Bug#1082683: kxd: FTBFS: certificate is valid for *, not localhost

Thu, 03 Oct 2024 00:57:19 -0700 

On Tue, Sep 24, 2024 at 07:41:26PM +0200, Santiago Vila wrote:

ERROR: test_simple (__main__.Hook.test_simple)
----------------------------------------------------------------------
Traceback (most recent call last):
 File "/<<PKGBUILDDIR>>/tests/run_tests", line 474, in test_simple
   key = self.client.call(self.server.cert_path(), "kxd://localhost/k1")
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 File "/<<PKGBUILDDIR>>/tests/run_tests", line 147, in call
   return subprocess.check_output(args, stderr=subprocess.STDOUT)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 File "/usr/lib/python3.12/subprocess.py", line 466, in check_output
   return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 File "/usr/lib/python3.12/subprocess.py", line 571, in run
   raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/<<PKGBUILDDIR>>/out/kxc', 
'--client_cert=/tmp/kxdtest-z47iukqz/config-client-akj_kldr/cert.pem', 
'--client_key=/tmp/kxdtest-z47iukqz/config-client-akj_kldr/key.pem', 
'--server_cert=/tmp/kxdtest-z47iukqz/config-server-r534ciix/cert.pem', 
'kxd://localhost/k1']' returned non-zero exit status 1.

Stdout:
Launching server:  /<<PKGBUILDDIR>>/out/kxd 
--data_dir=/tmp/kxdtest-z47iukqz/config-server-r534ciix/data 
--key=/tmp/kxdtest-z47iukqz/config-server-r534ciix/key.pem 
--cert=/tmp/kxdtest-z47iukqz/config-server-r534ciix/cert.pem 
--logfile=/tmp/kxdtest-z47iukqz/config-server-r534ciix/log 
--hook=/tmp/kxdtest-z47iukqz/config-server-r534ciix/hook
Running client: /<<PKGBUILDDIR>>/out/kxc 
--client_cert=/tmp/kxdtest-z47iukqz/config-client-akj_kldr/cert.pem 
--client_key=/tmp/kxdtest-z47iukqz/config-client-akj_kldr/key.pem 
--server_cert=/tmp/kxdtest-z47iukqz/config-server-r534ciix/cert.pem kxd://localhost/k1
Client call failed, output: b'2024/09/24 13:16:41 Failed to get key: Get 
"https://localhost:19840/v1/k1": tls: failed to verify certificate: x509: 
certificate is valid for *, not localhost\n'


This is a known issue caused by a behaviour change in Go 1.23 TLS library.
It's already fixed upstream (https://blitiri.com.ar/git/r/kxd/c/ff4f9eb720248191bdd3e08d852ee2b29183f0d3/) and there's a new release with the fix.
I will update the Debian package accordingly (hopefully around this weekend), which should fix this issue. 

Thanks,
                Alberto

Reply via email to