Skip to content

failed to parse certificate from server: asn1: syntax error: sequence truncated

Description

I try to setup gitlab-ci-multi-runner. It's backed by gitlab (8.0.4). Gitlab runs as docker container. It has SSL enabled. The server certificate is issued by an internal sub-ca.

Root-CA
  Sub-CA
     Sub-CA
       Sub-CA
         Server-CRT

Accessing gitlab using a browser works fine. No certificate warning on Linux and Windows. I checked the whole thing with curl and openssl s_client. All output looks good.

I searched a bit on google. It seems like go has some problems with parsing certificate chains. I've the same problem with docker as well.

I use my own dind-image to run the runner. You can find the Dockerfile here.

Reproduce the issue

Certificates

  1. Create Root CA
  2. Create Intermediate CA 1
  3. Create Intermediate CA 2
  4. Create Server certificate
  5. Append 1., 2., 3. to 4.

To manage such a "complex" CA you can use http://sourceforge.net/projects/xca/. That's a software for setting up CAs for testing etc. It comes with a graphical frontend thought it requires some knowledge about certificates etc.

Setup gitlab-runner

# create working directory
mkdir -p issue_xxx
cd issue_xxx

# create sub directories
mkdir -p certs config
cp <path>/root-ca.pem certs/

# pull image
docker pull feduxorg/centos-gitlab-ci-runner

# run image
docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /var/log/journal:/var/log/journal feduxorg/centos-gitlab-ci-runner -v $(pwd)/tmp/config:/etc/gitlab-runner/