Golang x509 snafu on macOS #2355
Comments
fasterthanlime
added a commit
to itchio/httpkit
that referenced
this issue
Dec 13, 2019
fasterthanlime
added a commit
to itchio/butler
that referenced
this issue
Dec 13, 2019
|
Further info: certifi might break certs for other users :( We might want to roll back. |
|
Update: certifi did help that last user, but the Go team is looking into it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's a long-ass thread here but the gist is: some folks on macOS see "Post https://api.itch.io/login: x509: certificate signed by unknown authority."
There's about 60 issues on the Go issue tracker about this, and the main takeaway is: this keeps breaking, only for a small % of folks, the Go devs aren't sure exactly why, to their credit they're trying to do something Apple doesn't really want you to do and the APIs are terribly easy to misuse (maybe even impossible to use correctly?)
I was all out of ideas and then I thought "hey why not bundle Root CA certificates", and lo and behold, certifi does exactly that.
So I'm going to try use certifi's Root CAs (a curated subset of the Mozilla CA Certs collection) on macOS, see if that fixes it. The relevant work is in https://github.com/itchio/httpkit.
The text was updated successfully, but these errors were encountered: