Using a network that performs TLS MiTM decryption (that is, uses an internal root certificate for TLS traffic so that network inspection can be performed):
# docker run -it golang:1.13.3
# GOPROXY=direct go mod download -json firstname.lastname@example.org
go: finding rsc.io/sampler v1.3.1
"Error": "email@example.com: invalid version: unknown revision v1.3.1"
What did you expect to see?
The fetch operation is actually failing because the fetch operation can't validate the certificate injected by the TLS MiTM decryption. Verified this by adding the root certificate to the trust store and running the same command again:
I would expect the original error to state that it could not determine the version because the network call it made could not validate the certificate -- because the error didn't make this clear, it took trial-and-error debugging to determine that the TLS decryption policy was the cause for this failure.
May be related to #30134, although in this case, I feel like a better error message would be more warranted than an specific exit code, since even if it failed with a non-standard exit code I wouldn't have known to check for that to determine that this was an issue with certificate validation.
@nmiyake, this may have been fixed incidentally along with the fix for #30748. Could you try building from head (or a fresh download using golang.org/dl/gotip) and see whether it is still reproducible?