Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vgo - Custom CA certificate for dependency resolution #25500

Closed
biox opened this issue May 22, 2018 · 6 comments
Closed

x/vgo - Custom CA certificate for dependency resolution #25500

biox opened this issue May 22, 2018 · 6 comments
Labels
FrozenDueToAge
Milestone
vgo

Comments

@biox
Copy link

biox commented May 22, 2018
edited

What did you do?

A simple vgo build results in certificate signed by unknown authority messages due to an appliance that injects custom certificates into any HTTPS traffic.

What did you expect to see?

I expect an option that allows the user to either bypass certificate verification or supports injecting an additional CA cert (or certs) into the chain.

What did you see instead?

I have discovered no such option short of modifying the vgo source code.

System details

go version go1.10.2 darwin/amd64
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/b8325/Library/Caches/go-build"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/b8325/code/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/Cellar/go/1.10.2/libexec"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.10.2/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/qz/w4llgc0x2lzdhlgl8qbvd6k8zzhkfd/T/go-build039397519=/tmp/go-build -gno-record-gcc-switches -fno-common"
VGOMODROOT=""
GOROOT/bin/go version: go version go1.10.2 darwin/amd64
GOROOT/bin/go tool compile -V: compile version go1.10.2
uname -v: Darwin Kernel Version 17.4.0: Sun Dec 17 09:19:54 PST 2017; root:xnu-4570.41.2~1/RELEASE_X86_64
ProductName:	Mac OS X
ProductVersion:	10.13.3
BuildVersion:	17D102
lldb --version: lldb-902.0.79.2
  Swift-4.1
@gopherbot gopherbot added this to the vgo milestone May 22, 2018
@kardianos
Copy link
Contributor

Looks like a duplicate of #25434 .

@biox
Copy link
Author

biox commented May 25, 2018

Is it worth making a separate discussion about allowing a custom CA inserted into the go command-line utility? I imagine that many enterprises require this functionality, and adding -insecure to my commands is undesirable.

@kardianos
Copy link
Contributor

Typically enterprises will add the custom Root CA to workstation boxes, where it gets picked up by the go tool. If you can't verify the chain, it would still fall under "insecure".

@biox
Copy link
Author

biox commented May 25, 2018

Typically enterprises will add the custom Root CA to workstation boxes, where it gets picked up by the go tool

Can you expand on how this is possible? I can't find an environment variable or flag for this functionality.

@kardianos
Copy link
Contributor

This is part of the go command. Go tls will look in your computers trusted root CAs. So you need to lookup how to add root CAs to your OS. On linux you might just add it to a folder. Windows you run certmgr.msc.

@biox
Copy link
Author

biox commented May 25, 2018

...oh! I had no idea that this was the case. So long as that will remain true for vgo (I don't have the resources to claim one way or another at this moment) then this issue can be closed as a duplicate. Thank you for your patience!

@biox biox closed this as completed May 25, 2018
@golang golang locked and limited conversation to collaborators May 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
vgo
Development

No branches or pull requests
3 participants
@kardianos @gopherbot @biox