Open roobre opened 1 year ago
At first glance, I do not think there is anything container related here ... eg. probably best to verify if plain ole curl 8.1.0 (albeit with the same build flags/deps) reproduces this error eg. this might just be a curl error. Will investigate if I have the time.
Hey @xquery,
It seems that you are right, I can reproduce a similar issue with plain old curl 8.0.1 (x86_64-pc-linux-gnu) libcurl/8.0.1 OpenSSL/3.0.8 zlib/1.2.13 brotli/1.0.9 zstd/1.5.5 libidn2/2.3.4 libpsl/0.21.2 (+libidn2/2.3.4) libssh2/1.10.0 nghttp2/1.52.0
.
Which is pretty weird, because this container worked 24 hours ago without me changing absolutely nothing. I will dig further to see if this is related to curl or not 😕
we just made a new release ... https://github.com/curl/curl/issues/11129 may fix it .. we plan a patch release of curl and will also release container
I don't think this is the 11129 bug, because @roobre says it reproduces in 8.0.1 and it does not seem related to the URL...
I think I've been able to nail down the issue here. The p12 certificate in question uses RC2-40-CBC
, which is considered a legacy cipher by OpenSSL. Curl was fine using this cert before, but the new image refuses to do so. Not sure if it could be a change of the build environment or a code change in curl itself.
That being said, it would seem that RC2-40-CBC
is a poor choice for a cipher so probably curl is right refusing to load it.
I've just noticed that an upgrade from
8.00.1
to8.1.0
has caused a curl command to fail to load a p12 certificate. The error returned is not very verbose:The command triggering this is:
$CERT_PASS
contains the correct password for/roobre-k8s.p12
, and the same command works oncurlimages/curl:8.00.1
.I should be able to provide some more info if needed :)