Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: certificate signed by unknown authority again #27175

Closed
brunetto opened this issue Aug 23, 2018 · 4 comments
Closed

crypto/x509: certificate signed by unknown authority again #27175

brunetto opened this issue Aug 23, 2018 · 4 comments

Comments

@brunetto
Copy link

@brunetto brunetto commented Aug 23, 2018

What version of Go are you using (go version)?

$ go version
go version go1.10 darwin/amd64

(also tested on go1.11rc2)

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/brunetto.ziosi/Library/Caches/go-build"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/brunetto.ziosi/Code"
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/m3/145jfhdd5qsf66_41wt9p02mhc4hp5/T/go-build960163842=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

I work in a company with a firewall that basically operates as a Man In The Middle with its own certificate. The certificate was pushed to our dev computers (MacBookPro with OS X High Sierra - 10.13.6) but I can't make Go recognize it. As a result, every network operation including a https endpoint outside the company network fails, both Go tools and developed programs. I've read a lot of issues and blog posts about it but still I didn't find any fix.

Example program:

package main

import (
	"io"
	"log"
	"net/http"
	"os"
)

func main() {
	resp, err := http.Get("https://www.google.com/")
	if err != nil {
		log.Fatal(err)
	}

	io.Copy(os.Stdout, resp.Body)
}

What did you expect to see?

The google page (or any https endpoint response) printed to the STDOUT

What did you see instead?

$ go run main.go
2018/08/23 18:13:27 Get https://www.google.com/: x509: certificate signed by unknown authority
exit status 1
@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Aug 23, 2018

Almost certainly a duplicate of #24652.

Can you try running the test at #24652 (comment)?

@brunetto
Copy link
Author

@brunetto brunetto commented Aug 23, 2018

Done, by private mail!

Thank you for your help.

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Aug 23, 2018

This is indeed a duplicate of #24652 and the CLs in there fix the issue (modulo the dlv-cert error that was already fixed in the meantime).

@coderguang
Copy link

@coderguang coderguang commented Jul 19, 2019

use http replace https can work fine!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.