New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: failed to load system roots when there are no system roots #6391
Labels
Comments
Comment 2 by m.kevac@corp.badoo.com: marko@cpp1.d3:~ $ cat /etc/issue Welcome to SUSE Linux Enterprise Server 11 SP1 (x86_64) - Kernel \r (\l). marko@cpp1.d3:~ $ uname -a Linux cpp1 2.6.32.59-32.32-default #1 SMP 2012-05-29 21:43:39 +0200 x86_64 x86_64 x86_64 GNU/Linux |
Comment 4 by m.kevac@corp.badoo.com: There aren't file with that name anywhere. But there are a lot of *.pem files here: marko@cpp1.d3:~ $ ll /etc/ssl/certs/ | wc -l 276 |
Comment 6 by m.kevac@corp.badoo.com: Nope. But: marko@cpp1.d3:/etc/ssl/certs $ cat README.RootCerts The OpenSSL project does not (any longer) include root CA certificates. Please check out the FAQ: * How can I set up a bundle of commercial root CA certificates? |
Comment 7 by m.kevac@corp.badoo.com: Which led me to http://www.openssl.org/support/faq.html#USER16 So seems there is a way to create such a bundle. But isn't it supposed to just work? |
The question of which root CAs to trust is not one that should be decided by the Go distribution. It instead relies on the operating system to provide access to a set of root CAs. On OS X and Windows there are standard system library calls to validate certificates. On the various Unixes there is by convention a set of root certificates at one of a list of well-known places. I agree with OpenSSL that they shouldn't be deciding that policy either, but I would have expected SUSE to ship with a basic set, like the other Linux distributions. |
Comment 10 by ilyxa@nest.org.ru: Please add one string ./src/crypto/x509/root_unix.go:18 "/etc/certs/ca-certificates.crt", // Solaris 11.2 And Solaris 11.2 build process goes fine. |
On Ubuntu (e.g. in Docker): |
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by m.kevac@corp.badoo.com:
The text was updated successfully, but these errors were encountered: