Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: Post fails with x509: certificate signed by unknown authority #9586

Closed
sdandroid opened this issue Jan 14, 2015 · 4 comments

Comments

Projects
None yet
4 participants
@sdandroid
Copy link

commented Jan 14, 2015

The same code running under Windows without problems, but under debian, POST has problems, GET is no problem.
InsecureSkipVerify: true
Golang version 1.4

@minux

This comment has been minimized.

Copy link
Member

commented Jan 14, 2015

This is too little information.

Please show the code to demonstrate the problem.

@sdandroid

This comment has been minimized.

Copy link
Author

commented Jan 14, 2015

There are similar code

package main
import (
    "crypto/tls"
    "fmt"
    "io/ioutil"
    "net/http"
    "net/http/cookiejar"
    "net/url"
    "strings"
)
func init() {
    cfg := &tls.Config{
        InsecureSkipVerify: true,
    }
    http.DefaultClient.Transport = &http.Transport{
        TLSClientConfig: cfg,
    }
}
func httpPostForm() {
    parm := url.Values{}
    parm.Add("username", "***")
    parm.Add("passwd", "***")
    cookieJar, _ := cookiejar.New(nil)
    client := &http.Client{
        Jar: cookieJar,
    }
    req, err := http.NewRequest("POST", "https://www.gjsq.biz/index.php", strings.NewReader(parm.Encode()))
    req.Header.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36")
    req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
    resp, err := client.Do(req)
    if err != nil {
        fmt.Printf("%s", err)
    }
    defer resp.Body.Close()
    body, err := ioutil.ReadAll(resp.Body)
    if err != nil {
        fmt.Printf("%s", err)
    }
    fmt.Println(string(body))
}
func main() {
    httpPostForm();
}
@davecheney

This comment has been minimized.

Copy link
Contributor

commented Jan 14, 2015

It looks like one of the signatories in the path are not known/trusted by Ubuntu (nor my mac as it turns out). This appears to be a common problem with RapidSSL certs.

http://serverfault.com/questions/391487/why-is-my-rapidssl-certificate-chain-is-not-trusted-on-ubuntu

Closing: invalid. Sorry, this isn't a Go bug.

@davecheney davecheney closed this Jan 14, 2015

@davecheney davecheney added the invalid label Jan 14, 2015

@mikioh mikioh changed the title http Post x509: certificate signed by unknown authority<nil> net/http: Post fails with x509: certificate signed by unknown authority Jan 14, 2015

@minux

This comment has been minimized.

Copy link
Member

commented Jan 17, 2015

Actually, the real problem is that the server (www.gjsq.biz:443) fails to
send the
complete certificate chain.

A real chain (which is trusted) should look like this:
ww.gjsq.biz 17dec748aea57d1d965a9f3ad80d2e12e100d859 RSA 2048 bits (e
65537) / SHA256withRSA
RapidSSL SHA256 CA - G3 0e34141846e7423d37f20dc0ab06c9bbd843dc24 RSA 2048
bits (e 65537) / SHA256withRSA
GeoTrust Global CA Self-signed de28f4a4ffe5b92fa3c503d1a349a7f9962a8212
RSA 2048 bits (e 65537) / SHA1withRSA

Because GeoTrust Global CA root CA should really be included in all major
OSes,
the problem is not that RapidSSL certificates are not trusted. The server
just failed
to send the crucial intermediate certificate that links from GeoTrust to
RapidSSL.

The conclusion is the same. It's not Go's problem. Perhaps the OP should
contact
that owner of the server and notify them that their web server is
misconfigured.

@golang golang locked and limited conversation to collaborators Jun 25, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.