+++ This bug was initially created as a clone of Bug #1731550 +++
Description of problem:
We compiled buildah with fips mode enabled to run smoke tests.
However, one of the tests that tries to reach a registry using TLS failed.
Logs:
----
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/registry.fedoraproject.org
DEBU[0000] GET https://registry.fedoraproject.org/v2/
DEBU[0000] Ping https://registry.fedoraproject.org/v2/ err Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage (&url.Error{Op:"Get", URL:"https://registry.fedoraproject.org/v2/", Err:x509.CertificateInvalidError{Cert:(*x509.Certificate)(0xc0000e2680), Reason:4, Detail:""}})
DEBU[0000] GET https://registry.fedoraproject.org/v1/_ping
DEBU[0000] Ping https://registry.fedoraproject.org/v1/_ping err Get https://registry.fedoraproject.org/v1/_ping: x509: certificate specifies an incompatible key usage (&url.Error{Op:"Get", URL:"https://registry.fedoraproject.org/v1/_ping", Err:x509.CertificateInvalidError{Cert:(*x509.Certificate)(0xc0009d8000), Reason:4, Detail:""}})
DEBU[0000] error copying src image ["docker://registry.fedoraproject.org/fedora:latest"] to dest image ["registry.fedoraproject.org/fedora:latest"] err: Error initializing source docker://registry.fedoraproject.org/fedora:latest: pinging docker registry returned: Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage
DEBU[0000] error pulling image "docker://registry.fedoraproject.org/fedora:latest": Error initializing source docker://registry.fedoraproject.org/fedora:latest: pinging docker registry returned: Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage
DEBU[0000] unable to pull and read image "registry.fedoraproject.org/fedora": Error initializing source docker://registry.fedoraproject.org/fedora:latest: pinging docker registry returned: Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage
Error initializing source docker://registry.fedoraproject.org/fedora:latest: pinging docker registry returned: Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage
---
We tried to restrict the TLS version to max of 1.2 but that didn't help with the test either.
Version-Release number of selected component (if applicable):
golang-1.12.6-1.module+el8.1.0+3387+928f3647.x86_64
How reproducible:
Always
Steps to Reproduce:
1. compile buildah with fips mode golang compiler
2. run buildah tests from the repo
--- Additional comment from Seth Jennings on 2019-07-19 20:52:16 UTC ---
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2019:4179