SSL Error though added SSL_CERT_FILE variable in environment

[tl-madhulika-mitra]

The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested bundler: failed to load command: /pact/bin/pact (/pact/bin/pact) /usr/lib/ruby/2.7.0/net/protocol.rb:44:in connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (OpenSSL::SSL::SSLError) from /usr/lib/ruby/2.7.0/net/protocol.rb:44:in ssl_socket_connect' from /usr/lib/ruby/2.7.0/net/http.rb:1009:in connect' from /usr/lib/ruby/2.7.0/net/http.rb:943:in do_start' from /usr/lib/ruby/2.7.0/net/http.rb:932:in start' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/http_client.rb:79:in block in perform_request' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/http_client.rb:93:in until_truthy_or_max_times' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/http_client.rb:64:in perform_request' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/http_client.rb:25:in get' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/link.rb:41:in get' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/link.rb:45:in get!' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal_client_methods.rb:20:in index_resource' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/publish_pacts.rb:31:in call' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/publish_pacts.rb:14:in call' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/cli/broker.rb:157:in publish_pacts' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/cli/broker.rb:42:in publish' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/command.rb:27:in run' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/invocation.rb:127:in invoke_command' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor.rb:392:in dispatch' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/base.rb:485:in start' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/cli/custom_thor.rb:15:in start' from /pact/lib/pact/cli.rb:60:in publish' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/command.rb:27:in run' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/invocation.rb:127:in invoke_command' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor.rb:392:in dispatch' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/base.rb:485:in start' from /pact/bin/pact:15:in <top (required)>' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli/exec.rb:63:in load' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli/exec.rb:63:in kernel_load' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli/exec.rb:28:in run' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli.rb:474:in exec' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/vendor/thor/lib/thor/command.rb:27:in run' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in invoke_command' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/vendor/thor/lib/thor.rb:392:in dispatch' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli.rb:30:in dispatch' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/vendor/thor/lib/thor/base.rb:485:in start' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli.rb:24:in `start'

I used -https://github.com/pact-foundation/pact-js-core/issues/93#issuecomment-532863454 to fix my issue while doing contract testing with Pact flow. Used the property SetSslCaFilePath on the uri options.

But while trying to setup this project for Bidirectional test -https://github.com/pactflow/example-bi-directional-consumer-dotnet - make fake_ci, I am facing the error. So I setup the export SSL_CERT_FILE=path to bundle of my certificates files in my zshrc file, but I still face the error.

Please let me know if I have to do anything differently

[YOU54F]

Hi @tl-madhulika-mitra

Could you provide a bit more detail about the system used to run this test? I see the message

The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested

So assume this is an m1 macbook?

could you also confirm which step make fake_ci is failing on.

I've just ran this on an m1 mac now.

Which broker are you using? (OSS/Pactflow/On-prem?) that requires you to set an SSL_CERT_FILE

Test run for /Users/saf/dev/pactflow/bdc/example-bi-directional-consumer-dotnet/src/tests/bin/Debug/netcoreapp3.1/tests.dll(.NETCoreApp,Version=v3.1)
Microsoft (R) Test Execution Command Line Tool Version 16.7.1
Copyright (c) Microsoft Corporation.  All rights reserved.

Starting test execution, please wait...

A total of 1 test files matched the specified pattern.

Test Run Successful.
Total tests: 3
     Passed: 3
 Total time: 2.6677 Seconds

========== STAGE: publish pacts ==========

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Created pactflow-example-bi-directional-consumer-dotnet version ead8b72+1648494373 with tags consumer_improvements
  Next steps:
    Configure the version branch to be the value of your repository branch.
Pact successfully published for pactflow-example-bi-directional-consumer-dotnet version ead8b72+1648494373 and provider pactflow-example-bi-directional-provider-dotnet.
  View the published pact at https://you54f.pactflow.io/pacts/provider/pactflow-example-bi-directional-provider-dotnet/consumer/pactflow-example-bi-directional-consumer-dotnet/version/ead8b72%2B1648494373
  Events detected: contract_published, contract_content_changed (first time any pact published for this consumer with consumer version tagged consumer_improvements)
  Next steps:
    * Add Pact verification tests to the pactflow-example-bi-directional-provider-dotnet build. See https://docs.pact.io/go/provider_verification
    * Configure separate pactflow-example-bi-directional-provider-dotnet pact verification build and webhook to trigger it when the pact content changes. See https://docs.pact.io/go/webhooks

