Skip to content

crypto/x509: CentOS 7 "x509: failed to load system roots and no roots provided" issues. #15749

Closed
@mckn

Description

@mckn

Please answer these questions before submitting your issue. Thanks!

  1. What version of Go are you using (go version)?
    1.6.2
  2. What operating system and processor architecture are you using (go env)?
    I am running go 1.6.2 from the official docker container with CentOS7 as the hosting os.
  3. What did you do?
    I was using the http.Client and I did a request to a https:// endpoint.
  4. What did you expect to see?
    I was expecting to get a 200OK request. If I did the same request with curl or wget it worked like a charm so it wasnt any problems with the certs on the OS.
  5. What did you see instead?
    When I was doing the request I got the following error: "x509: failed to load system roots and no roots provided"

Solution:
So since other tools worked with https on the host I knew that it was not any problems with the certificates. I checked where the ca bundle was located on the host system and compared it with the following file:

https://github.com/golang/go/blob/master/src/crypto/x509/root_linux.go

On CentOS 7 the certificate bundle is located at the following path:
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Then there are a link to that file on the following path:
/etc/ssl/ca-bundle.crt

Note that it is .crtinstead of .pemas in the root_linux.gofile.

So I tried to run my container to link the /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem to /etc/ssl/ca-bundle.pem and everything works. It was a work around to get my application to work but I would prefer it if we can add the /etc/ssl/ca-bundle.crt to the paths in root_linux.go.

Hope this is possible! Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions