StrERROR: Problem with the local SSL certificate

[jason-i-vv]

test ./list_pod_bin failed ,because of SSL certificate,

this is my kube config:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EUXdNVEV3TlRNME1sb1hEVE0wTURNek1ERXdOVE0wTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFhCjVrY3k0d094bVhmcW1TZll0dEdIRjg5N3JOM0wrV2haRHRlbzQreEZNT1hEcnVGK0RGOUFqcFRodWVWVUttQ3IKUTFWb0svYS9Id0d3ZlMxQ2VwaXZoN1FRbGV2YXp6UkhVcW1JdUtwcW95akNJRjBOK3E3QU16alI1dVRmeVZiTQpjTjFRTmFwZm95RFZyYVN2UGtVcysvYmVQS0hFYTBiL1dXWDRhSjBudGhUQmdPNGwwSkk3b2hoY1FDWjV4OHhFClF5QlZjYnZnSksvU09rWkxKRTAxSHYyS3RGeWZGV3FycnVuR25WdEtreWR5ajZXMFZiaitJK0JNRk0wS056SUkKTkp6RlB4NDExNVhWMFJoWlE1WjBqRnRBNUdHaXU0UTM5RjdwRjNFSUl4azd1bDN6MDl0WXN6MFNZTUJCVFNIZAo1MHVlL0ZlaHp1MU1UM3UrdGNNQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZGUEVlenNYSmw0ekdQUitjYlpNZG0vRHBtUStNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBR01LYk5jN0k0d3pvZ3ZPaDI1RgpiK3dOUFRWRGFBTWJwVTZuWEhKcHdJVGgxNXRUVGdESzF1MWdmVmtvZXVMc2crc0NMaUN0SStjRGtEUEczZVdMCnhOYmo4MlQyZGgwVHF3cXM3RXpnOE5BRGh3WXJLcm8xbi9XMG1jQlBleTFmd3VlT0dLTUY2ZXoyMExkVjEwdVYKcnQ5bzFxQ0l3VlNhQUd6bVVzdXlSM3k1YU40eklWckxpbUVjT2RVdkVPWGtNa3NtYm9Bd053bnREUXZzSUVsRwpIN3dEOUJPdG05TlY2NnROb1RqNldCNC9DNktEMnhaalNWbzZiZ09Rdi8wS0oxRi9YcnpNODE0ak1oSkxMbFVPCnI4SkpTTVl4NHpzeWVoaGcrd3lySFVERTA0ZkVJcGFya1RXemNHSFJwN1k4MHN5VytDUi9hQnlQN1R6NFFFd2EKMlFvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://10.16.128.121:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    namespace: default
    user: mapping-admin
  name: mapping-admin@kubernetes
current-context: mapping-admin@kubernetes
kind: Config
users:
- name: mapping-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNNRENDQVJnQ0ZFLy9aUXZsaGxtRTNsSlVGMFA4SVR1c09JRTRNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NalF3TkRBeE1UQTFPREF6V2hjTk16UXdNek13TVRBMQpPREF6V2pBWU1SWXdGQVlEVlFRRERBMXRZWEJ3YVc1bkxXRmtiV2x1TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBCkE0R05BRENCaVFLQmdRRGI4ZXB4T3Q3YXdBZGU3RGVjTzlxdTVIdFJseEFaRldxQ1cxenZJWXJ4UDEwbmF1YXcKVHppVElxaXhHYndBNnpjYmoyQnl6WHBxR0NlWjNHbVJJUmtXeTVxVzg2eTUxcXZxbFpkZzRzbEpHWUpJWVozTwpwWVQyVjZtS0pPcms0S29POGtDZ3V0bjlaLzhGWDJRWmpid1RzeE5ydTI3WXB0bmw5VXRQcHR2MHZRSURBUUFCCk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ25Pa2Z6TDFVcEM5VUpXZzBiK3MvSVlFUVRqY2lxTjIvUnc4MzgKZ0QxOTU0cWFEOHNiaElObktHUGNDa1dzWkhUMHYwbk9MMXBKVlZxL1l5amRGK1k4dVJhbDdnVTY5OStuWlNKTApKTjYzWkFSMnhSTW45T3pnb0NxRThxU3BIWU5GY3ZlLzQ3aDJQbGtVYXNwVmkrTzFyRDJvZUtKaDRuOXBFRlo3ClBKZlhVZytFcktQamhGV1k0TjFVU0VSTnFrWEFVZWRnazE3b1dlanhTRldBSmgza05lK1RtQzY0b2xOVGdIbWIKT0lPREpaQmdUTzdUMERhbWxtTzhYNGRBTTg5L095NWRiSUl2cGxDZ2tyOXBINXZaZmQ3dU1NOEtRaE1KUGJiLwowTEwzc2t5bEdHWUUzU2k5M2VCM1R6WnR2bk5YQkF6THFHeE9EdG9Gb1VwT1l6ZHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNkd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Fd2dnSmRBZ0VBQW9HQkFOdng2bkU2M3RyQUIxN3MKTjV3NzJxN2tlMUdYRUJrVmFvSmJYTzhoaXZFL1hTZHE1ckJQT0pNaXFMRVp2QURyTnh1UFlITE5lbW9ZSjVuYwphWkVoR1JiTG1wYnpyTG5XcStxVmwyRGl5VWtaZ2toaG5jNmxoUFpYcVlvazZ1VGdxZzd5UUtDNjJmMW4vd1ZmClpCbU52Qk96RTJ1N2J0aW0yZVgxUzArbTIvUzlBZ01CQUFFQ2dZQVNsRHpaazc5L2V2a2thNC9IQXNkV1ByYXMKRGJhdVo4QzNna0EzY3YzcG94Q2JZOHhZMkZoUEZYNXFkMklLTWRSVjM2YW1DL1ZyUU44WGdDYnF1NEVDNDhsaQpWZVRPY3BKbXpTKzNkWDgwem4vYitUaEEzMzZudS82aEkzaERFRVNZL2wxZWEyRFN1aThuNFdnMXEycURKbGk2CmQ2WVlxa2hsTWRpT1BvQlpnUUpCQVByaGZSbHE0c0Y2YkQ3MVczZkx1dlIxV1k1N09La2xoeHZ5WEtuNThnMzgKak5zZmRmY1dRZEJoVEx4VTFEWktTQnlmRFhyN2ExaGpCdGdWemViYU5YOENRUURnYnRSV09qMlY1Tm9hWnAyWAowSytMcmI1UCt1ZkJOQy9ad2FzcDIrMzlQSjRScC9tSElRdTdDeUR2UTNtMHFWcFlmckJjaWxsUDVTTnpJNzdWCmgwdkRBa0VBencrUU9vdzNQc3lWenBpZXQ0N1ViTEwyQ1Z5MTlSVGVJRGkyTml2dWxaQ2RpTFM4bmdRbXFaL0UKdjZPYnluc2diVTd3eDFIKzFPSldZYjROUkwxUWJRSkJBTE9uWkNmbUZSaGhDa25wN0tyekxTS2xvTnRMSUt0aQp5QThLM2FYelhFM0RjVkQyNG1MT0RDTGM1SzlDbHpFTUE3c2xKcTNkUFdNY0xFVmx6c1FFdXBzQ1FIam91ZmpRCm1vUzdsR0VtTy9wUktJdUF3SmlOTnRHYThFRVJ2ZXhwQUVhRW5YcEVFSVladTV3c08yZkZxZmlXT3JmK0tJTFQKandNbWhsS1JkQTF6VENVPQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==

