We are seeing this issue trying to eval OpenShift V3 training examples. Steps to reproduce...
Configure docker to access external registries using OurCompany's web proxy config, e.g., in /etc/sysconfig/docker:
OPTIONS='--insecure-registry=0.0.0.0/0 --selinux-enabled' HTTP_PROXY=http://webproxy.example.com:8080 HTTPS_PROXY=http://webproxy.example.com:8080
Try a docker pull that goes to index.docker.io, for example:
# docker pull openshift/hello-openshift
Trying to pull repository registry.access.redhat.com/openshift/hello-openshift ... not found Trying to pull repository docker.io/openshift/hello-openshift ... failed FATA Get https://index.docker.io/v1/repositories/openshift/hello-openshift/images: tls: failed to parse certificate from server: x509: RSA modulus is not a positive number
Using curl from the same box to access the same resource works, for example:
# curl -s -k -D - -x webproxy.example.com:8080 https://index.docker.io/v1/repositories/openshift/hello-openshift/images | head HTTP/1.1 200 Connection established HTTP/1.1 200 OK Server: nginx/1.6.2 Date: Wed, 15 Jul 2015 20:18:10 GMT Content-Type: application/json Transfer-Encoding: chunked
Can you help me figure out is this a bug in the way go parses certs (since curl works fine with same cert) or is there something actually wrong or non-standard about the MITM cert that I can take back to our firewall overlords? In the meantime, any ideas on how to work around this?
- Red Hat Enterprise Linux 7.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.