az network bastion tunnel fails with CERTIFICATE_VERIFY_FAILED #27283
Description
Describe the bug
az network bastion tunnel fails to verify certificate after ssh or vscode attempt to use the tunnel to connect to the local port on the host system.
- This is a fresh macOS install in addition to a fresh install of the azure-cli on this system.
az loginworks successfully and without issue- There is NO PROXY, openssl says it is fine, curl says it is fine, chrome says the cert is fine, python says it is fine.
openssl s_client -servername bst-<bastion UUID HERE>.bastion.azure.com -connect bst-<bastion UUID HERE>.bastion.azure.com:443 |openssl x509 -noout -dates
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure TLS Issuing CA 05
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = bst-<bastion UUID HERE>.bastion.azure.com
verify return:1
notBefore=Jun 16 15:29:47 2023 GMT
notAfter=Jun 10 15:29:47 2024 GMT
curl -vvI https://bst-<bastion UUID HERE>.bastion.azure.com
* Trying 20.169.240.85:443...
* Connected to bst-<bastion UUID HERE>.bastion.azure.com (<bastion IP HERE>) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=bst-<bastion UUID HERE>.bastion.azure.com
* start date: Jun 16 15:29:47 2023 GMT
* expire date: Jun 10 15:29:47 2024 GMT
* subjectAltName: host "bst-<bastion UUID HERE>.bastion.azure.com" matched cert's "bst-<bastion UUID HERE>.bastion.azure.com"
* issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 05
* SSL certificate verify ok.
* using HTTP/1.x
> HEAD / HTTP/1.1
> Host: bst-<bastion UUID HERE>.bastion.azure.com
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/1.1 200
HTTP/1.1 200
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000;includeSubDomains; preload
Strict-Transport-Security: max-age=31536000;includeSubDomains; preload
< Set-Cookie: JSESSIONID=985310DBA9AD5941109439CEDED2022E; Path=/; Secure; HttpOnly
Set-Cookie: JSESSIONID=985310DBA9AD5941109439CEDED2022E; Path=/; Secure; HttpOnly
< Accept-Ranges: bytes
Accept-Ranges: bytes
< ETag: W/"2519-1691769442000"
ETag: W/"2519-1691769442000"
< Last-Modified: Fri, 11 Aug 2023 15:57:22 GMT
Last-Modified: Fri, 11 Aug 2023 15:57:22 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 2519
Content-Length: 2519
< Date: Tue, 29 Aug 2023 15:48:06 GMT
Date: Tue, 29 Aug 2023 15:48:06 GMT
<
* Connection #0 to host bst-<bastion UUID HERE>.bastion.azure.com left intact
➜ ~ python
Python 3.10.13 (main, Aug 25 2023, 02:38:26) [Clang 14.0.3 (clang-1403.0.22.14.1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> r = requests.get("https://bst-<bastion UUID HERE>.bastion.azure.com")
>>> r.status_code
200
Related command
az network bastion tunnel --debug --name $bastion_name --resource-group $rg_name --target-resource-id $resource_id --subscription "SubHere" --resource-port 22 --port 46810
Errors
urllib3.connectionpool: Starting new HTTPS connection (1): bst-<UUID HERE>.bastion.azure.com:443
urllib3.connectionpool: https://bst-<UUID HERE>.bastion.azure.com:443 "POST /api/tokens HTTP/1.1" 200 None
Exception in thread Thread-1 (_start_tunnel):
Traceback (most recent call last):
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
self.run()
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/threading.py", line 953, in run
self._target(*self._args, **self._kwargs)
File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/custom.py", line 335, in _start_tunnel
tunnel_server.start_server()
File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 194, in start_server
self._listen()
File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 130, in _listen
self.ws = create_connection(host,
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_core.py", line 601, in create_connection
websock.connect(url, **options)
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_core.py", line 244, in connect
self.sock, addrs = connect(url, self.sock_opt, proxy_info(**options),
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 136, in connect
sock = _ssl_socket(sock, options.sslopt, hostname)
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 271, in _ssl_socket
sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 247, in _wrap_sni_socket
return context.wrap_socket(
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1104, in _create
self.do_handshake()
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1375, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:1007)
Issue script & Debug output
az network bastion tunnel --debug --name $bastion_name --resource-group $rg_name --target-resource-id $resource_id --subscription "SUBHERE" --resource-port 22 --port 46810
