Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pulumi CLI net/http: TLS handshake timeout #6556

Closed
evanlemke opened this issue Mar 17, 2021 · 2 comments
Closed

Pulumi CLI net/http: TLS handshake timeout #6556

evanlemke opened this issue Mar 17, 2021 · 2 comments
Assignees
@stack72
Labels
area/build CI/CD for pulumi/pulumi kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Milestone
0.54

Comments

@evanlemke
Copy link

evanlemke commented Mar 17, 2021
edited
Loading

Expected behavior

CLI commands like pulumi login or pulumi whoami should work as expected

Current behavior

All CLI commands result in a TLS handshake timeout

$ pulumi login
Manage your Pulumi stacks by logging in.
Run `pulumi login --help` for alternative login options.
Enter your access token from https://app.pulumi.com/account/tokens
    or hit <ENTER> to log in using your browser                   : 
We've launched your web browser to complete the login process.
Waiting for login to complete...
error: problem logging in: performing HTTP request: Get "https://api.pulumi.com/api/user": net/http: TLS handshake timeout

$ pulumi login
Logging in using access token from PULUMI_ACCESS_TOKEN
error: problem logging in: getting user info from https://api.pulumi.com: performing HTTP request: Get "https://api.pulumi.com/api/user": net/http: TLS handshake timeout

Context (Environment)

Mac OS (Big Sur), Pulumi CLI v2.22.0 installed with homebrew, no connection issues to pulumi servers. Only the CLI experiences timeouts.

$ curl https://api.pulumi.com/api/user
{"code":401,"message":"Unauthorized: No credentials provided or are invalid."}

$ telnet api.pulumi.com 443
Trying 35.160.203.13...
Connected to api.pulumi.com.
Escape character is '^]'.

Resolution

I was able to solve this problem. Turns out, it is a known issue in golang when you have too many certificates in your keystore https://go-review.googlesource.com/c/go/+/227037/. It looks to have already been patched and you can avoid this issue in your CLI by targeting a newer version.

I was able to resolve the issue by clearing unnecessary certificates from my keystore.

$ security find-certificate -c "certificatename" -a -Z | \
  sudo awk '/SHA-1/{system("security delete-certificate -Z "$NF)}'

Sources

exercism/support#48 (comment)
https://1password.community/discussion/99219/error-net-http-tls-handshake-timeout
https://stackoverflow.com/questions/62989130/golang-tls-handshake-timeout-affecting-go-get-and-go-code
@evanlemke evanlemke added the kind/bug Some behavior is incorrect or out of spec label Mar 17, 2021
@viveklak
Copy link
Contributor

@evanlemke thanks for the input! We used go 1.15 for 2.22.0 and 2.23.x is on go 1.16 so we should have the fix already. Curious if you are able to see if you can repro with pulumi CLI 2.23.x - though I understand that you have cleaned out certificates from your keystore.

@stack72 stack72 added resolution/fixed This issue was fixed area/build CI/CD for pulumi/pulumi kind/bug Some behavior is incorrect or out of spec and removed kind/bug Some behavior is incorrect or out of spec labels Mar 24, 2021
@stack72
Copy link
Contributor

stack72 commented Mar 24, 2021

Hey @evanlemke

As @viveklak noted, we have upgraded to build on the newer versions of Go. If you still find this issue, then please do let us know and we can reopen it

thanks

Paul

@stack72 stack72 closed this as completed Mar 24, 2021
@stack72 stack72 added this to the 0.54 milestone Mar 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stack72 stack72

Labels
area/build CI/CD for pulumi/pulumi kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Projects
None yet
Milestone
0.54
Development

No branches or pull requests
3 participants
@stack72 @viveklak @evanlemke