Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: RSA key missing NULL parameters help #30205

Closed
rs-frank opened this issue Feb 13, 2019 · 1 comment
Closed

crypto/tls: RSA key missing NULL parameters help #30205

rs-frank opened this issue Feb 13, 2019 · 1 comment
Labels
FrozenDueToAge

Comments

@rs-frank
Copy link

What version of Go are you using (go version)?

$ go version
go version go1.11 windows/amd64

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\Frank-pc\AppData\Local\go-build
set GOEXE=.exe
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOOS=windows
set GOPATH=D:\GOPATH;D:\workspace_golang
set GOPROXY=
set GORACE=
set GOROOT=D:\Go
set GOTMPDIR=
set GOTOOLDIR=D:\Go\pkg\tool\windows_amd64
set GCCGO=gccgo
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fmessage-length=0 -fdebug-prefix-map=C:\Users\Frank-pc\AppData\Local\Temp\go-build229994882=/tmp/go-build -gno-record-gcc-switches

What did you do?

import (
"crypto/tls"
"fmt"
"io/ioutil"
"net/http"
"testing"
)

func TestStartTask(t *testing.T) {
tr := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify:true,
},
}
client := &http.Client{Transport: tr}
resp, err := client.Get("https://cbss.10010.com")
if err != nil {
fmt.Println("Get error:", err)
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
fmt.Println(string(body))
}

What did you expect to see?

What did you see instead?

tls: failed to parse certificate from server: x509: RSA key missing NULL parameters
@bcmills bcmills changed the title RSA key missing NULL parameters help crypto/tls: RSA key missing NULL parameters help Feb 13, 2019
@bcmills
Copy link
Contributor

bcmills commented Feb 13, 2019

That error comes from here:

go/src/crypto/x509/x509.go

Lines 987 to 991 in ffd096d

// RSA public keys must have a NULL in the parameters.
// See RFC 3279, Section 2.3.1.
if !bytes.Equal(keyData.Algorithm.Parameters.FullBytes, asn1.NullBytes) {
return nil, errors.New("x509: RSA key missing NULL parameters")
}

It indicates a malformed RSA public key:

The rsaEncryption OID is intended to be used in the algorithm field
of a value of type AlgorithmIdentifier. The parameters field MUST
have ASN.1 type NULL for this algorithm identifier.

To address the issue, you'll probably need to contact the owner of cbss.10010.com and ask them to fix their certificate.

@bcmills bcmills closed this as completed Feb 13, 2019
@golang golang locked and limited conversation to collaborators Feb 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcmills @gopherbot @rs-frank