cli.knack.cli: Command arguments: ['network', 'bastion', 'tunnel', '--debug', '--name', 'bastion-resource-name', '--resource-group', 'resourcegroupname', '--target-resource-id', '/subscriptions/UUIDHERE/resourceGroups/resourcegroupname/providers/Microsoft.Compute/virtualMachines/vmname', '--subscription', 'SubName', '--resource-port', '22', '--port', '46810']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x102eb7010>, <function OutputProducer.on_global_arguments at 0x10300f130>, <function CLIQuery.on_global_arguments at 0x103050700>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns', 'azext_bastion']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: network 0.230 115 353
cli.azure.cli.core: privatedns 0.004 14 63
cli.azure.cli.core: Total (2) 0.234 129 416
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: bastion 0.003 2 9 /Users/mike.odriscoll/.azure/cliextensions/bastion
cli.azure.cli.core: Total (1) 0.003 2 9
cli.azure.cli.core: Loaded 129 groups, 425 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : network bastion tunnel
cli.azure.cli.core: Command table: network bastion tunnel
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x103e60ca0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users/mike.odriscoll/.azure/commands/2023-08-29.11-35-44.network_bastion_tunnel.15318.log'.
az_command_data_logger: command args: network bastion tunnel --debug --name {} --resource-group {} --target-resource-id {} --subscription {} --resource-port {} --port {}
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x103e7dab0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x103eb79a0>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x103eb7ac0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x10300f1c0>, <function CLIQuery.handle_query_parameter at 0x103050790>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x103eb7a30>]
az_command_data_logger: extension name: bastion
az_command_data_logger: extension version: 0.2.5
Command group 'az network' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/mike.odriscoll/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/mike.odriscoll/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/UUIDHERE/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/UUIDHERE/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/UUIDHERE/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: <correlationID>
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/bastionHosts/bastion-resource-name?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '<stripped>'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network bastion tunnel'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--debug --name --resource-group --target-resource-id --subscription --resource-port --port'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.51.0 (PIP) (AAZ) azsdk-python-core/1.29.3 Python/3.10.13 (macOS-13.5.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/bastionHosts/bastion-resource-name?api-version=2022-01-01 HTTP/1.1" 200 2029
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '2029'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 29 Aug 2023 15:35:44 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"name": "bastion-resource-name",
"id": "/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/bastionHosts/bastion-resource-name",
"etag": "W/\"<etag-replaced>\"",
"type": "Microsoft.Network/bastionHosts",
"location": "eastus",
"tags": {
"x-aw-component": "Bastion",
"x-aw-cost-centre": "it",
"x-aw-deployment-tool": "Manual",
"x-aw-owner": "[email protected]",
"x-aw-product": "COMPANY NAME",
"x-az-environment": "Infra",
"x-az-provisioning-identity": "<ProvisioningIdentity>"
},
"properties": {
"provisioningState": "Succeeded",
"dnsName": "bst-<bastion-UUID>.bastion.azure.com",
"scaleUnits": 2,
"enableTunneling": true,
"enableIpConnect": false,
"enableFileCopy": false,
"disableCopyPaste": false,
"enableShareableLink": false,
"ipConfigurations": [
{
"name": "bastion-resource-name-ip",
"id": "/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/bastionHosts/bastion-resource-name/bastionHostIpConfigurations/bastion-resource-name-ip",
"etag": "W/\"<etag-replaced>\"",
"type": "Microsoft.Network/bastionHosts/bastionHostIpConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/publicIPAddresses/bastion-resource-name-pip"
},
"subnet": {
"id": "/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Network/virtualNetworks/bastion-vnet-name/subnets/AzureBastionSubnet"
