crypto/x509: failed to load system roots when there are no system roots #6391
Labels
Comments
|
Comment 2 by m.kevac@corp.badoo.com: marko@cpp1.d3:~ $ cat /etc/issue Welcome to SUSE Linux Enterprise Server 11 SP1 (x86_64) - Kernel \r (\l). marko@cpp1.d3:~ $ uname -a Linux cpp1 2.6.32.59-32.32-default #1 SMP 2012-05-29 21:43:39 +0200 x86_64 x86_64 x86_64 GNU/Linux |
|
Comment 4 by m.kevac@corp.badoo.com: There aren't file with that name anywhere. But there are a lot of *.pem files here: marko@cpp1.d3:~ $ ll /etc/ssl/certs/ | wc -l 276 |
|
Comment 6 by m.kevac@corp.badoo.com: Nope. But: marko@cpp1.d3:/etc/ssl/certs $ cat README.RootCerts The OpenSSL project does not (any longer) include root CA certificates. Please check out the FAQ: * How can I set up a bundle of commercial root CA certificates? |
|
Comment 7 by m.kevac@corp.badoo.com: Which led me to http://www.openssl.org/support/faq.html#USER16 So seems there is a way to create such a bundle. But isn't it supposed to just work? |
The question of which root CAs to trust is not one that should be decided by the Go distribution. It instead relies on the operating system to provide access to a set of root CAs. On OS X and Windows there are standard system library calls to validate certificates. On the various Unixes there is by convention a set of root certificates at one of a list of well-known places. I agree with OpenSSL that they shouldn't be deciding that policy either, but I would have expected SUSE to ship with a basic set, like the other Linux distributions. |
|
Comment 10 by ilyxa@nest.org.ru: Please add one string ./src/crypto/x509/root_unix.go:18
"/etc/certs/ca-certificates.crt", // Solaris 11.2
And Solaris 11.2 build process goes fine.
|
|
On Ubuntu (e.g. in Docker): |
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by m.kevac@corp.badoo.com:
What steps will reproduce the problem? Build latest go compiler from tip on Linux. Try to go get some code. marko@cpp1.d3:~ $ go version go version devel +3e162252c755 Sun Sep 15 10:45:36 2013 +1000 linux/amd64 marko@cpp1.d3:~ $ go get code.google.com/p/goprotobuf/{proto,protoc-gen-go} package code.google.com/p/goprotobuf/proto: Get https://code.google.com/p/goprotobuf/source/checkout?repo=: x509: failed to load system roots and no roots provided package code.google.com/p/goprotobuf/protoc-gen-go: Get https://code.google.com/p/goprotobuf/source/checkout?repo=: x509: failed to load system roots and no roots provided Default build. Without any GO environment variables.The text was updated successfully, but these errors were encountered: