search

google / starlark-go

Starlark in Go: the Starlark configuration language, implemented in Go
BSD 3-Clause "New" or "Revised" License
2.32k stars 212 forks source link

go.starlark.net certificate chain is broken #423

Closed com6056 closed 2 years ago

com6056 commented 2 years ago

Getting this error from gazelle: gazelle: unrecognized import path "go.starlark.net/syntax"

When using openssl s_client, getting these as well:

openssl s_client -connect go.starlark.net:443
CONNECTED(00000005)
depth=0 CN = go.starlark.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = go.starlark.net
verify error:num=21:unable to verify the first certificate
verify return:1
adonovan commented 2 years ago

Works for me. Transient issue?

$ openssl s_client -connect go.starlark.net:443
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.github.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com
   i:/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHFDCCBfygAwIBAgIQCLS/dX/bKN3zuMTJNXxaSTANBgkqhkiG9w0BAQsFADBP
...
j7hcu7rkyPQIK1raQ9pK7uFJ2/FgtxIUuT+by06LnUp82VB7QxlniXO2R4XgDzWd
umlpkAFJQvZ+Sa2rSdjynrTDedjQIv3s1jH2Tvao5fR23tW2XAQhVg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com
issuer=/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 3650 bytes and written 281 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID: ...
    Session-ID-ctx: 
    Master-Key: ...
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 84 2a 63 6e 6a 1d cc 4e-8b ad 2d 18 79 b1 64 3f   .*cnj..N..-.y.d?
    ...
    0090 - 7e 3a a1 fb e1 46 a4 5d-08 ce 58 6f cd b2 0b 85   ~:...F.]..Xo....

    Start Time: 1663274708
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

closed
$ echo $?
0
com6056 commented 2 years ago

Yep seems resolved now