[jason-i-vv]

• Trying 10.16.128.121:6443...
• Connected to 10.16.128.121 (10.16.128.121) port 6443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• could not load PEM client certificate, OpenSSL error error:0A00018F:SSL routines::ee key too small, (no key found, wrong pass phrase, or wrong file format?)
• Closing connection 0
  curl_easy_perform() failed

[ityuhui]

I tried in my env using kind, the client works.

Have you tried with kubectl commandline to fetch a pod ? e.g. kubectl get po -A

[jason-i-vv]

yes,kubectl get po is ok . And i print some logs for debug.

./list_pod_bin
user->client_certificate_data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNNRENDQVJnQ0ZFLy9aUXZsaGxtRTNsSlVGMFA4SVR1c09JRTRNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NalF3TkRBeE1UQTFPREF6V2hjTk16UXdNek13TVRBMQpPREF6V2pBWU1SWXdGQVlEVlFRRERBMXRZWEJ3YVc1bkxXRmtiV2x1TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBCkE0R05BRENCaVFLQmdRRGI4ZXB4T3Q3YXdBZGU3RGVjTzlxdTVIdFJseEFaRldxQ1cxenZJWXJ4UDEwbmF1YXcKVHppVElxaXhHYndBNnpjYmoyQnl6WHBxR0NlWjNHbVJJUmtXeTVxVzg2eTUxcXZxbFpkZzRzbEpHWUpJWVozTwpwWVQyVjZtS0pPcms0S29POGtDZ3V0bjlaLzhGWDJRWmpid1RzeE5ydTI3WXB0bmw5VXRQcHR2MHZRSURBUUFCCk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ25Pa2Z6TDFVcEM5VUpXZzBiK3MvSVlFUVRqY2lxTjIvUnc4MzgKZ0QxOTU0cWFEOHNiaElObktHUGNDa1dzWkhUMHYwbk9MMXBKVlZxL1l5amRGK1k4dVJhbDdnVTY5OStuWlNKTApKTjYzWkFSMnhSTW45T3pnb0NxRThxU3BIWU5GY3ZlLzQ3aDJQbGtVYXNwVmkrTzFyRDJvZUtKaDRuOXBFRlo3ClBKZlhVZytFcktQamhGV1k0TjFVU0VSTnFrWEFVZWRnazE3b1dlanhTRldBSmgza05lK1RtQzY0b2xOVGdIbWIKT0lPREpaQmdUTzdUMERhbWxtTzhYNGRBTTg5L095NWRiSUl2cGxDZ2tyOXBINXZaZmQ3dU1NOEtRaE1KUGJiLwowTEwzc2t5bEdHWUUzU2k5M2VCM1R6WnR2bk5YQkF6THFHeE9EdG9Gb1VwT1l6ZHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
user->client_key_data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNkd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Fd2dnSmRBZ0VBQW9HQkFOdng2bkU2M3RyQUIxN3MKTjV3NzJxN2tlMUdYRUJrVmFvSmJYTzhoaXZFL1hTZHE1ckJQT0pNaXFMRVp2QURyTnh1UFlITE5lbW9ZSjVuYwphWkVoR1JiTG1wYnpyTG5XcStxVmwyRGl5VWtaZ2toaG5jNmxoUFpYcVlvazZ1VGdxZzd5UUtDNjJmMW4vd1ZmClpCbU52Qk96RTJ1N2J0aW0yZVgxUzArbTIvUzlBZ01CQUFFQ2dZQVNsRHpaazc5L2V2a2thNC9IQXNkV1ByYXMKRGJhdVo4QzNna0EzY3YzcG94Q2JZOHhZMkZoUEZYNXFkMklLTWRSVjM2YW1DL1ZyUU44WGdDYnF1NEVDNDhsaQpWZVRPY3BKbXpTKzNkWDgwem4vYitUaEEzMzZudS82aEkzaERFRVNZL2wxZWEyRFN1aThuNFdnMXEycURKbGk2CmQ2WVlxa2hsTWRpT1BvQlpnUUpCQVByaGZSbHE0c0Y2YkQ3MVczZkx1dlIxV1k1N09La2xoeHZ5WEtuNThnMzgKak5zZmRmY1dRZEJoVEx4VTFEWktTQnlmRFhyN2ExaGpCdGdWemViYU5YOENRUURnYnRSV09qMlY1Tm9hWnAyWAowSytMcmI1UCt1ZkJOQy9ad2FzcDIrMzlQSjRScC9tSElRdTdDeUR2UTNtMHFWcFlmckJjaWxsUDVTTnpJNzdWCmgwdkRBa0VBencrUU9vdzNQc3lWenBpZXQ0N1ViTEwyQ1Z5MTlSVGVJRGkyTml2dWxaQ2RpTFM4bmdRbXFaL0UKdjZPYnluc2diVTd3eDFIKzFPSldZYjROUkwxUWJRSkJBTE9uWkNmbUZSaGhDa25wN0tyekxTS2xvTnRMSUt0aQp5QThLM2FYelhFM0RjVkQyNG1MT0RDTGM1SzlDbHpFTUE3c2xKcTNkUFdNY0xFVmx6c1FFdXBzQ1FIam91ZmpRCm1vUzdsR0VtTy9wUktJdUF3SmlOTnRHYThFRVJ2ZXhwQUVhRW5YcEVFSVladTV3c08yZkZxZmlXT3JmK0tJTFQKandNbWhsS1JkQTF6VENVPQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
