search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.93k stars 2.9k forks source link

az network bastion tunnel fails with CERTIFICATE_VERIFY_FAILED #27283

Open rtkmodriscoll opened 11 months ago

rtkmodriscoll commented 11 months ago

Describe the bug

az network bastion tunnel fails to verify certificate after ssh or vscode attempt to use the tunnel to connect to the local port on the host system.

curl -vvI https://bst-<bastion UUID HERE>.bastion.azure.com
*   Trying 20.169.240.85:443...
* Connected to bst-<bastion UUID HERE>.bastion.azure.com (<bastion IP HERE>) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=bst-<bastion UUID HERE>.bastion.azure.com
*  start date: Jun 16 15:29:47 2023 GMT
*  expire date: Jun 10 15:29:47 2024 GMT
*  subjectAltName: host "bst-<bastion UUID HERE>.bastion.azure.com" matched cert's "bst-<bastion UUID HERE>.bastion.azure.com"
*  issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 05
*  SSL certificate verify ok.
* using HTTP/1.x
> HEAD / HTTP/1.1
> Host: bst-<bastion UUID HERE>.bastion.azure.com
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/1.1 200
HTTP/1.1 200
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000;includeSubDomains; preload
Strict-Transport-Security: max-age=31536000;includeSubDomains; preload
< Set-Cookie: JSESSIONID=985310DBA9AD5941109439CEDED2022E; Path=/; Secure; HttpOnly
Set-Cookie: JSESSIONID=985310DBA9AD5941109439CEDED2022E; Path=/; Secure; HttpOnly
< Accept-Ranges: bytes
Accept-Ranges: bytes
< ETag: W/"2519-1691769442000"
ETag: W/"2519-1691769442000"
< Last-Modified: Fri, 11 Aug 2023 15:57:22 GMT
Last-Modified: Fri, 11 Aug 2023 15:57:22 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 2519
Content-Length: 2519
< Date: Tue, 29 Aug 2023 15:48:06 GMT
Date: Tue, 29 Aug 2023 15:48:06 GMT

<
* Connection #0 to host bst-<bastion UUID HERE>.bastion.azure.com left intact
➜  ~ python
Python 3.10.13 (main, Aug 25 2023, 02:38:26) [Clang 14.0.3 (clang-1403.0.22.14.1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> r = requests.get("https://bst-<bastion UUID HERE>.bastion.azure.com")
>>> r.status_code
200

image image

Related command

az network bastion tunnel --debug --name $bastion_name --resource-group $rg_name --target-resource-id $resource_id --subscription "SubHere" --resource-port 22 --port 46810

Errors

urllib3.connectionpool: Starting new HTTPS connection (1): bst-<UUID HERE>.bastion.azure.com:443
urllib3.connectionpool: https://bst-<UUID HERE>.bastion.azure.com:443 "POST /api/tokens HTTP/1.1" 200 None
Exception in thread Thread-1 (_start_tunnel):
Traceback (most recent call last):
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/threading.py", line 953, in run
    self._target(*self._args, **self._kwargs)
  File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/custom.py", line 335, in _start_tunnel
    tunnel_server.start_server()
  File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 194, in start_server
    self._listen()
  File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 130, in _listen
    self.ws = create_connection(host,
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_core.py", line 601, in create_connection
    websock.connect(url, **options)
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_core.py", line 244, in connect
    self.sock, addrs = connect(url, self.sock_opt, proxy_info(**options),
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 136, in connect
    sock = _ssl_socket(sock, options.sslopt, hostname)
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 271, in _ssl_socket
    sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 247, in _wrap_sni_socket
    return context.wrap_socket(
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 513, in wrap_socket
    return self.sslsocket_class._create(
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1104, in _create
    self.do_handshake()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1375, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:1007)

