client certificates are not sent when using nerdctl pull? #427
Description
With docker I had my certificates in ~/.docker/certs.d/host:port/{ca.crt, client.cert, client.key}. After moving these to /etc/docker/certs.d/host:port/.. in the lima machine, nerdctl recognises them and I was able to login to the registry (nerdctl login ..). Before moving the files, I got an 400 Error when trying to login ..
pulling images from this private (gitlab) registry is still not possible:
$ nerdctl --debug-full pull $PRIVATE_REGISTRY:5000/web/docker-web:latest
DEBU[0000] rootless parent main: executing "/usr/bin/nsenter" with [-r/ -w/home/dennis.linux --preserve-credentials -m -n -U -t 832 -F nerdctl --debug-full pull $PRIVATE_REGISTRY:5000/web/docker-web:latest]
DEBU[0000] fetching image="$PRIVATE_REGISTRY:5000/web/docker-web:latest"
DEBU[0000] resolving host="$PRIVATE_REGISTRY:5000"
DEBU[0000] do request host="$PRIVATE_REGISTRY:5000" request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/1.5.0+unknown request.method=HEAD url="https://$PRIVATE_REGISTRY:5000/v2/web/docker-web/manifests/latest"
DEBU[0000] fetch response received host="$PRIVATE_REGISTRY:5000" response.header.content-length=237 response.header.content-type=text/html response.header.date="Tue, 12 Oct 2021 13:51:41 GMT" response.header.server=nginx/1.17.8 response.status="400 Bad Request" url="https://$PRIVATE_REGISTRY:5000/v2/web/docker-web/manifests/latest"
FATA[0000] failed to resolve reference "$PRIVATE_REGISTRY:5000/web/docker-web:latest": pulling from host $PRIVATE_REGISTRY:5000 failed with status code [manifests latest]: 400 Bad RequestMy assumption is, that nerdctl does not send the client certificate when trying to pull .. any ideas?