Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: plugin 'vault' failed: could not generate token for '*': hyper error: An error in the OpenSSL library: certificate verify failed #11

Open
emk opened this issue Oct 6, 2016 · 0 comments
Open

Error: plugin 'vault' failed: could not generate token for '*': hyper error: An error in the OpenSSL library: certificate verify failed #11

emk opened this issue Oct 6, 2016 · 0 comments
Labels
bug

Comments

@emk
Copy link
Contributor

emk commented Oct 6, 2016
edited
Loading

This only affects the binary distributions. It looks like our statically linked OpenSSL is still looking for certain cert-related files in musl directories.

strace -Ff -tt cage --override="staging" export export 2>&1 | tee cage.log
18:29:46.176436 stat("/usr/local/musl/ssl/certs/157753a5.0", 0x7fffcc0c1490) = -1 ENOENT (No such file or directory)
18:29:46.176560 stat("/usr/local/musl/ssl/certs/d6325660.0", 0x7fffcc0c1490) = -1 ENOENT (No such file or directory)
18:29:46.176826 stat("/usr/local/musl/ssl/certs/8d28ae65.0", 0x7fffcc0c1490) = -1 ENOENT (No such file or directory)

There's an easy workaround:

mkdir /usr/local/musl
ln -s /etc/ssl /usr/local/musl/ssl

The real fix will require a look at https://github.com/emk/rust-musl-builder to figure out what's going wrong.

There may be similar issues with Mac binaries. Again, this only affects the vault plugin.
@emk emk changed the title Error: plugin 'vault'could not generate token for '*': hyper error: An error in the OpenSSL library: certificate verify failed Error: plugin 'vault' failed: could not generate token for '*': hyper error: An error in the OpenSSL library: certificate verify failed Oct 6, 2016
@emk emk added the bug label Oct 6, 2016
emk added a commit that referenced this issue Oct 22, 2016
@emk
Allow building w/o OpenSSL (and thus w/o Vault) (#11, #38)
a98ea45 
@dudymas is trying to port `cage` to run under Windows, and he _might_
have found a way to finess the pathname issues by building using either
Cygwin or MinGW, which use Unix-style paths.  But getting OpenSSL to
build is a continual nuissance.

On top of that, OpenSSL is broken in our official Mac binary builds, and
must be re-enabled by building from source.

So this patch allows turning off our Vault support at compile time,
which in turn gets rid of our OpenSSL dependency.  Which in turn makes a
Windows port less stressful, and will allow us to build Mac binaries
that actually disable features that won't work.
emk added a commit that referenced this issue Oct 22, 2016
@emk
travis: Try to build Mac binaries without OpenSSL (#11)
19b1df8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@emk