I'm really glad to see the non-cgo version of certs getting some careful attention.

@raszi Give 1.9rc2 a try, it should already have the fix for this.
https://go-review.googlesource.com/c/36941

I recompiled golang go version devel +165c15afa3 Fri Sep 15 17:29:51 2017 +0000 darwin/amd64 and compiled my own version of Packer hashicorp/packer#5230 but still got the x509 error.

* Post-processor failed: Failed to start import from s3://<some-bucket>/packer-import-1505501667.ova: RequestError: send request failed
caused by: Post https://ec2.us-east-1.amazonaws.com/: x509: certificate signed by unknown authority

OSX: 10.12.6 (16G29)

Any advice on how to get a workaround.

@lmayorga1980 is that with, or without, cgo disabled? (try setting CGO_ENABLED=0 when building)

I didn't 😢 . I will try again when building go.

Set CGO_ENABLED=0 when building Packer (or whichever app/program you're testing) to get a pure-go version, no need to rebuild Go itself.

Confirmed. It works for me 👍 🎉 🎈 .

My steps:

1. brew install golang. This will install 1.9 from the binary releases.
2. Recompiled Golang from master branch in OSX Sierra.
3. brew uninstall golang
4. Add my compiled go to the PATH
5. Compiled Hashicorp/Packer from source.

Thanks.

@mastercactapus Do you know when this will be available in the core go release?

@lmayorga1980 I'm not sure whether anything was committed because of this issue, but the 1.10 Go release is scheduled for February 1. https://github.com/golang/go/wiki/Go-Release-Cycle

Actually, as far as I can tell from the comments above, this is fixed in 1.9, so it is already in a core Go release. But to get a non-cgo version, you'll have to build it yourself, following the comments above, or as described at https://golang.org/doc/install/source setting CGO_ENABLED=0 in the environment.

I'm going to close this issue because I don't see anything to do. Please comment if you disagree.