Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: failed to load system roots and no roots provided. #8349

Closed
gopherbot opened this issue Jul 9, 2014 · 10 comments
Closed

crypto/x509: failed to load system roots and no roots provided. #8349

gopherbot opened this issue Jul 9, 2014 · 10 comments
Milestone

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Jul 9, 2014

by introkun:

Distro is OpenELEC that run on Raspberry PI (ARM).

go version is 1.03beta

Error: x509: failed to load system roots and no roots provided.
Go tries to found CA certificates here:
"/etc/ssl/certs/ca-certificates.crt",     // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt",       // Fedora/RHEL
"/etc/ssl/ca-bundle.pem",                 // OpenSUSE
"/etc/ssl/cert.pem",                      // OpenBSD
"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly

But CA bundle on OpenELEC is located here: /etc/pki/tls/cacert.pem

Devs, could you please add the path also to codebase? Thank you.
@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Jul 9, 2014

Comment 1:

It is really necessary for OpenELEC to introduce yet another place to store certs? 
Isn't this going to require a lot of code to be updated to run correctly on that distro?

Labels changed: added repo-main, release-go1.4.

@gopherbot
Copy link
Author

@gopherbot gopherbot commented Jul 9, 2014

Comment 2 by introkun:

OpenELEC is based on squashfs (read-only fs). You should unpack OS, add symlink, pack OS
back and install to device. It took around half an hour if you know how to do it. But
after each OS update you shoul do it again...
@minux
Copy link
Member

@minux minux commented Jul 9, 2014

Comment 3:

does OpenELEC has openssl executable by default?
I think we can add a catch-all case that invokes "openssl version -d"
and use OPENSSLDIR/certs/ca-certificates.crt.
This should solve the uncommon certificates location problem once and
for all (if openssl is installed)
Another solution would be to grep "#define OPENSSLDIR" in
/usr/include/openssl/opensslconf.h, but i expect that not all system
will install openssl development headers.
@gopherbot
Copy link
Author

@gopherbot gopherbot commented Jul 9, 2014

Comment 4 by introkun:

1. Yes. OpenSSL is there:
kitpi:~ # openssl version -d
OPENSSLDIR: "/etc/pki/tls"
kitpi:~ # ls -lah /etc/pki/tls
total 262
drwxrwxr-x    2 root     root          52 May 28 03:25 .
drwxrwxr-x    3 root     root          26 May 28 03:25 ..
-rw-rw-r--    1 root     root      250.8K May 28 03:25 cacert.pem
-rw-r--r--    1 root     root       10.6K May 28 03:25 openssl.cnf
2. >> /usr/include/openssl/opensslconf.h
There is no such path/file.
@minux
Copy link
Member

@minux minux commented Jul 9, 2014

Comment 5:

ok, so OpenELEC really is different.
we will need to search for these files under OPENSSLDIR/:
certs/ca-certificates.crt
cacert.pem
@davecheney
Copy link
Contributor

@davecheney davecheney commented Jul 10, 2014

Comment 6:

I don't think it's a large burdon to add another entry at the bottom of the list.
@rsc
Copy link
Contributor

@rsc rsc commented Sep 15, 2014

Comment 7:

If this is going to happen it needs to happen soon. Otherwise 1.5.

Status changed to Accepted.

@davecheney
Copy link
Contributor

@davecheney davecheney commented Sep 29, 2014

Comment 8:

@introkun, would you please test https://golang.org/cl/147320043 _immediately_
so we can propose it for inclusion in Go 1.4
@gopherbot
Copy link
Author

@gopherbot gopherbot commented Sep 29, 2014

Comment 9 by introkun:

Tested. Works fine now.
@davecheney
Copy link
Contributor

@davecheney davecheney commented Oct 3, 2014

Comment 10:

This issue was closed by revision 19104dc.

Status changed to Fixed.

@gopherbot gopherbot added fixed labels Oct 3, 2014
@rsc rsc added this to the Go1.4 milestone Apr 14, 2015
@rsc rsc removed the release-go1.4 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
wheatman added a commit to wheatman/go-akaros that referenced this issue Jun 25, 2018
wheatman added a commit to wheatman/go-akaros that referenced this issue Jun 26, 2018
wheatman added a commit to wheatman/go-akaros that referenced this issue Jul 9, 2018
wheatman added a commit to wheatman/go-akaros that referenced this issue Jul 30, 2018
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.