x509: failed to load system roots and no roots provided
xoxys opened this issue · comments
Hi,
to create a release on a gitea instance with custom certificates i have to use insecure: true
to get it working. Why is the global env variable DRONE_VOLUME=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:/etc/ssl/certs/ca-certificates.crt
not respected?
Default plugin/git works without adding insecure...
The standard go http client ignores ca certificates of the system. It could be an option to integrate github.com/jackspirou/syscerts into this plugin.
Looks outdated but seems to be a solution in general
It haven't been updated for a while, but still works pretty good.
What about this? https://golang.org/src/crypto/x509/root_linux.go seems to be a buildin functionality
I am also wondering because i get an error from x509 because not root found
The client is not configured with any root certs.
And the mentioned lib at least got some windows support which is important for the drone on Windows preparation.
The client is not configured with any root certs.
Right, but for my understanding all plugins should support the global DRONE_VOLUME variables to passthrough a tls chain
Right, but for my understanding all plugins should support the global DRONE_VOLUME variables to passthrough a tls chain
Why? That's not defined anywhere. Beside that, DRONE_VOLUMES can mount anything, not only certs.
You are right there is no definition for a standard way to handle self signed vertificates in drone and over the whol pipeline. But there should be a global method... because for now it is a mess if you use self signed certificates. You dont think so?
From what i am reading here https://discourse.drone.io/t/0-8-git-self-signed-problem/974 it sound like "you can do it that way and it works" and not like "maybe it works maybe not, who knows"
The plugin got to support custom root certificates. If it doesn't support it feel free to contribute it.
By gitea instance also uses a custom root certificate and it works fine.
works