wget reset https connection when tls response server hello
mYu4N opened this issue · comments
Background:
- Using busybox as init containers with commands as below, the wget failed.
args:
wget -O /agent-dir/agent.zip https://infc.oss-cn-haal..com/agent/adm****ent/agent-2.7.0.zip
errorlog ex:
wget https://www.baidu.com
Connecting to www.baidu.com (180.97.34.96:443)
wget: note: TLS certificate validation not implemented
wget: error getting response: Connection reset by peer
Env:
- busybox image version :latest (2023.1.10 1.36.0)
wget -v
wget: invalid option -- 'v'
BusyBox v1.36.0 (2023-01-03 22:42:57 UTC) multi-call binary.
Issue :
- in the scenario of https communitation, the wget client sends "finack" and closes the connection before a "server hello" arrives. Refer to the tcpdump traces
as below
Workaround:
- Replace image version to 1.34.0, it works
like this issue:
wurstmeister/kafka-docker#487
i hope busybox fix it
kstack:
[2023-01-10 17:34:26.893488 ] [4026532314] b'nil' 000000000000 T_ACK,RST:10.246.0.198:60674->59.110.185.4:443 ffff974ef8a31400.0:b'ip_output'
b'ip_output+0x1'
b'__ip_queue_xmit+0x196'
b'__tcp_transmit_skb+0x89b'
b'tcp_send_active_reset+0xf5'
b'tcp_close+0x13d'
b'inet_release+0x42'
b'__sock_release+0x3d'
b'sock_close+0x11'
b'__fput+0x96'
b'task_work_run+0x5c'
b'do_exit+0x228'
b'do_group_exit+0x33'
b'get_signal+0x152'
b'arch_do_signal+0x2a'
b'exit_to_user_mode_loop+0x8d'
b'exit_to_user_mode_prepare+0x6e'
b'irqentry_exit_to_user_mode+0x5'
b'asm_exc_invalid_op+0x12'
resvq Accumulation,so,when close socket send reset
1.36.0 busybox ca-cert is wrong
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 1 10.246.0.201:53942 180.97.34.96:443 SYN_SENT 3502234/wget
tcp 0 110 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED -
tcp 0 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget