teleport
teleport copied to clipboard
Published
20 hours ago •
gravitational
gravitational
`--insecure` mode not being respected
Expected behavior:
I have a proxy service configured like
proxy_service:
enabled: "yes"
web_listen_addr: 0.0.0.0:3080
public_addr: proxy.127.0.0.1.nip.io:3080
https_keypairs:
- key_file: /Users/ibeckermayer/teleport-config/proxy.127.0.0.1.nip.io+4-key.pem
cert_file: /Users/ibeckermayer/teleport-config/proxy.127.0.0.1.nip.io+4.pem
where /Users/ibeckermayer/teleport-config/proxy.127.0.0.1.nip.io+4.pem is not trusted by my system keychain.
I would expect that adding the --insecure flag to teleport start --insecure would make this lack of trust irrelevant based on the documentation for that flag
"Insecure mode disables certificate validation"
Current behavior:
Instead, despite include --insecure, I still end up with a crash on startup:
Crash logs
ERROR REPORT:
Original Error: *trace.BadParameterError unable to verify HTTPS certificate chain in :
ERROR REPORT:
Original Error: *errors.errorString x509: “[email protected] (Isaiah Becker-Mayer)” certificate is not trusted
Stack Trace:
github.com/gravitational/teleport/lib/utils/certs.go:193 github.com/gravitational/teleport/lib/utils.VerifyCertificateChain
github.com/gravitational/teleport/lib/config/configuration.go:1201 github.com/gravitational/teleport/lib/config.applyProxyConfig
github.com/gravitational/teleport/lib/config/configuration.go:535 github.com/gravitational/teleport/lib/config.ApplyFileConfig
github.com/gravitational/teleport/lib/config/configuration.go:2393 github.com/gravitational/teleport/lib/config.Configure
github.com/gravitational/teleport/tool/teleport/common/teleport.go:548 github.com/gravitational/teleport/tool/teleport/common.Run
github.com/gravitational/teleport/tool/teleport/main.go:33 main.main
runtime/proc.go:271 runtime.main
runtime/asm_arm64.s:1222 runtime.goexit
User Message: x509: “[email protected] (Isaiah Becker-Mayer)” certificate is not trusted
Stack Trace:
github.com/gravitational/teleport/lib/config/configuration.go:1202 github.com/gravitational/teleport/lib/config.applyProxyConfig
github.com/gravitational/teleport/lib/config/configuration.go:535 github.com/gravitational/teleport/lib/config.ApplyFileConfig
github.com/gravitational/teleport/lib/config/configuration.go:2393 github.com/gravitational/teleport/lib/config.Configure
github.com/gravitational/teleport/tool/teleport/common/teleport.go:548 github.com/gravitational/teleport/tool/teleport/common.Run
github.com/gravitational/teleport/tool/teleport/main.go:33 main.main
runtime/proc.go:271 runtime.main
runtime/asm_arm64.s:1222 runtime.goexit
User Message: unable to verify HTTPS certificate chain in :
ERROR REPORT:
Original Error: *errors.errorString x509: “[email protected] (Isaiah Becker-Mayer)” certificate is not trusted
Stack Trace:
github.com/gravitational/teleport/lib/utils/certs.go:193 github.com/gravitational/teleport/lib/utils.VerifyCertificateChain
github.com/gravitational/teleport/lib/config/configuration.go:1201 github.com/gravitational/teleport/lib/config.applyProxyConfig
github.com/gravitational/teleport/lib/config/configuration.go:535 github.com/gravitational/teleport/lib/config.ApplyFileConfig
github.com/gravitational/teleport/lib/config/configuration.go:2393 github.com/gravitational/teleport/lib/config.Configure
github.com/gravitational/teleport/tool/teleport/common/teleport.go:548 github.com/gravitational/teleport/tool/teleport/common.Run
github.com/gravitational/teleport/tool/teleport/main.go:33 main.main
runtime/proc.go:271 runtime.main
runtime/asm_arm64.s:1222 runtime.goexit
User Message: x509: “[email protected] (Isaiah Becker-Mayer)” certificate is not trusted
Instructing my keychain to trust this certificate fixes this.
Bug details:
- Teleport version:
Teleport v16.0.0-dev git:api/v13.4.16-48-ga33d88e649 go1.22.0
