Description
Please answer these questions before submitting your issue. Thanks!
- What version of Go are you using (
go version
)?
1.6.2 - What operating system and processor architecture are you using (
go env
)?
I am running go 1.6.2 from the official docker container with CentOS7 as the hosting os. - What did you do?
I was using the http.Client and I did a request to a https:// endpoint. - What did you expect to see?
I was expecting to get a 200OK request. If I did the same request with curl or wget it worked like a charm so it wasnt any problems with the certs on the OS. - What did you see instead?
When I was doing the request I got the following error: "x509: failed to load system roots and no roots provided"
Solution:
So since other tools worked with https on the host I knew that it was not any problems with the certificates. I checked where the ca bundle was located on the host system and compared it with the following file:
https://github.com/golang/go/blob/master/src/crypto/x509/root_linux.go
On CentOS 7 the certificate bundle is located at the following path:
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Then there are a link to that file on the following path:
/etc/ssl/ca-bundle.crt
Note that it is .crt
instead of .pem
as in the root_linux.go
file.
So I tried to run my container to link the /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
to /etc/ssl/ca-bundle.pem
and everything works. It was a work around to get my application to work but I would prefer it if we can add the /etc/ssl/ca-bundle.crt
to the paths in root_linux.go.
Hope this is possible! Thanks!