tls: failed to verify certificate: SecPolicyCreateSSL error: 0

NorseGaud commented 5 months ago

All TLS/HTTPS API calls seem to be unable to verify certificates. I'm using the signal handler example and added

func worker() {
LOOP:
    for {
        time.Sleep(time.Second) // this is work to be done by worker.
        select {
        case <-stop:
            break LOOP
        default:
            httpClient := &http.Client{}
            req, err := http.NewRequest("GET", "https://google.com", nil)
            if err != nil {
                log.Println("error creating request", "err", err)
                return
            }
            resp, err := httpClient.Do(req)
            if err != nil {
                log.Println("error making GET request to google.com", "err", err)
                return
            }
            defer resp.Body.Close()
            fmt.Println("GET request to https://google.com status:", resp.Status)
        }
    }
    done <- struct{}{}
}

This throws

2024/04/05 15:12:52 - - - - - - - - - - - - - - -
2024/04/05 15:12:52 daemon started
2024/04/05 15:12:53 error making GET request to google.com err Get "https://google.com": tls: failed to verify certificate: SecPolicyCreateSSL error: 0

However, the parent process does have a full environment and can make the GETs.

NorseGaud commented 5 months ago

@sevlyar any ideas?

NorseGaud commented 5 months ago

Comment on https://stackoverflow.com/questions/78282560/golang-copy-of-parent-process-is-not-able-to-make-https-tls-calls-and-gets-tls points to maybe a macOS bug?

https://github.com/golang/go/issues/61000

NorseGaud commented 5 months ago

Yep, ok, you can't run it with a relative path. Have to use an absolute one like go run ~/go-daemon/examples/cmd/gd-signal-handling/signal-handling.go

sevlyar / go-daemon

tls: failed to verify certificate: SecPolicyCreateSSL error: 0 #99