Practical Engineering
open-menu closeme
Engineering
github linkedin rss

  • x509: certificate signed by unknown authority? Maybe the cert pool is empty

    calendar Apr 15, 2025 · 6 min read · Linux Container SELinux Bottlerocket  ·
    Share on: twitter copy

    I recently worked on getting amazon-ssm-agent to run inside containers on Bottlerocket. During that process, I ran into a TLS issue connecting to amazonaws.com. The root cause turned out be interesting and we'll walk through it in this post. Running amazon-ssm-agent in a container: why and how? To enable sessions …


    Read More

Peng Zhang

Software Engineer

Recent Posts

  • x509: certificate signed by unknown authority? Maybe the cert pool is empty
  • Lessons from an errgroup and Context mishap
  • Avoid panic on expected errors: lessons from operating journald-to-cwl
  • GPG is still in use to verify downloads
  • Why does GOMEMLIMIT take up significant physical memory for unused virtual memory?
  • Logs default to stderr in Go and other languages: avoid using stderr to determine program success.
  • AL2023 vs. AL2: less disk space with ext4?
  • Ways Go programs die

Tags

GO 15 ALGORITHMS 8 INTERVIEW 7 LINUX 6 GUIDE 3 CONTAINER 2 DISTRIBUTED-SYSTEM 2 WEB 2 BOTTLEROCKET 1 COMPUTER-ARCHITECTURE 1 CONCURRENCY 1 CRYPTOGRAPHY 1 DATABASES 1 SELINUX 1
All Tags
ALGORITHMS8 BOTTLEROCKET1 COMPUTER-ARCHITECTURE1 CONCURRENCY1 CONTAINER2 CRYPTOGRAPHY1 DATABASES1 DISTRIBUTED-SYSTEM2 GO15 GUIDE3 INTERVIEW7 LINUX6 SELINUX1 TESTING1 WEB2
[A~Z][0~9]
Peng Zhang

Copyright 2022-  PENG ZHANG. All Rights Reserved

to-top