========== STAGE: can-i-deploy? ==========

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Computer says no ¯_(ツ)_/¯

CONSUMER                                        | C.VERSION          | PROVIDER                                        | P.VERSION | SUCCESS? | RESULT#
------------------------------------------------|--------------------|-------------------------------------------------|-----------|----------|--------
pactflow-example-bi-directional-consumer-dotnet | ead8b72+1648494373 | pactflow-example-bi-directional-provider-dotnet | ???       | ???      |

There is no verified pact between version ead8b72+1648494373 of pactflow-example-bi-directional-consumer-dotnet and the version of pactflow-example-bi-directional-provider-dotnet currently deployed to production (no such version exists)
make[1]: *** [can_i_deploy] Error 1
make: *** [fake_ci] Error 2

[YOU54F]

FYI, the publish pact step uses the pact-cli docker image.

instructions for connecting to a pact broker with a self signed cert in the pact-cli docker image in the link below

https://docs.pact.io/pact_broker/client_cli/readme#connecting-to-a-pact-broker-with-a-self-signed-certificate

[tl-madhulika-mitra]

Please let me know how I can specify the path for the SSL_CERT_FILE while setting up the docker env or while publishing the pact, like how we specify SetSslCaFilePath property.

[YOU54F]

I think if you see the base of the readme here

Using a custom certificate
docker run --rm \
 -v <PATH_TO_CERT_FILE_ON_HOST>:/tmp/cacert.pem \
 -e SSL_CERT_FILE=/tmp/cacert.pem \
 pactfoundation/pact-cli:latest ...
You can also set SSL_CERT_DIR and mount the directory instead of the file.

You mount your cert file as a volume, and then set the SSL_CERT_FILE env var to the temp pem file created inside the container.

The publishing on the provider side is just using a standard curl command so that might be picking up your key by default from your system env

[YOU54F]

You need to volume mount only your pem key and point the env bar to that. You are passing an path to a key that doesn’t exist in your container as you are only volume mounting your working directory

On Mon, 28 Mar 2022 at 22:32, tl-madhulika-mitra @.***> wrote:

Right - Standard curl command works, but with docker it fails :(

I tried again with all steps. Got the .pem chain of certificates again, just to be sure, and executed the below command, but no luck.

@.*** example-bi-directional-consumer-dotnet % docker run --rm -v ${PWD}:${PWD} -e PACT_BROKER_BASE_URL -e PACT_BROKER_TOKEN -e SSL_CERT_FILE=/Users/madhulika.mitra/Documents/truelayer-pactflow-io-chain.pem pactfoundation/pact-cli publish ${PWD}/tests/pacts --consumer-app-version ${GIT_COMMIT} --tag ${GIT_BRANCH}