cluster->certificate_authority_data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EUXdNVEV3TlRNME1sb1hEVE0wTURNek1ERXdOVE0wTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFhCjVrY3k0d094bVhmcW1TZll0dEdIRjg5N3JOM0wrV2haRHRlbzQreEZNT1hEcnVGK0RGOUFqcFRodWVWVUttQ3IKUTFWb0svYS9Id0d3ZlMxQ2VwaXZoN1FRbGV2YXp6UkhVcW1JdUtwcW95akNJRjBOK3E3QU16alI1dVRmeVZiTQpjTjFRTmFwZm95RFZyYVN2UGtVcysvYmVQS0hFYTBiL1dXWDRhSjBudGhUQmdPNGwwSkk3b2hoY1FDWjV4OHhFClF5QlZjYnZnSksvU09rWkxKRTAxSHYyS3RGeWZGV3FycnVuR25WdEtreWR5ajZXMFZiaitJK0JNRk0wS056SUkKTkp6RlB4NDExNVhWMFJoWlE1WjBqRnRBNUdHaXU0UTM5RjdwRjNFSUl4azd1bDN6MDl0WXN6MFNZTUJCVFNIZAo1MHVlL0ZlaHp1MU1UM3UrdGNNQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZGUEVlenNYSmw0ekdQUitjYlpNZG0vRHBtUStNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBR01LYk5jN0k0d3pvZ3ZPaDI1RgpiK3dOUFRWRGFBTWJwVTZuWEhKcHdJVGgxNXRUVGdESzF1MWdmVmtvZXVMc2crc0NMaUN0SStjRGtEUEczZVdMCnhOYmo4MlQyZGgwVHF3cXM3RXpnOE5BRGh3WXJLcm8xbi9XMG1jQlBleTFmd3VlT0dLTUY2ZXoyMExkVjEwdVYKcnQ5bzFxQ0l3VlNhQUd6bVVzdXlSM3k1YU40eklWckxpbUVjT2RVdkVPWGtNa3NtYm9Bd053bnREUXZzSUVsRwpIN3dEOUJPdG05TlY2NnROb1RqNldCNC9DNktEMnhaalNWbzZiZ09Rdi8wS0oxRi9YcnpNODE0ak1oSkxMbFVPCnI4SkpTTVl4NHpzeWVoaGcrd3lySFVERTA0ZkVJcGFya1RXemNHSFJwN1k4MHN5VytDUi9hQnlQN1R6NFFFd2EKMlFvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
sslConfig->insecureSkipTlsVerify: 0
sslConfig->clientCertFile: /tmp/kubeconfig-A79SBv
sslConfig->clientKeyFile: /tmp/kubeconfig-EuVH6s
sslConfig->CACertFile: /tmp/kubeconfig-E9jEyy
rc = 0
apiClient = 0x563e5d370720
apiClient->basePath = https://10.16.128.121:6443
apiClient->sslConfig = 0x563e5d371ba0
apiClient->response_code = 0
apiClient->dataReceived = (nil)
apiClient->dataReceivedLen = 0
localVarPath: /api/v1/namespaces/default/pods
localVarBodyParameters: (null)
*   Trying 10.16.128.121:6443...
* Connected to 10.16.128.121 (10.16.128.121) port 6443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* could not load PEM client certificate, OpenSSL error error:0A00018F:SSL routines::ee key too small, (no key found, wrong pass phrase, or wrong file format?)
* Closing connection 0
curl_easy_perform() failed

URL: https://10.16.128.121:6443/api/v1/namespaces/default/pods
IP: 10.16.128.121
PORT: 6443
SCHEME: HTTPS
StrERROR: Problem with the local SSL certificate
The return code of HTTP request=0
Cannot get any pod.

[ityuhui]

I'm guessing it's a bug that the client certificate is being truncated before being provided to the API server. Perhaps your client certificate is longer than the buffer. Can you do some investigation to print the contents of the client certificate or debug this?