+++ This bug was initially created as a clone of Bug #1731550 +++ Description of problem: We compiled buildah with fips mode enabled to run smoke tests. However, one of the tests that tries to reach a registry using TLS failed. Logs: ---- DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/registry.fedoraproject.org DEBU[0000] GET https://registry.fedoraproject.org/v2/ DEBU[0000] Ping https://registry.fedoraproject.org/v2/ err Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage (&url.Error{Op:"Get", URL:"https://registry.fedoraproject.org/v2/", Err:x509.CertificateInvalidError{Cert:(*x509.Certificate)(0xc0000e2680), Reason:4, Detail:""}}) DEBU[0000] GET https://registry.fedoraproject.org/v1/_ping DEBU[0000] Ping https://registry.fedoraproject.org/v1/_ping err Get https://registry.fedoraproject.org/v1/_ping: x509: certificate specifies an incompatible key usage (&url.Error{Op:"Get", URL:"https://registry.fedoraproject.org/v1/_ping", Err:x509.CertificateInvalidError{Cert:(*x509.Certificate)(0xc0009d8000), Reason:4, Detail:""}}) DEBU[0000] error copying src image ["docker://registry.fedoraproject.org/fedora:latest"] to dest image ["registry.fedoraproject.org/fedora:latest"] err: Error initializing source docker://registry.fedoraproject.org/fedora:latest: pinging docker registry returned: Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage DEBU[0000] error pulling image "docker://registry.fedoraproject.org/fedora:latest": Error initializing source docker://registry.fedoraproject.org/fedora:latest: pinging docker registry returned: Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage DEBU[0000] unable to pull and read image "registry.fedoraproject.org/fedora": Error initializing source docker://registry.fedoraproject.org/fedora:latest: pinging docker registry returned: Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage Error initializing source docker://registry.fedoraproject.org/fedora:latest: pinging docker registry returned: Get https://registry.fedoraproject.org/v2/: x509: certificate specifies an incompatible key usage --- We tried to restrict the TLS version to max of 1.2 but that didn't help with the test either. Version-Release number of selected component (if applicable): golang-1.12.6-1.module+el8.1.0+3387+928f3647.x86_64 How reproducible: Always Steps to Reproduce: 1. compile buildah with fips mode golang compiler 2. run buildah tests from the repo --- Additional comment from Seth Jennings on 2019-07-19 20:52:16 UTC ---
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:4179