Fix IP address connections #232
Merged
+17
−279
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
madeline-shao-db
force-pushed
the
fix-kind
branch
from
dfdd32d to
2a5def6
Compare
This reverts commit 2a5def6.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When running in FIPS mode, click fails to connect to kind clusters with PKCS12 parsing errors. This occurs because click uses
native-tls(OpenSSL) for IP-based connections, which internally converts PEM certificates to PKCS12 format and uses cryptographic algorithms that are disabled in FIPS mode.Instead use
rustlsfor all connections since it doesn't use OpenSSL. This PR also removes all PKCS12-related code paths and dependencies.Testing
cargo testand
cargo runon FIPS-enabled Linux system connecting to clusters via IP address.