Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: go1.18 stops returning typed errors when using system roots on darwin #52010

Open
liggitt opened this issue Mar 29, 2022 · 1 comment
Labels
NeedsInvestigation

Comments

@liggitt
Copy link
Contributor

@liggitt liggitt commented Mar 29, 2022

What version of Go are you using (go version)?

$ go version
go version go1.18 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What did you do?

package main

import (
	"crypto/x509"
	"errors"
	"fmt"
	"net/http"
	"net/http/httptest"
)

func main() {
	// new test server
	s := httptest.NewTLSServer(nil)
	defer s.Close()

	// request with system roots
	req, _ := http.NewRequest("GET", s.URL, nil)

	// handle errors
	_, err := http.DefaultClient.Do(req)
	switch {
	case errors.As(err, &x509.UnknownAuthorityError{}):
		// ... log or fallback to alternate code path
		fmt.Println("UnknownAuthorityError", err)
	default:
		fmt.Println("unexpected error type", err)
	}
}

What did you expect to see?

UnknownAuthorityError returned, as in go1.17

go version && go run tls.go 
go version go1.17.8 darwin/amd64
UnknownAuthorityError: &url.Error{Op:"Get", URL:"https://127.0.0.1:55471", Err:x509.UnknownAuthorityError{Cert:(*x509.Certificate)(0xc0001de000), hintErr:error(nil), hintCert:(*x509.Certificate)(nil)}}

What did you see instead?

Untyped error returned on darwin

go version && go run tls.go 
go version go1.18 darwin/amd64
unexpected error type: &url.Error{Op:"Get", URL:"https://127.0.0.1:55479", Err:(*errors.errorString)(0xc000013070)}

(this was hoisted out of #51991 (comment))

@liggitt liggitt changed the title crypto/x509: go1.18 stops returning typed errors when using system roots crypto/x509: go1.18 stops returning typed errors when using system roots on darwin Mar 29, 2022
@seankhliao seankhliao added the NeedsInvestigation label Mar 30, 2022
@seankhliao
Copy link
Member

@seankhliao seankhliao commented Mar 30, 2022

cc @golang/security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation
Projects
None yet
Development

No branches or pull requests

2 participants