我正在编写一个非常简单的Golang脚本,并使用这个库golang-jenkins来连接我们的内部HTTPS服务器.但是我面临以下x509证书问题,并且不确定如何处理x509证书问题.我们的团队无法访问Jenkins,并想知道我们还可以做些什么来更多地了解这个问题.
$ go run jenkins.go 2014/07/28 22:00:29 [] Get https://jenkins.mydomain.com/api/json: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "MyDomain Internal Root CA")
使用curl:
$ curl -v "https://jenkins.mydomain.com/api/json" * Adding handle: conn: 0x7f8469004000 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x7f8469004000) send_pipe: 1, recv_pipe: 0 * About to connect() to jenkins.mydomain.com port 443 (#0) * Trying 10.38.8.70... * Connected to jenkins.mydomain.com (10.38.8.70) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: jenkins.mydomain.com * Server certificate: MyDomain Server CA - 2014 * Server certificate: MyDomain Internal Root CA > GET /api/json HTTP/1.1 > User-Agent: curl/7.30.0 > Host: jenkins.mydomain.com > Accept: */* > < HTTP/1.1 200 OK * Server nginx is not blacklisted < Server: nginx < Date: Tue, 29 Jul 2014 05:03:45 GMT < Content-Type: application/json;charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < Set-Cookie: JSESSIONID.214ca1a4=1ry000odf815goiv7vl8tr627;Path=/;Secure < Expires: Thu, 01 Jan 1970 00:00:00 GMT < X-Jenkins: 1.554.3 < X-Jenkins-Session: c660ff91
OneOfOne.. 7
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
目前在Go中被破坏,它将在v1.4中得到支持,唯一的解决方法是降级TLS MaxVersion.
快速浏览golang-jenkins,它不允许指定http.Client
使用和使用http.DefaultClient
,降级TLS的MaxVersion的唯一丑陋方法是覆盖http.DefaultClient.Transport
.
在func init()
尝试连接任何东西之前,您应该可以执行以下操作:
cfg := &tls.Config{ MaxVersion: tls.VersionTLS11, // try tls.VersionTLS10 if this doesn't work PreferServerCipherSuites: true, } http.DefaultClient.Transport = &http.Transport{ TLSClientConfig: cfg, }
请记住,这将为任何http.DefaultClient
直接使用的东西设置传输,例如http.Get
,如果你使用自己的实例,你会没事的.
讨论该错误:https://groups.google.com/forum/#!topic / golang -nuts/oK3EBAY2Uig
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
目前在Go中被破坏,它将在v1.4中得到支持,唯一的解决方法是降级TLS MaxVersion.
快速浏览golang-jenkins,它不允许指定http.Client
使用和使用http.DefaultClient
,降级TLS的MaxVersion的唯一丑陋方法是覆盖http.DefaultClient.Transport
.
在func init()
尝试连接任何东西之前,您应该可以执行以下操作:
cfg := &tls.Config{ MaxVersion: tls.VersionTLS11, // try tls.VersionTLS10 if this doesn't work PreferServerCipherSuites: true, } http.DefaultClient.Transport = &http.Transport{ TLSClientConfig: cfg, }
请记住,这将为任何http.DefaultClient
直接使用的东西设置传输,例如http.Get
,如果你使用自己的实例,你会没事的.
讨论该错误:https://groups.google.com/forum/#!topic / golang -nuts/oK3EBAY2Uig