Skip to content
Snippets Groups Projects
New issue look: Off

Skip tls verification on ci runners on Windows

    • Open Issue created by username-removed-1254532 @kiwidoggie31

    Enable skipping verification on registering ci runners

    Currently I am using a LetsEncrypt certificate for my proxy, and locally it sees that the certificate is invalid due to it being a local IP address 10.0.1.x. There is no current way to ignore the error on the certificate to allow registration without cracking the program... There should be a way to do this. I've seen https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/configuration/advanced-configuration.md but if you pass "...runner.exe register -skip-tls-verify" the runner just crashes with spitout all over the screen. I am on Windows, and even if I were to install the certificate it would not solve my problem due to it not being registered to the local IP.

    Proposal

    Links to related issues and merge requests / references

    https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/issues/1754

    Designs

      Child items ...

      2. Activity

      • username-removed-1193975
        username-removed-1193975 @PhilippHeuer ·

        It's tls-skip-verify not skip-tls-verify.

        But i have the same issue regardless of the name.

        Look at this: https://gitlab.com/search?utf8=%E2%9C%93&search=tls-skip-verify&group_id=&project_id=250833&search_code=true&repository_ref=master

        The only occurrence of tls-skip-verify is in the documentation file, did this even get implemented/merged?

        If you try to define other options that don't exist like --tls-random-option you get the same exception as when you try tls-skip-verify.

        panic: reflect: call of reflect.Value.Type on zero Value [recovered]
        panic: reflect: call of reflect.Value.Type on zero Value

goroutine 1 [running]:
panic(0x144c320, 0xc420369400)
        /usr/local/go/src/runtime/panic.go:500 +0x1a1
main.main.func1()
        /go/src/gitlab.com/gitlab-org/gitlab-ci-multi-runner/main.go:32 +0x7f
panic(0x144c320, 0xc420369400)
        /usr/local/go/src/runtime/panic.go:458 +0x243
reflect.Value.Type(0x0, 0x0, 0x0, 0xc4203e2040, 0x14ede02)
...

        Using gitlab/gitlab-runner:alpine-v9.0.2 on a Linux host.

        Edited by username-removed-1193975
      • username-removed-1193975 mentioned in issue #2350 (closed)

        mentioned in issue #2350 (closed)

      • Tomasz Maczukin
        Tomasz Maczukin @tmaczukin ·
        Maintainer

        Problem of Runner raising panic on invalid options is known - #1904. It'll be resolved when we upgrade used CLI library.

        As for the problem of missing tls-skip-verify option. It was implemented long time ago and then removed more than year ago - f1300da541c3e2c6a9fb0c6fd9736d8788f23985. This documentation entry is a leftover that was missed during cleanup.

      • username-removed-1254532
        username-removed-1254532 @kiwidoggie31 ·
        Author

        Would it be possible to add it back in, with a clear warning or something. I don't see that removing functionality because the developer sees it as unsafe as useful for those with special configurations, I've seen quite a few people with my current issue and this pretty much gimps GitLab-CI from being used all together without recompiling, or removing the checks with a disassembler.

      • username-removed-1193975
        username-removed-1193975 @PhilippHeuer ·

        It's not that much of a problem, if you use it in a local network you can enable access to gitlab using http and https.

        Now you can enter http://GITLAB/ci as server and it will work great.

      • username-removed-73365
        username-removed-73365 @jlevin ·

        tls-skip-verify has now been removed from the documentation. See !590 (merged).

      Please register or sign in to reply