}
}
}
]
},
"sku": {
"name": "Standard"
}
}
cli.azext_bastion.tunnel: Port 46810 is open
cli.azext_bastion.tunnel: Creating a socket on port: 46810
cli.azext_bastion.tunnel: Setting socket options
cli.azext_bastion.tunnel: Binding to socket on local address and port
cli.azext_bastion.tunnel: Finished initialization
cli.azext_bastion.custom: Opening tunnel on port: 46810
cli.azext_bastion.custom: Tunnel is ready, connect on port 46810
cli.azext_bastion.custom: Ctrl + C to close
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/UUIDHERE/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/UUIDHERE/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/UUIDHERE/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/UUIDHERE/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: <correlationID>
cli.azext_bastion.tunnel: Content: {'resourceId': '/subscriptions/subUUID/resourceGroups/resourcegroupname/providers/Microsoft.Compute/virtualMachines/vmname', 'protocol': 'tcptunnel', 'workloadHostPort': '22', 'aztoken': '<TOKEN-REMOVED>', 'token': None}
urllib3.connectionpool: Starting new HTTPS connection (1): bst-<bastion-UUID>.bastion.azure.com:443
urllib3.connectionpool: https://bst-<bastion-UUID>.bastion.azure.com:443 "POST /api/tokens HTTP/1.1" 200 None
Exception in thread Thread-1 (_start_tunnel):
Traceback (most recent call last):
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
self.run()
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/threading.py", line 953, in run
self._target(*self._args, **self._kwargs)
File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/custom.py", line 335, in _start_tunnel
tunnel_server.start_server()
File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 194, in start_server
self._listen()
File "/Users/mike.odriscoll/.azure/cliextensions/bastion/azext_bastion/tunnel.py", line 130, in _listen
self.ws = create_connection(host,
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_core.py", line 601, in create_connection
websock.connect(url, **options)
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_core.py", line 244, in connect
self.sock, addrs = connect(url, self.sock_opt, proxy_info(**options),
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 136, in connect
sock = _ssl_socket(sock, options.sslopt, hostname)
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 271, in _ssl_socket
sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
File "/Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/websocket/_http.py", line 247, in _wrap_sni_socket
return context.wrap_socket(
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1104, in _create
self.do_handshake()
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/ssl.py", line 1375, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:1007)
cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x103eb4ee0>, <function _x509_from_base64_to_hex_transform at 0x103eb4f70>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult []
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x103e60ee0>]
az_command_data_logger: exit code: 0
cli.__main__: Command ran in 6.641 seconds (init: 0.093, invoke: 6.548)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3565 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/local/Library/Frameworks/Python.framework/Versions/3.10/bin/python3.10 /Users/mike.odriscoll/Library/Python/3.10/lib/python/site-packages/azure/cli/telemetry/__init__.py /Users/mike.odriscoll/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
Tunnel connects and allows vscode or ssh to create a connection to the bastion host.
No SSL certificate error occurs.
Environment Summary
azure-cli 2.51.0
core 2.51.0
telemetry 1.1.0
Extensions:
bastion 0.2.5
Dependencies:
msal 1.24.0b1
azure-mgmt-resource 23.1.0b2
Python location '/opt/local/Library/Frameworks/Python.framework/Versions/3.10/bin/python3.10'
Extensions directory '/Users/mike.odriscoll/.azure/cliextensions'
Python (Darwin) 3.10.13 (main, Aug 25 2023, 02:38:26) [Clang 14.0.3 (clang-1403.0.22.14.1)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response
Metadata
Metadata
Assignees
Labels
az login/accountAuto assign by botaz network vnet/lb/nic/dns/etc...This issue is responsible by Azure service team.This issue requires a change to an existing behavior in the product in order to be resolved.Issues that are reported by GitHub users external to the Azure organization.The issue doesn't require a change to the product in order to be resolved. Most issues start as that