oxidized icon indicating copy to clipboard operation
oxidized copied to clipboard

Published 20 hours ago verified publisher icon ytti

hook push to repo failes for SSL certificate error

Open vishnubraj opened this issue 5 years ago • 8 comments

I am using a self signed certificate in my remote gitlab repo i am getting the below error. Please check.

Jun 27 06:58:39 oxidized oxidized[27774]: Configuration updated for /core3.ams1.asn.net
Jun 27 06:58:39 oxidized oxidized[27774]: GithubRepo: Pushing local repository(/opt/oxidized/output/oxidized.git/)...
Jun 27 06:58:39 oxidized oxidized[27774]: GithubRepo: to remote: https://XXXX/netops/oxidized-ams2.git
Jun 27 06:58:40 oxidized oxidized[27774]: Hook push_to_remote (#<GithubRepo:0x000000000118f7a8>) failed (#<Rugged::SslError: the SSL certificate is invalid>) for event :post_store

vishnubraj avatar Jun 27 '19 09:06 vishnubraj

Can someone help me with this??

vishnubraj avatar Jun 28 '19 07:06 vishnubraj

This is not currently supported by oxidized, there are no facilities to ignore the outcome of the SSL certificate validation check in the context of the githubrepo hook.

This is supported upstream by rugged, but requires additional implementation in the githubrepo hook code. PR welcome.

wk avatar Jun 28 '19 18:06 wk

There is any way to disable SSL verification with Oxidized?

oijkn avatar Apr 02 '21 20:04 oijkn

Hello @oijkn have you found the way to bypass SSL?

mmihir82 avatar Jun 01 '21 17:06 mmihir82

@mmihir82 no sorry and I want to use http proxy https://github.com/ytti/oxidized/issues/2284 but and it seems that it is not possible or the option does not exist.

oijkn avatar Jun 01 '21 17:06 oijkn

hey @oijkn thanks for responding.. here is my issue: #2312 for some reason i can't communite with libreNMS as it is running as https. do you know the workaround for that?

mmihir82 avatar Jun 01 '21 17:06 mmihir82

Having the same issue. Was there ever any resolution found?

ognalysis avatar May 10 '22 20:05 ognalysis

For anyone who stumbles across this: (for me) Oxidized didn't like my TLS cert had a different primary name, despite the name being correctly listed in the SAN. I changed the git repo remote url to use SSH instead and it started working. You can change the git config file in the repo to sue the SSH url. ([email protected]:username/reponame.git)

ognalysis avatar May 11 '22 14:05 ognalysis

If you really examine this error, this is a certificate problem. Trying to bypass the verification really isn't the right way to go. I was able to get this working because I noticed my certificate didn't have the full chain in the pem file. I'm using a wildcard cert in a docker environment, so once I changed the cert to the full bundle (should be 3 sections in the pem file) it worked. You can test this by running this against your server: openssl s_client -connect servername.domain.com:port If it the connection closes with a "Verify return code: 21 (unable to verify the first certificate)." Its your cert. Check your bundle. You either have a bad cert in there or you may not have the full chain. Once you fix it, you will know because that code will return the Verification: OK after the SSL handshake. This link can help explain it further.

ghoppes avatar Feb 09 '23 14:02 ghoppes