search

cloudfoundry / cf-uaac

Apache License 2.0
41 stars 29 forks source link

--skip-ssl-validation flag doesn't work #52

Closed ktchen14 closed 6 years ago

ktchen14 commented 6 years ago 
uaac target https://30.0.0.5:8443 --skip-ssl-validation
failed to access https://30.0.0.5:8443: Invalid SSL Cert for https://30.0.0.5:8443/login. Use '--skip-ssl-validation' to continue with an insecure target

This also fails in cf-uaa-lib:

require 'uaa'

issuer = CF::UAA::TokenIssuer.new('https://30.0.0.5:8443', 'admin', nil, skip_ssl_validation: true)
issuer.client_credentials_grant
ruby ~/uaa.rb
Traceback (most recent call last):
    5: from /Users/kaitingc/uaa.rb:4:in `<main>'
    4: from /usr/local/lib/ruby/gems/2.5.0/gems/cf-uaa-lib-3.13.0/lib/uaa/token_issuer.rb:269:in `client_credentials_grant'
    3: from /usr/local/lib/ruby/gems/2.5.0/gems/cf-uaa-lib-3.13.0/lib/uaa/token_issuer.rb:77:in `request_token'
    2: from /usr/local/lib/ruby/gems/2.5.0/gems/cf-uaa-lib-3.13.0/lib/uaa/http.rb:145:in `request'
    1: from /usr/local/lib/ruby/gems/2.5.0/gems/cf-uaa-lib-3.13.0/lib/uaa/http.rb:156:in `net_http_request'
/usr/local/lib/ruby/gems/2.5.0/gems/cf-uaa-lib-3.13.0/lib/uaa/http.rb:176:in `rescue in net_http_request': Invalid SSL Cert for https://30.0.0.5:8443/oauth/token. Use '--skip-ssl-validation' to continue with an insecure target (CF::UAA::SSLException)
cf-gitbot commented 6 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/156361642

The labels on this github issue will be updated when the story is started.

DennisDenuto commented 6 years ago

Hello @ktchen14 , thanks for creating this issue. can you please verify that the configured uaa server certificate is configured correctly i.e are you able to provide the output from openssl s_client -connect 30.0.0.5:8443

ktchen14 commented 6 years ago

@DennisDenuto Let me give you the SSL certificate on that host but note that 30.0.0.5:8443 is an Ops Manager.

jhamon commented 6 years ago

Have you ever targeted this environment before with a valid cert? Are there entries for this target in the ~/.uaac.yml file saying skip_ssl_validation: false?

ktchen14 commented 6 years ago

I have not. And also cf-uaa-lib fails in the same scenario so I'm not sure that this is related to cf-uaac directly.

ktchen14 commented 6 years ago

Oh never mind this appears to be due to Ops Manager presenting an invalid certificate in certain cases. You can close this issue. Thanks!