TLS cert verification failing for git LFS starting in runner 11.7
Summary
Recently upgraded gitlab-runner from 10.8 to 11.7 - our self-signed certs are being recognized for the purpose of git cloning and connecting to rest interfaces via curl, but git lfs
operations are now failing due to TLS errors.
Steps to reproduce
- Stand up Gitlab and object storage using self-signed certificates
- Install gitlab-runner via helm chart pointing to self-signed cert
- Trigger pipeline of a project that uses git lfs
Actual behavior
Observe the following error:
Cloning repository...
Cloning into '/xxx/yyy'...
Checking out 87b0704a as 5-yyy...
Downloading data/data.xyz (128 KB)
Error downloading object: data/data.xyz (e522b3a): Smudge error: Error downloading data/data.xyz (fdsajfkdsa): LFS: Get https://obj-store:8443/obj-dir/ff/11/...: x509: certificate signed by unknown authority
Errors logged to /user/yyy/.git/lfs/logs/output.log
Expected behavior
Prior versions of the runner download the lfs objects with no error
Relevant logs and/or screenshots
Error pasted above
Environment description
Custom installation, using Gitlab 11.7
Used GitLab Runner version
bash-4.4$ gitlab-runner --version
Version: 11.7.0
Git revision: 8bb608ff
Git branch: 11-7-stable
GO version: go1.8.7
Built: 2019-01-22T11:24:14+0000
OS/Arch: linux/amd64