Server certificate verification failed in golang docker image for go buildutil

Question

In docker container from golang:1, I tried to do a go get golang.org/x/tools/go/buildutil, but ended up with:

# cd .; git clone -- https://go.googlesource.com/tools /go/src/golang.org/x/tools
Cloning into '/go/src/golang.org/x/tools'...
fatal: unable to access 'https://go.googlesource.com/tools/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
package golang.org/x/tools/go/buildutil: exit status 128

I tried all the instructions in server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none:

apt-get install --reinstall ca-certificates
mkdir /usr/local/share/ca-certificates/cacert.org
wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
update-ca-certificates
git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt

# This returns nothing, there is no `CA Issuers` section returned to the `grep`
echo -n | openssl s_client -showcerts -connect go.googlesource.com \
  2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
  | openssl x509 -noout -text | grep "CA Issuers" | head -1

hostname=go.googlesource.com
port=443
# curl-config was not working for me
# trust_cert_file_location=`curl-config --ca`
# did this instead
trust_cert_file_location=/etc/ssl/certs/ca-certificates.crt

bash -c "echo -n | openssl s_client -showcerts -connect $hostname:$port -servername $hostname \
    2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'  \
    >> $trust_cert_file_location"

Ran my go get again, only to get:

get "golang.org/x/tools/go/buildutil": found meta tag get.metaImport{Prefix:"golang.org/x/tools", VCS:"git", RepoRoot:"https://go.googlesource.com/tools"} at //golang.org/x/tools/go/buildutil?go-get=1
get "golang.org/x/tools/go/buildutil": verifying non-authoritative meta tag
golang.org/x/tools (download)
# cd .; git clone -- https://go.googlesource.com/tools /go/src/golang.org/x/tools
Cloning into '/go/src/golang.org/x/tools'...
error: RPC failed; curl 56 GnuTLS recv error (-110): The TLS connection was non-properly terminated.
package golang.org/x/tools/go/buildutil: exit status 128

Upping my git http.postBuffer to 1048576000 didn't help. Any ideas?

i just run `docker run -it golang:1` and inside `git clone -- https://go.googlesource.com/tools /go/src/golang.org/x/tools` and everything worked. Maybe because i just pulled the image ? My golang:1 was create 12 days ago (image id "5f9d35ce5cfe"). Do you have the same image ? — Dr Claw, Dec 30 '20 at 17:16
It was an intermediate certificate issue, nothing to do with go, git or gerrit — ewok, Dec 31 '20 at 18:06

Server certificate verification failed in golang docker image for go buildutil

0 Answers0