You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When setting up a new client there is the to the transportOption function which tries to get the transport credentials for secured connections from the transportCredentials function.
func transportOption(api string, insecure bool) (grpc.DialOption, error) {
if insecure {
return grpc.WithInsecure(), nil
}
certs, err := transportCredentials(api)
if err != nil {
return nil, err
}
return grpc.WithTransportCredentials(certs), nil
}
func transportCredentials(api string) (credentials.TransportCredentials, error) {
ca, err := x509.SystemCertPool()
if err != nil {
return nil, err
}
if ca == nil {
ca = x509.NewCertPool()
}
servernameWithoutPort := strings.Split(api, ":")[0]
return credentials.NewClientTLSFromCert(ca, servernameWithoutPort), nil
}
However, this function calls x509.SystemCertPool() which always returns an error for windows systems:
func SystemCertPool() (*CertPool, error) {
if runtime.GOOS == "windows" {
// Issue 16736, 18609:
return nil, errors.New("crypto/x509: system root pool is not available on Windows")
}
if sysRoots := systemRootsPool(); sysRoots != nil {
return sysRoots.copy(), nil
}
return loadSystemRoots()
}
It seems that this is fixed in golang/go@3544082
Change comment: "This change re-enables SystemCertPool on Windows, but explicitly does not return anything from CertPool.Subjects (which matches the behavior of macOS)."
We switched last week from the REST implementation to gRPC and it works in the cluster, but not on all dev machines because of some windows instances. So it does block some of us developing with Zitadel. Not sure if our codebase is already supporting 1.18, but I guess the change would anyway be first on this repo, right?
When setting up a new client there is the to the
transportOption
function which tries to get the transport credentials for secured connections from thetransportCredentials
function.However, this function calls
x509.SystemCertPool()
which always returns an error for windows systems:It seems that this is fixed in golang/go@3544082
Change comment: "This change re-enables SystemCertPool on Windows, but explicitly does not return anything from CertPool.Subjects (which matches the behavior of macOS)."
According to this source, it should be available in Go 1.18: deviceinsight/kafkactl#108 (comment)
Would this help?
The text was updated successfully, but these errors were encountered: