failed to parse certificate from server: asn1: syntax error: sequence truncated
Description
I try to setup gitlab-ci-multi-runner. It's backed by gitlab (8.0.4). Gitlab runs as docker container. It has SSL enabled. The server certificate is issued by an internal sub-ca.
Root-CA
Sub-CA
Sub-CA
Sub-CA
Server-CRTAccessing gitlab using a browser works fine. No certificate warning on Linux and Windows. I checked the whole thing with curl and openssl s_client. All output looks good.
I searched a bit on google. It seems like go has some problems with parsing certificate chains. I've the same problem with docker as well.
I use my own dind-image to run the runner. You can find the Dockerfile here.
Reproduce the issue
Certificates
- Create Root CA
- Create Intermediate CA 1
- Create Intermediate CA 2
- Create Server certificate
- Append 1., 2., 3. to 4.
To manage such a "complex" CA you can use http://sourceforge.net/projects/xca/. That's a software for setting up CAs for testing etc. It comes with a graphical frontend thought it requires some knowledge about certificates etc.
Setup gitlab-runner
# create working directory
mkdir -p issue_xxx
cd issue_xxx
# create sub directories
mkdir -p certs config
cp <path>/root-ca.pem certs/
# pull image
docker pull feduxorg/centos-gitlab-ci-runner
# run image
docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /var/log/journal:/var/log/journal feduxorg/centos-gitlab-ci-runner -v $(pwd)/tmp/config:/etc/gitlab-runner/