Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: go get -insecure requires GIT_SSL_NO_VERIFY #34568

Open
kyroy opened this issue Sep 27, 2019 · 2 comments

Comments

@kyroy
Copy link
Contributor

commented Sep 27, 2019

What version of Go are you using (go version)?

$ go version
go version go1.13 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/go/test/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build128427995=/tmp/go-build -gno-record-gcc-switches"

What did you do?

$ docker run  -ti --rm golang:1.13 bash
$ mkdir test && cd test && go mod init test
$ export GOPRIVATE=github.xxxx.xxxxx.corp

$ go get github.xxxx.xxxxx.corp/myorg/go
go get github.xxxx.xxxxx.corp/myorg/go: unrecognized import path "github.xxxx.xxxxx.corp/myorg/go" (https fetch: Get https://github.xxxx.xxxxx.corp/myorg/go?go-get=1: x509: certificate signed by unknown authority)

$ go get -insecure -x -v  github.xxxx.xxxxx.corp/myorg/go
# get https://github.xxxx.xxxxx.corp/?go-get=1
# get https://github.xxxx.xxxxx.corp/myorg?go-get=1
# get https://github.xxxx.xxxxx.corp/myorg/go?go-get=1
# get //github.xxxx.xxxxx.corp/myorg/go?go-get=1: 200 OK (0.068s)
get "github.xxxx.xxxxx.corp/myorg/go": found meta tag get.metaImport{Prefix:"github.xxxx.xxxxx.corp/myorg/go", VCS:"git", RepoRoot:"https://github.xxxx.xxxxx.corp/myorg/go.git"} at //github.xxxx.xxxxx.corp/myorg/go?go-get=1
mkdir -p /go/pkg/mod/cache/vcs # git3 https://github.xxxx.xxxxx.corp/myorg/go.git
# lock /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe.lockmkdir -p /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe # git3 https://github.xxxx.xxxxx.corp/myorg/go.git
cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git init --bare
0.005s # cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git init --bare
cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git remote add origin -- https://github.xxxx.xxxxx.corp/myorg/go.git
0.003s # cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git remote add origin -- https://github.xxxx.xxxxx.corp/myorg/go.git
cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git ls-remote -q origin
# get //github.xxxx.xxxxx.corp/?go-get=1: 200 OK (0.101s)
0.111s # cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git ls-remote -q origin
# get //github.xxxx.xxxxx.corp/myorg?go-get=1: 200 OK (1.277s)
go get github.xxxx.xxxxx.corp/myorg/go: git ls-remote -q origin in /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe: exit status 128:
	fatal: unable to access 'https://github.xxxx.xxxxx.corp/myorg/go.git/': server certificate verification failed. CAfile: none CRLfile: none

$ GIT_SSL_NO_VERIFY=1 go get -insecure github.xxxx.xxxxx.corp/myorg/go
go: finding github.xxxx.xxxxx.corp/myorg/go latest
go: downloading github.xxxx.xxxxx.corp/myorg/go v0.0.0-20190903123812-3090d622918c
go: extracting github.xxxx.xxxxx.corp/myorg/go v0.0.0-20190903123812-3090d622918c

What did you expect to see?

I would expect that the option -insecure also disables the SSL verification for git.

What did you see instead?

go get -insecure fails and I have to enable GIT_SSL_NO_VERIFY to be able to download my dependency.

@bcmills

This comment has been minimized.

Copy link
Member

commented Sep 27, 2019

We should probably revisit this in conjunction with #32966.

@bcmills bcmills added this to the Unplanned milestone Sep 27, 2019
@bcmills

This comment has been minimized.

Copy link
Member

commented Sep 27, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.