Issue script & Debug output

az network bastion tunnel --debug --name $bastion_name --resource-group $rg_name --target-resource-id $resource_id --subscription "SUBHERE" --resource-port 22 --port 46810
cli.knack.cli: Command arguments: ['network', 'bastion', 'tunnel', '--debug', '--name', 'bastion-resource-name', '--resource-group', 'resourcegroupname', '--target-resource-id', '/subscriptions/UUIDHERE/resourceGroups/resourcegroupname/providers/Microsoft.Compute/virtualMachines/vmname', '--subscription', 'SubName', '--resource-port', '22', '--port', '46810']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x102eb7010>, <function OutputProducer.on_global_arguments at 0x10300f130>, <function CLIQuery.on_global_arguments at 0x103050700>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns', 'azext_bastion']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: network                   0.230       115       353
cli.azure.cli.core: privatedns                0.004        14        63
cli.azure.cli.core: Total (2)                 0.234       129       416
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name                  Load Time    Groups  Commands  Directory
cli.azure.cli.core: bastion                   0.003         2         9  /Users/mike.odriscoll/.azure/cliextensions/bastion
cli.azure.cli.core: Total (1)                 0.003         2         9
cli.azure.cli.core: Loaded 129 groups, 425 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : network bastion tunnel
cli.azure.cli.core: Command table: network bastion tunnel
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x103e60ca0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users/mike.odriscoll/.azure/commands/2023-08-29.11-35-44.network_bastion_tunnel.15318.log'.
az_command_data_logger: command args: network bastion tunnel --debug --name {} --resource-group {} --target-resource-id {} --subscription {} --resource-port {} --port {}
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x103e7dab0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x103eb79a0>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x103eb7ac0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x10300f1c0>, <function CLIQuery.handle_query_parameter at 0x103050790>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x103eb7a30>]
az_command_data_logger: extension name: bastion
az_command_data_logger: extension version: 0.2.5
Command group 'az network' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/mike.odriscoll/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/mike.odriscoll/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/UUIDHERE/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/UUIDHERE/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/UUIDHERE/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: <correlationID>
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/bastionHosts/bastion-resource-name?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': '<stripped>'
cli.azure.cli.core.sdk.policies:     'CommandName': 'network bastion tunnel'
cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--debug --name --resource-group --target-resource-id --subscription --resource-port --port'
cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.51.0 (PIP) (AAZ) azsdk-python-core/1.29.3 Python/3.10.13 (macOS-13.5.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/bastionHosts/bastion-resource-name?api-version=2022-01-01 HTTP/1.1" 200 2029
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies:     'Content-Length': '2029'
cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies:     'Expires': '-1'
cli.azure.cli.core.sdk.policies:     'Date': 'Tue, 29 Aug 2023 15:35:44 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
  "name": "bastion-resource-name",
  "id": "/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/bastionHosts/bastion-resource-name",
  "etag": "W/\"<etag-replaced>\"",
  "type": "Microsoft.Network/bastionHosts",
  "location": "eastus",
  "tags": {
    "x-aw-component": "Bastion",
    "x-aw-cost-centre": "it",
    "x-aw-deployment-tool": "Manual",
    "x-aw-owner": "owneremail@email.com",
    "x-aw-product": "COMPANY NAME",
    "x-az-environment": "Infra",
    "x-az-provisioning-identity": "<ProvisioningIdentity>"
  },
  "properties": {
    "provisioningState": "Succeeded",
    "dnsName": "bst-<bastion-UUID>.bastion.azure.com",
    "scaleUnits": 2,
    "enableTunneling": true,
    "enableIpConnect": false,
    "enableFileCopy": false,
    "disableCopyPaste": false,
    "enableShareableLink": false,
    "ipConfigurations": [
      {
        "name": "bastion-resource-name-ip",
        "id": "/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/bastionHosts/bastion-resource-name/bastionHostIpConfigurations/bastion-resource-name-ip",
        "etag": "W/\"<etag-replaced>\"",
        "type": "Microsoft.Network/bastionHosts/bastionHostIpConfigurations",
        "properties": {
          "provisioningState": "Succeeded",
          "privateIPAllocationMethod": "Dynamic",
          "publicIPAddress": {
            "id": "/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/publicIPAddresses/bastion-resource-name-pip"
          },
          "subnet": {
            "id": "/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/virtualNetworks/bastion-vnet-name/subnets/AzureBastionSubnet"
          }
        }
      }
    ]
  },
  "sku": {
    "name": "Standard"
  }
}
cli.azext_bastion.tunnel: Port 46810 is open
cli.azext_bastion.tunnel: Creating a socket on port: 46810
cli.azext_bastion.tunnel: Setting socket options
cli.azext_bastion.tunnel: Binding to socket on local address and port
cli.azext_bastion.tunnel: Finished initialization
cli.azext_bastion.custom: Opening tunnel on port: 46810
cli.azext_bastion.custom: Tunnel is ready, connect on port 46810
cli.azext_bastion.custom: Ctrl + C to close
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/UUIDHERE/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/UUIDHERE/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/UUIDHERE/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: <correlationID>
cli.azext_bastion.tunnel: Content: {'resourceId': '/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Compute/virtualMachines/vmname', 'protocol': 'tcptunnel', 'workloadHostPort': '22', 'aztoken': '<TOKEN-REMOVED>', 'token': None}
urllib3.connectionpool: Starting new HTTPS connection (1): bst-<bastion-UUID>.bastion.azure.com:443
urllib3.connectionpool: https://bst-<bastion-UUID>.bastion.azure.com:443 "POST /api/tokens HTTP/1.1" 200 None
Exception in thread Thread-1 (_start_tunnel):
Traceback (most recent call last):
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/threading.py", line 953, in run
    self._target(*self._args, **self._kwargs)
  File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/custom.py", line 335, in _start_tunnel
    tunnel_server.start_server()
  File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 194, in start_server
    self._listen()
  File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 130, in _listen
    self.ws = create_connection(host,
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_core.py", line 601, in create_connection
    websock.connect(url, **options)
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_core.py", line 244, in connect
    self.sock, addrs = connect(url, self.sock_opt, proxy_info(**options),
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 136, in connect
    sock = _ssl_socket(sock, options.sslopt, hostname)
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 271, in _ssl_socket
    sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
  File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 247, in _wrap_sni_socket
    return context.wrap_socket(
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 513, in wrap_socket
    return self.sslsocket_class._create(
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1104, in _create
    self.do_handshake()
  File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1375, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:1007)
cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x103eb4ee0>, <function _x509_from_base64_to_hex_transform at 0x103eb4f70>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult []
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x103e60ee0>]
az_command_data_logger: exit code: 0
cli.__main__: Command ran in 6.641 seconds (init: 0.093, invoke: 6.548)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3565 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/bin/python3.10 /Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/azure/cli/telemetry/__init__.py /Users/mike.odriscoll/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

Expected behavior

Tunnel connects and allows vscode or ssh to create a connection to the bastion host. No SSL certificate error occurs.

Environment Summary

azure-cli 2.51.0

core 2.51.0 telemetry 1.1.0

Extensions: bastion 0.2.5

Dependencies: msal 1.24.0b1 azure-mgmt-resource 23.1.0b2

Python location '/opt/local/Library/Frameworks/Python.framework/Versions/3.10/bin/python3.10' Extensions directory '/Users/mike.odriscoll/.azure/cliextensions'

Python (Darwin) 3.10.13 (main, Aug 25 2023, 02:38:26) [Clang 14.0.3 (clang-1403.0.22.14.1)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response

yonzhan commented 11 months ago

Thank you for opening this issue, we will look into it.