-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vaultenv fails with HandshakeFailed error rejecting the certificate by NameMismatch #99
Comments
Indeed, this is a limitation of the Haskell TLS client library that Vaultenv uses. It looks like there are two solutions in kubernetes-client/haskell#64:
|
jfroche
added a commit
to jfroche/vaultenv
that referenced
this issue
Dec 20, 2023
Using http-client-openssl that also handle the SSL_CERT_FILE environment variable refs channable#99
jfroche
added a commit
to jfroche/vaultenv
that referenced
this issue
Dec 20, 2023
Using http-client-openssl that also handle the SSL_CERT_FILE environment variable refs channable#99
jfroche
added a commit
to jfroche/vaultenv
that referenced
this issue
Dec 20, 2023
Using http-client-openssl that also handle the SSL_CERT_FILE environment variable refs channable#99
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
When vaultenv tries to connect to my vault server using TLS it fails with the following message:
My vault uses a certificate and key that was signed by my private CA. I will attach them here in the hope it helps resolve the issue (don't worry, these certs, keys, token, etc are all temporary, is not the ones in production).
certificates_and_keys.zip
Bellow is the output vault gives me in its log (journalctl -u vault.service):
Also, using vault cli works without issue.
Any idea of what this could be?
EDIT:
Looking around to some solution I found this GitHub issue kubernetes-client/haskell#64 which has the same problem.
Looks like that the default implementation of TLS from Haskell doesn't support validating certificates based on IP addresses. There is some workaround discussed there, but since Haskell is very new to me, I'm not sure how to port these workarounds to vaultenv, to be honest.
The text was updated successfully, but these errors were encountered: