openshift/images: tls: failed to parse certificate from server: x509: RSA modulus is not a positive number 

Other observations.
Using curl from the same box to access the same resource works, for example:

# curl -s -k -D - -x webproxy.example.com:8080 https://index.docker.io/v1/repositories/openshift/hello-openshift/images | head
HTTP/1.1 200 Connection established

HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Wed, 15 Jul 2015 20:18:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked

Can you help me figure out is this a bug in the way go parses certs (since curl works fine with same cert) or is there something actually wrong or non-standard about the MITM cert that I can take back to our firewall overlords? In the meantime, any ideas on how to work around this?

Environment

  • Red Hat Enterprise Linux 7.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In