juju-core

api.Client().AddLocalCharm() uses utils.GetNonValidatingHTTPClient()

Bug #1261780 reported by Dimiter Naydenov on 2013-12-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	juju-core	Fix Released	High	Unassigned	juju-core 1.26-alpha2

Bug Description

Currently, api.Client().AddLocalCharm() uses utils.GetNonValidatingHTTPClient() to connect to the API server's HTTPS handler for path /charms. This is sub-optimal and needs to be changed to use a proper validating HTTP + TLS client, using the CACert used to connect to the API server. Unfortunately, due to an unknown issue in go 1.1.2, this does not work (but works in later versions), and the request fails with the following error:

cannot upload charm: Post https://127.0.0.1:46369/charms?series=quantal: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs"} ("cannot upload charm: Post https://127.0.0.1:46369/charms?series=quantal: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

Tags:

Curtis Hovey (sinzui) on 2014-01-07

Changed in juju-core:
status:	Confirmed → Triaged
importance:	Undecided → High
milestone:	none → 1.19.0

Revision history for this message

Ashok kumaran B (ashokkumaran-b) wrote on 2014-01-09:

I hit the same issue

root@juju-client:~# juju -v bootstrap -e openstack
verbose is deprecated with the current meaning, use show-log
2014-01-09 06:31:45 INFO juju.environs open.go:156 environment info already exists; using New not Prepare
2014-01-09 06:31:45 INFO juju.provider.openstack provider.go:116 opening environment "openstack"
2014-01-09 06:31:45 ERROR juju supercommand.go:282 failed to GET object provider-state from container juju-fdc3ca8c6b13ed18d1527995f210b0c9
caused by: failed executing the request https://10.1.27.194:8080/v1/AUTH_74406d06ca654bf4804003942b2f3f7c/juju-fdc3ca8c6b13ed18d1527995f210b0c9/provider-state
caused by: Get https://10.1.27.194:8080/v1/AUTH_74406d06ca654bf4804003942b2f3f7c/juju-fdc3ca8c6b13ed18d1527995f210b0c9/provider-state: x509: cannot validate certificate for 10.1.27.194 because it doesn't contain any IP SANs
root@juju-client:~# juju --version
1.16.5-precise-amd64

Is there a workaround, is this issue expected in 1.16.5 version of juju?

Curtis Hovey (sinzui) on 2014-02-21

Changed in juju-core:
milestone:	1.19.0 → 2.0

Curtis Hovey (sinzui) on 2014-06-20

Changed in juju-core:
milestone:	none → next-stable

Revision history for this message

Curtis Hovey (sinzui) wrote on 2014-07-16:

Juju now uses golang 1.2

Changed in juju-core:
status:	Triaged → Won't Fix
milestone:	next-stable → none

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2015-10-06:

The real bug here is that api.Client().AddLocalCharm() uses utils.GetNonValidatingHTTPClient().
That bug has not been fixed, does need fixing and can be fixed.

summary:

- go 1.1.2 TLS-enabled client does not accept our CACert
+ api.Client().AddLocalCharm() uses utils.GetNonValidatingHTTPClient()

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2015-10-06:

I've renamed the bug and reopened it.

Changed in juju-core:
status:	Won't Fix → In Progress

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2015-10-29:

Fixed by https://github.com/juju/juju/pull/3619

Changed in juju-core:
status:	In Progress → Fix Committed

Cheryl Jennings (cherylj) on 2015-11-18

Changed in juju-core:
milestone:	none → 1.26-alpha2

Curtis Hovey (sinzui) on 2015-11-26

Changed in juju-core:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.