Closed penglei closed 5 years ago
Change https://golang.org/cl/166219 mentions this issue: fix root_cgo_darwin omits some trusty intermediate ca certificate
Probably a duplicate of #30471.
Probably a duplicate of #30471.
Yes, it is. I reproduced the problem of #30471. After applying the patch and recompiling go
binary, it's fixed.
Change https://golang.org/cl/178539 mentions this issue: crypto/x509: include roots with empty or multiple policies on macOS
This should be now fixed at tip. Please test it with https://golang.org/dl/gotip and report back.
$ go get golang.org/dl/gotip
$ gotip download
$ GODEBUG=x509roots=1 gotip test -v -run TestSystemRoots crypto/x509
$ gotip run [YOUR_PROGRAM]
Change https://golang.org/cl/227037 mentions this issue: crypto/x509: use Security.framework without cgo for roots on macOS
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
generate certs
Use this script to generate a server certificate signed by an intermediate certificate
https://gist.github.com/penglei/91530ced7174d4d96ecbe8a5f8420749
this script will generate root.pem, root-key.pem, intermediate.pem, intermediate-key.pem, server.pem, server-key.pem. certs in following step can be found here.
add ca cert to system by /usr/bin/security
NOTE: bug is produced when adding intermediate.pem by calling
security add-trusted-cert
with no any-p policy
options.config a HTTPS server
Copy server.pem and server-key.pem to nginx config directory
add the following content to nginx.conf:
run the following go program
please ensure
CGO_ENABLED=1
(this is default)What did you expect to see?
What did you see instead?