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested bundler: failed to load command: /pact/bin/pact (/pact/bin/pact) /usr/lib/ruby/2.7.0/net/protocol.rb:44:in connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (OpenSSL::SSL::SSLError) from /usr/lib/ruby/2.7.0/net/protocol.rb:44:in ssl_socket_connect' from /usr/lib/ruby/2.7.0/net/http.rb:1009:in connect' from /usr/lib/ruby/2.7.0/net/http.rb:943:in do_start' from /usr/lib/ruby/2.7.0/net/http.rb:932:in start' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/http_client.rb:79:in block in perform_request' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/http_client.rb:93:in until_truthy_or_max_times' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/http_client.rb:64:in perform_request' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/http_client.rb:25:in get' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/link.rb:41:in get' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal/link.rb:45:in get!' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/hal_client_methods.rb:20:in index_resource' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/publish_pacts.rb:31:in call' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/publish_pacts.rb:14:in call' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/cli/broker.rb:157:in publish_pacts' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/cli/broker.rb:42:in publish' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/command.rb:27:in run' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/invocation.rb:127:in invoke_command' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor.rb:392:in dispatch' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/base.rb:485:in start' from /usr/lib/ruby/gems/2.7.0/gems/pact_broker-client-1.58.0/lib/pact_broker/client/cli/custom_thor.rb:15:in start' from /pact/lib/pact/cli.rb:60:in publish' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/command.rb:27:in run' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/invocation.rb:127:in invoke_command' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor.rb:392:in dispatch' from /usr/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/base.rb:485:in start' from /pact/bin/pact:15:in <top (required)>' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli/exec.rb:63:in load' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli/exec.rb:63:in kernel_load' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli/exec.rb:28:in run' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli.rb:474:in exec' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/vendor/thor/lib/thor/command.rb:27:in run' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in invoke_command' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/vendor/thor/lib/thor.rb:392:in dispatch' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli.rb:30:in dispatch' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/vendor/thor/lib/thor/base.rb:485:in start' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/cli.rb:24:in start' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/exe/bundle:49:in block in <top (required)>' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/lib/bundler/friendly_errors.rb:128:in with_friendly_errors' from /usr/lib/ruby/gems/2.7.0/gems/bundler-2.2.20/exe/bundle:37:in <top (required)>' from /usr/bin/bundle:25:in load' from /usr/bin/bundle:25:in '

I am feeling unlucky because I fixed the same thing with below but now in this project I am unable to . Is there a curl way of doing it rather than the docker, so I could proceed?

pactVerifier.ProviderState($"{_environment.PactServiceUri}/provider-states") .ServiceProvider("Provider", _environment.ProviderServiceUri) .PactBroker( PACT_BROKER_BASEURL, uriOptions: new PactUriOptions(PACT_BROKER_TOKEN) .SetSslCaFilePath(SSL_CERT_FILE)

— Reply to this email directly, view it on GitHub https://github.com/pactflow/example-bi-directional-consumer-dotnet/issues/6#issuecomment-1081173788, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEYCJ4MP55M5B2WZQXV2NYDVCIQNTANCNFSM5R3TB2ZA . You are receiving this because you were mentioned.Message ID: <pactflow/example-bi-directional-consumer-dotnet/issues/6/1081173788@ github.com>

[YOU54F]

something like

docker run --rm -v ${PWD}:${PWD} -e PACT_BROKER_BASE_URL -e PACT_BROKER_TOKEN \
 -v /Users/madhulika.mitra/Documents/truelayer-pactflow-io-chain.pem:/tmp/cacert.pem \
 -e SSL_CERT_FILE=/tmp/cacert.pem \
 pactfoundation/pact-cli publish ${PWD}/tests/pacts --consumer-app-version ${GIT_COMMIT} --tag ${GIT_BRANCH}

This volume mounts your key to /tmp/cacert.pem in the docker container

-v /Users/madhulika.mitra/Documents/truelayer-pactflow-io-chain.pem:/tmp/cacert.pem

This sets the env var, inside the container, to look for the pem cert in the path inside the docker container

-e SSL_CERT_FILE=/tmp/cacert.pem

Publishing is deprecated in pact-net see below, we recommend using the CLI.

https://github.com/pact-foundation/pact-net/blob/724015ebc94788b2ab5c2cb5f78e64b23eb6bb78/docs/upgrading-to-4.md#other-changes

[YOU54F]

Also as a note, you can use triple backticks to make your code output much easier to read

https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks#fenced-code-blocks

[tl-madhulika-mitra]

Thank you, this worked :) . Removed all the unessential logs. Closing the issue with 2 things to check

1. The provider link on this page takes us nowhere, looks like a hyperlink problem -https://github.com/pactflow/example-bi-directional-consumer-dotnet. Its referencing to https://github.com/pactflow/example-pactflow-example-provider-dredd but ideally should take us to the dotnet provider repo -https://github.com/pactflow/example-bi-directional-provider-dotnet

2.Also why do the consumer and provider versions change to ead8b72+1648494373 this? I was not able to find a reasoning on this

[YOU54F]

Have actioned point 1 thanks @tl-madhulika-mitra see this commit

2. we are just constructing a fake version number during our fake_ci process. Normally this would come from your git commit and build number. Some more information on versioning is available in our docs here