Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: go1.18 stops returning typed errors when using system roots on darwin #52010

Closed
liggitt opened this issue Mar 29, 2022 · 3 comments · May be fixed by #53986
Closed

crypto/x509: go1.18 stops returning typed errors when using system roots on darwin #52010

liggitt opened this issue Mar 29, 2022 · 3 comments · May be fixed by #53986
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go1.21

Comments

@liggitt
Copy link
Contributor

liggitt commented Mar 29, 2022
edited

What version of Go are you using (go version)?

$ go version
go version go1.18 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What did you do?

package main

import (
	"crypto/x509"
	"errors"
	"fmt"
	"net/http"
	"net/http/httptest"
)

func main() {
	// new test server
	s := httptest.NewTLSServer(nil)
	defer s.Close()

	// request with system roots
	req, _ := http.NewRequest("GET", s.URL, nil)

	// handle errors
	_, err := http.DefaultClient.Do(req)
	switch {
	case errors.As(err, &x509.UnknownAuthorityError{}):
		// ... log or fallback to alternate code path
		fmt.Println("UnknownAuthorityError", err)
	default:
		fmt.Println("unexpected error type", err)
	}
}

What did you expect to see?

UnknownAuthorityError returned, as in go1.17

go version && go run tls.go 
go version go1.17.8 darwin/amd64
UnknownAuthorityError: &url.Error{Op:"Get", URL:"https://127.0.0.1:55471", Err:x509.UnknownAuthorityError{Cert:(*x509.Certificate)(0xc0001de000), hintErr:error(nil), hintCert:(*x509.Certificate)(nil)}}

What did you see instead?

Untyped error returned on darwin

go version && go run tls.go 
go version go1.18 darwin/amd64
unexpected error type: &url.Error{Op:"Get", URL:"https://127.0.0.1:55479", Err:(*errors.errorString)(0xc000013070)}

(this was hoisted out of #51991 (comment))
@liggitt liggitt changed the title crypto/x509: go1.18 stops returning typed errors when using system roots crypto/x509: go1.18 stops returning typed errors when using system roots on darwin Mar 29, 2022
@liggitt liggitt mentioned this issue Mar 29, 2022
Open
@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 30, 2022
@seankhliao
Copy link
Member

cc @golang/security

@seankhliao seankhliao mentioned this issue Jun 15, 2022
Closed
@dnephin dnephin mentioned this issue Jun 15, 2022
Merged
@Llandy3d Llandy3d mentioned this issue Jun 27, 2022
Closed
@maxflintoff maxflintoff mentioned this issue Jun 28, 2022
Merged
This was referenced Jul 18, 2022
Closed
Open
@gopherbot
Copy link

Change https://go.dev/cl/418835 mentions this issue: crypto/x509: fix mac cert error handling

@seankhliao seankhliao added this to the Go1.20 milestone Aug 20, 2022
This was referenced Sep 6, 2022
Merged
Open
gitlab-runner-bot pushed a commit to gitlabhq/gitlab-runner that referenced this issue Sep 20, 2022
@josephburnett
Accept MacOS SSL error message.
58314be 
The error messages for invalid certificates is slightly different on
Linux and MacOS. We should accept both.

Once this issue is fixed: golang/go#52010
we can just compare the error to the canonical UnknownAuthorityError.
@miretskiy miretskiy mentioned this issue Oct 20, 2022
Closed
@KevinMGranger KevinMGranger mentioned this issue Nov 7, 2022
Closed
@tbaker1313 tbaker1313 mentioned this issue Nov 30, 2022
Closed
1 task
@cfergeau cfergeau mentioned this issue Dec 7, 2022
Closed
cfergeau added a commit to cfergeau/oc that referenced this issue Dec 19, 2022
@cfergeau
Bug 2097830: macOS: certificate is untrusted error
d6ee395 
More workarounds for golang issue
golang/go#52010
@tbaker1313 tbaker1313 mentioned this issue Jan 4, 2023
Closed
@kisunji kisunji mentioned this issue Jan 4, 2023
Merged
3 tasks
@bbrks bbrks mentioned this issue Jan 11, 2023
Merged
@gopherbot gopherbot modified the milestones: Go1.20, Go1.21 Feb 1, 2023
@cfergeau
Copy link

cfergeau commented Feb 6, 2023

This was fixed through #56891 , the fix is available in go 1.20, 1.19.5 and 1.18.10

@chappjc chappjc mentioned this issue Feb 15, 2023
Merged
@golang golang locked and limited conversation to collaborators Feb 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Go1.21
Development

Successfully merging a pull request may close this issue.

crypto/x509: fix mac cert error handling deejross/go
4 participants
@cfergeau @liggitt @gopherbot @seankhliao