I have had GODEBUG set to “x509ignoreCN=0” since using Rancher 2.5 in order to support TLS-based AD auth to our company AD which has not updated their certs yet.
I noticed Rancher 2.6.7, after upgrading, errors out with TLS and the reason appears to imply this GODEBUG is being ignored.
Evidence of variable set:
<ebrundic[toybox]>:<~>$ kubectl -n cattle-system exec -it rancher-6768fd4546-6zsqk – /bin/sh -c ‘set’ | grep GODEBUG
GODEBUG=x509ignoreCN=0
Logs indicating error:
2022/08/22 13:51:08 [ERROR] API error response 500 for POST /v3-public/activeDirectoryProviders/activedirectory?action=login. Cause: Error creating ssl connection: LDAP Result Code 200 “Network Error”: x509: certificate relies on legacy Common Name field, use SANs instead