-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[cmd/telemetrygen] Changes to SSL behavior breaks case where you aren't providing a custom CA #31191
Labels
bug
Something isn't working
cmd/telemetrygen
telemetrygen command
needs triage
New item requiring triage
Comments
AlexDCraig
added
bug
Something isn't working
needs triage
New item requiring triage
labels
Feb 12, 2024
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
This was referenced Feb 14, 2024
This was referenced Feb 20, 2024
TylerHelmuth
pushed a commit
that referenced
this issue
Feb 21, 2024
…onment (#31250) **Description:** Adding TLS configuration to telemetrygen made it so that providing root CA information is mandatory. This is for the case when you are generating CAs and using them to sign certificates. In the case where the CA that signed the certificate is a known trusted CA, we shouldn't have to provide its CA certificate. This PR fixes this problem by allowing the code to pull its CA pool from the host environment when CAs are not explicitly supplied. **Link to tracking Issue:** [github.com//issues/31191](#31191) **Testing:** Generate metrics, logs, traces against http and grpc endpoints with legitimate certificates **Documentation:** <Describe the documentation added.>
This was referenced Feb 27, 2024
I believe this was fixed by #31250, but let me know if I'm incorrect. Thanks for fixing @AlexDCraig! |
XinRanZhAWS
pushed a commit
to XinRanZhAWS/opentelemetry-collector-contrib
that referenced
this issue
Mar 13, 2024
…onment (open-telemetry#31250) **Description:** Adding TLS configuration to telemetrygen made it so that providing root CA information is mandatory. This is for the case when you are generating CAs and using them to sign certificates. In the case where the CA that signed the certificate is a known trusted CA, we shouldn't have to provide its CA certificate. This PR fixes this problem by allowing the code to pull its CA pool from the host environment when CAs are not explicitly supplied. **Link to tracking Issue:** [github.com/open-telemetry/issues/31191](open-telemetry#31191) **Testing:** Generate metrics, logs, traces against http and grpc endpoints with legitimate certificates **Documentation:** <Describe the documentation added.>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Something isn't working
cmd/telemetrygen
telemetrygen command
needs triage
New item requiring triage
Component(s)
cmd/telemetrygen
What happened?
Description
Upgrading telemetrygen to latest breaks my use case for using telemetrygen. That is, I have grpc and http ingresses with legitimate TLS certificates issued to them and normal trusted CAs recognize them. SSL changes in recent telemetrygen versions have added the ability to provide a CA to verify certificates, but it has seemingly broken the case where the CA that validates the certificate is one that already exists on the host machine via a trusted roots folder. In a nutshell, it works now if you want to sign your own cert with your own CA, but if you have real certs signed by real CAs, it doesn't work like before.
Steps to Reproduce
telemetrygen metrics --otlp-endpoint [my-site]:443 --otlp-header 'Authorization="Bearer [my-token]"'
Expected Result
Actual Result
2024-02-12T15:35:09.323-0800 INFO grpc@v1.61.0/clientconn.go:1225 [core][Channel #1 SubChannel #2] Subchannel Connectivity change to TRANSIENT_FAILURE, last error: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" {"system": "grpc", "grpc_log": true}
Workaround
OR
Collector version
0.83.0
Environment information
Environment
OS: (e.g., "Ubuntu 20.04")
Compiler(if manually compiled): (e.g., "go 14.2")
OpenTelemetry Collector configuration
No response
Log output
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: