Upgrading to OSX 10.12.1 breaks the ability to "go get" packages from gopkg.in

[gmendel]

Can not get packages like go get gopkg.in/alecthomas/kingpin.v2. It will fail with the following error: Unknown SSL protocol error in connection to gopkg.in:-9838

[aidan-]

I am receiving this same error but on a different version of OSX (10.11.6). It looks like this issue is not specific to the go get tool but with git itself.

heylook:temp aidan$ git clone https://gopkg.in/yaml.v2
Cloning into 'yaml.v2'...
fatal: unable to access 'https://gopkg.in/yaml.v2/': Unknown SSL protocol error in connection to gopkg.in:-9838
heylook:temp aidan$ git --version
git version 2.7.4 (Apple Git-66)

EDIT: This looks to be working now?

[liudanking]

+1

[jedisct1]

Same here

[niemeyer]

Can you please try this:

git config --global http.sslVerify true

[rscottfree]

@niemeyer git config --global http.sslVerify true This worked for me. However, it would be nice if it worked with sslVerify set to false as well.

[niemeyer]

I'm probably missing something fundamental about this problem.. why would you like to disable verification?

[adamveld12]

I had the same issue too:

go get -v gopkg.in/fatih/pool.v2
Fetching https://gopkg.in/fatih/pool.v2?go-get=1
Parsing meta tags from https://gopkg.in/fatih/pool.v2?go-get=1 (status code 200)
get "gopkg.in/fatih/pool.v2": found meta tag main.metaImport{Prefix:"gopkg.in/fatih/pool.v2", VCS:"git", RepoRoot:"https://gopkg.in/fatih/pool.v2"} at https://gopkg.in/fatih/pool.v2?go-get=1
gopkg.in/fatih/pool.v2 (download)
# cd .; git clone https://gopkg.in/fatih/pool.v2 /Users/Adam/projects/go/src/gopkg.in/fatih/pool.v2
Cloning into '/Users/Adam/projects/go/src/gopkg.in/fatih/pool.v2'...
fatal: unable to access 'https://gopkg.in/fatih/pool.v2/': Unknown SSL protocol error in connection to gopkg.in:-9838
package gopkg.in/fatih/pool.v2: exit status 128

Adding the git config line @niemeyer mentioned fixed it for me.

[rscottfree]

@niemeyer - If I recall correctly, I had to disable ssl verification in order to access some NPM packages on a server using self-signed certificates and for getting around a corporate firewall that rewrote certificates.

[niemeyer]

I'm sure this is obvious to most people here, but it must be said: replacing TLS certificates or disabling their verification pretty much kills the point of using TLS. I'd strongly encourage not doing that.

At the same time, I don't understand what the deal is with the TLS library being used by git in your systems. If the certificate is valid when it checks it, how can it possibly break when it's not checking it?

I'm closing this issue, as it doesn't look like a problem on gopkg.in.

[B35T]

Thank You. @niemeyer //git config --global http.sslVerify true

[niemeyer]

Yes, per notes above, git client on Mac apparently breaks when not validating a valid certificate.

Just enable validation (it's a good idea, btw!) and it works.

[rscottfree]

That's not accurate. When sslVerify is false I can git clone from an https endpoint on Github without issue. Same for bitbucket. However, I am unable to git clone from https://gopkg.in

git clone https://gopkg.in/fatih/pool.v2 fails while git clone https://github.com/angular/material.git works.

Perhaps it is the type of ssl certificate in use that the Mac git client struggles with, but it works fine not validating valid certificates other than the gopkg cert.

[niemeyer]

Yes, the fact it works with other certificates doesn't say much. Is the certificate valid? Yes. Does it work when that same git client validates it? Yes. Does it work on every other browser and every other git client? Yes. So, all evidence points to a bug on the client.

I'm obviously still open to any information that would say otherwise.

[subbu05]

git config --global http.sslVerify true will resolve SSL errors

[edagarli]

fantastic