can not apply https delay chaos

[ruanyg]

I followed the steps on https://chaos-mesh.org/docs/simulate-http-chaos-on-kubernetes/#tls to generate files includes server.key, server.crt and ca.crt stored in directory /usr/local. All my operations were carried out on the same virtual machine, node1.

My server.ext file's content like this

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.baidu.com

My tproxy configfile named tls.yaml, content like this

proxy_ports: [80,443]
rules:
  - target: Request
    selector:
      path: /sugrec
    actions:
      delay: 60s

tls:
  cert_file:
    type: Path
    value: /usr/local/server.crt
  key_file:
    type: Path
    value: /usr/local/server.key
  ca_file:
    type: Path
    value: /usr/local/ca.crt

While I was using ./tproxy -v ./tls.yaml to start tproxy, and after invoking the https://www.baidu.com/sugrec?xxx interface, the following error occurred on the invocation side:

curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

The following logs were output in tproxy.

2023-11-01T02:20:00.131905Z ERROR chaos_tproxy_proxy::proxy::http::server: cannot decrypt peer's message

Please assist in troubleshooting this, I would be greatly appreciative!

@cwen0

[ruanyg]

@cwen0 老哥有空了帮忙瞅瞅看。

[george-tj]

官网写着 HTTPS accesses should be disabled, because injecting HTTPS connections is not supported currently. 不知道啥时候能支持https