-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.5
-
Moderate
-
All
-
Release Note Not Required
-
Description of problem:
Cannot login to an OCP 4.x OCP cluster (reproduced on 4.2.x & 4.3.x) with --insecure-skip-tls-verify=true from MacOS with keychain containing more than 250 certificates with trust policies
Version-Release number of selected component (if applicable):
oc Client Version 4.5.2 or above
How reproducible:
Steps to Reproduce:
1.Load around 250 certificates with Trust Policy in your MacOS keychain
2.oc login -u kubeadmin -p <mypwd> api.myocp.mydomain.local:6443 --insecure-skip-tls-verify=true
Actual results:
Login fails with error message: "error: net/http: TLS handshake timeout"
Expected results:
Login should succeed. As the user has explicitly asked for server certificates not to be checked by using the option: '--insecure-skip-tls-verify=true', the error above which is coming from an attempt to verify server certificate should not occur.
Additional info:
- See the following url for an analysis of this bug (part1 of the issue) https://github.com/openshift/oc/issues/496
- See the following url for a proposed PR to fix this bug: https://github.com/openshift/oc/pull/514