cmd/go: go mod init fails to retrieve company.github.com ssl only repositories #30405
What version of Go are you using (
Hi @agnivade thanks for that reference. As from the docs:
This has been tried but it seems the 'insteadOf' workaround to explicitly use SSH is not functioning as mentioned in the original issue remark.
[ update ]
turns out that only providing the domain name actually makes a difference. so:
(without trailing slash or /engineering)
This still shows the following error though:
$ go mod init modulename go: creating new go.mod: module modulename go: copying requirements from glide.lock go: converting glide.lock: stat github.ourcompany.local/engineering/protos@7462cb9dbaba285e3c931bc1edc0b62ebe8d005e: git fetch -f https://github.ourcompany.local/engineering/protos.git refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in c:\git\go\pkg\mod\cache\vcs\5626dfafc13719b661e5e62c892d3563fa39030a15a5ca1fdcad3e06591ea342: **exit status 128: fatal: unable to access 'https://github.ourcompany.local/engineering/protos.git/': SSL certificate problem: unable to get local issuer certificate**
Even when providing this part in the gitconfig, to give a hint on the used private SSL certificate:
[http "https://github.ourcompany.local"] sslCaInfo = /c/Users/me/.ssh/github-ourcompany.pem schannelUseSSLCAInfo = true
what would be the proper settings to point to the private ssl certificate or gitconfig?
Presumably that's what the
You should be able to verify that by running
and checking for a
It wrote a go.mod file anyway, because of other dependencies that it could find from public repositories like from public github.com.
on checking with curl, the https version returns:
This is fine, because of the gitconfig 'insteadOf' setting moves to the SSH git@ way of connecting.
Thus, using the SSH method returns no error:
Still, using go mod init does not seem to be able to make the SSH connection. Not entirely sure how to setup the certificate configured in github.ourcompany.local within gitconfig, or if more certificate-access would be needed.
No, that's not fine. There are two steps to fetching a module with a give path: first we resolve that path to a repo or module server path (via HTTPS), then we fetch the module from that server. If we can't resolve the path, then we have no way of knowing that we need to use
That means that your local machine needs to be configured to recognize the issuer of the private certificate. On Windows, I believe that you can use the MMC Certificates snap-in or the
If you can configure your certificates so that
@bcmills how come
does work and retrieves the company.github.com code from remote while
Ok, so I got curl working only by providing the server side certificates separately. That took me some work, let me explain.
So at first I saw this:
After some digging through several options I bumped on this website http://javamemento.blogspot.com/2015/10/using-curl-with-ssl-cert-chain.html, which steps I've followed through to get a cacert file containing all certificates of the entire trust-chain necessary for server-access.
Remark: Not sure why this would be needed for 'go mod' command though; because a command like 'go get github.ourcompany.local/somerepo' simply works, but ok.
Now using that certificate (certRepo) in the curl command this results in:
So, the SSL access error is gone and we have access via curl command.
I do not see a command line param for go mod to give a certificate to help.
When in the gitconfig I set the following, changing sslBackend option from 'schannel' to 'openssl' and point to the generated .pem file with the server certificates:
then go mod init gives this failure:
However, when I take the git fetch command of one of the dependencies that go mod wants to execute, and try to execute that 'git fetch' on the command line myself I get the following message:
I'm not all too familiar with the connection details, but does 'git mod' not accept SSH keys/connections yet?
@MelleKoning, thanks for following up, and my apologies for the delayed response.
When that is done, I would be surprised if you needed any of the explicit
The choice between SSH and HTTPS is currently whatever is indicated in the response to
Thanks @bcmills; I have installed the certificates from github.ourcompany.local in the windows root certificate store (computer trusted), but now getting a CERT_TRUST_REVOCATION_STATUS_UNKNOWN error.
I will ask our cloudops department in the company more information about this. Thank you for your feedback so far.
Hi @agnivade unfortunately not. a 'go mod init myname' keeps coming back with multiple of the following errors.
so we simply keep developing within the go path.