Support ldap issuer for certificate validation
Summary
In the logs, i can see these errors:
Nov 17 13:04:14 centos-ci-01 gitlab-runner[11885]: #033[0;33mWARNING: Remote certificate fetching error #033[0;m #033[0;33mIssuer#033[0;m=SNPSOfflineCA #033[0;33mIssuerCertURL#033[0;m=[ldap:///CN=SNPSOfflineCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=synopsysforest,DC=com?cACertificate?base?objectClass=certificationAuthority http://us02crl.internal.synopsys.com/CertEnroll/US02VWOFFLINECA_SNPSOfflineCA(1).crt] #033[0;33mSerial#033[0;m=1516450673627773186772196114473348305677975576 #033[0;33mSubject#033[0;m=SNPSica2 #033[0;33mcontext#033[0;m=certificate-chain-build #033[0;33merror#033[0;m=Get ldap:///CN=SNPSOfflineCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=synopsysforest,DC=com?cACertificate?base?objectClass=certificationAuthority: unsupported protocol scheme "ldap" #033[0;33missuerURL#033[0;m=ldap:///CN=SNPSOfflineCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=synopsysforest,DC=com?cACertificate?base?objectClass=certificationAuthority #033[0;33mmethod#033[0;m=fetchIssuerCertificate
Nov 17 13:04:14 centos-ci-01 gitlab-runner: Checking for jobs... received #033[0;m job#033[0;m=78383 repo_url#033[0;m=https://seeker-git/seeker/inline-java.git runner#033[0;m=x9h8pBcs
Nov 17 13:04:14 centos-ci-01 gitlab-runner: #033[0;33mWARNING: Remote certificate fetching error #033[0;m #033[0;33mIssuer#033[0;m=SNPSOfflineCA #033[0;33mIssuerCertURL#033[0;m=[ldap:///CN=SNPSOfflineCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=synopsysforest,DC=com?cACertificate?base?objectClass=certificationAuthority http://us02crl.internal.synopsys.com/CertEnroll/US02VWOFFLINECA_SNPSOfflineCA(1).crt] #033[0;33mSerial#033[0;m=1516450673627773186772196114473348305677975576 #033[0;33mSubject#033[0;m=SNPSica2 #033[0;33mcontext#033[0;m=certificate-chain-build #033[0;33merror#033[0;m=Get ldap:///CN=SNPSOfflineCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=synopsysforest,DC=com?cACertificate?base?objectClass=certificationAuthority: unsupported protocol scheme "ldap" #033[0;33missuerURL#033[0;m=ldap:///CN=SNPSOfflineCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=synopsysforest,DC=com?cACertificate?base?objectClass=certificationAuthority #033[0;33mmethod#033[0;m=fetchIssuerCertificate
Nov 17 13:04:14 centos-ci-01 gitlab-runner: #033[31;1mERROR: Error on fetching TLS Data from API response... error#033[0;m #033[31;1merror#033[0;m=couldn't build CA Chain: error while fetching certificates from TLS ConnectionState: error while fetching certificates into the CA Chain: couldn't resolve certificates chain from the leaf certificate: error while resolving certificates chain with URL: error while fetching issuer certificate: remote fetch failure: Get ldap:///CN=SNPSOfflineCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=synopsysforest,DC=com?cACertificate?base?objectClass=certificationAuthority: unsupported protocol scheme "ldap" #033[31;1mrunner#033[0;m=x9h8pBcs
Nov 17 13:04:14 centos-ci-01 gitlab-runner[11885]: #033[31;1mERROR: Error on fetching TLS Data from API response... error#033[0;m #033[31;1merror#033[0;m=couldn't build CA Chain: error while fetching certificates from TLS ConnectionState: error while fetching certificates into the CA Chain: couldn't resolve certificates chain from the leaf certificate: error while resolving certificates chain with URL: error while fetching issuer certificate: remote fetch failure: Get ldap:///CN=SNPSOfflineCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=synopsysforest,DC=com?cACertificate?base?objectClass=certificationAuthority: unsupported protocol scheme "ldap" #033[31;1mrunner#033[0;m=x9h8pBcs
Nov 17 13:05:46 centos-ci-01 gitlab-runner[11885]: #033[0;33mWARNING: Job failed: exit code 1 #033[0;m #033[0;33mduration#033[0;m=1m31.87319022s #033[0;33mjob#033[0;m=78383 #033[0;33mproject#033[0;m=111 #033[0;33mrunner#033[0;m=x9h8pBcs
Nov 17 13:05:46 centos-ci-01 gitlab-runner: #033[0;33mWARNING: Job failed: exit code 1 #033[0;m #033[0;33mduration#033[0;m=1m31.87319022s #033[0;33mjob#033[0;m=78383 #033[0;33mproject#033[0;m=111 #033[0;33mrunner#033[0;m=x9h8pBcs
Nov 17 13:05:46 centos-ci-01 gitlab-runner[11885]: #033[0;33mWARNING: Failed to process runner #033[0;m #033[0;33mbuilds#033[0;m=0 #033[0;33merror#033[0;m=exit code 1 #033[0;33mexecutor#033[0;m=docker #033[0;33mrunner#033[0;m=x9h8pBcs
Nov 17 13:05:46 centos-ci-01 gitlab-runner: #033[0;33mWARNING: Failed to process runner #033[0;m #033[0;33mbuilds#033[0;m=0 #033[0;33merror#033[0;m=exit code 1 #033[0;33mexecutor#033[0;m=docker #033[0;33mrunner#033[0;m=x9h8pBcs
Seems that the root cause is this error:
unsupported protocol scheme "ldap"
Reverting back to 12.3.0 resolve the issue.
Note: seeker-git is a self hosted gitlab instance.
Proposal
{placeholder for proposal to address this issue}
Edited by Darren Eastman