Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: certificate signed by unknown authority again #27175

Closed
brunetto opened this issue Aug 23, 2018 · 4 comments
Closed

crypto/x509: certificate signed by unknown authority again #27175

brunetto opened this issue Aug 23, 2018 · 4 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone

Comments

@brunetto
Copy link

brunetto commented Aug 23, 2018

What version of Go are you using (go version)?

$ go version
go version go1.10 darwin/amd64

(also tested on go1.11rc2)

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/brunetto.ziosi/Library/Caches/go-build"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/brunetto.ziosi/Code"
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/m3/145jfhdd5qsf66_41wt9p02mhc4hp5/T/go-build960163842=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

I work in a company with a firewall that basically operates as a Man In The Middle with its own certificate. The certificate was pushed to our dev computers (MacBookPro with OS X High Sierra - 10.13.6) but I can't make Go recognize it. As a result, every network operation including a https endpoint outside the company network fails, both Go tools and developed programs. I've read a lot of issues and blog posts about it but still I didn't find any fix.

Example program:

package main

import (
	"io"
	"log"
	"net/http"
	"os"
)

func main() {
	resp, err := http.Get("https://www.google.com/")
	if err != nil {
		log.Fatal(err)
	}

	io.Copy(os.Stdout, resp.Body)
}

What did you expect to see?

The google page (or any https endpoint response) printed to the STDOUT

What did you see instead?

$ go run main.go
2018/08/23 18:13:27 Get https://www.google.com/: x509: certificate signed by unknown authority
exit status 1
@FiloSottile
Copy link
Contributor

Almost certainly a duplicate of #24652.

Can you try running the test at #24652 (comment)?

@FiloSottile FiloSottile added WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Aug 23, 2018
@FiloSottile FiloSottile added this to the Go1.12 milestone Aug 23, 2018
@FiloSottile FiloSottile self-assigned this Aug 23, 2018
@brunetto
Copy link
Author

Done, by private mail!

Thank you for your help.

@FiloSottile
Copy link
Contributor

This is indeed a duplicate of #24652 and the CLs in there fix the issue (modulo the dlv-cert error that was already fixed in the meantime).

@coderguang
Copy link

use http replace https can work fine!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Development

No branches or pull requests

4 participants