What version of Go are you using (go version)? go version devel +e6f9f39 Mon Aug 29 18:25:33 2016 +0000 linux/amd64 Checkout 1.7 from git master branch and compiled.
What operating system and processor architecture are you using (go env)? GOARCH="amd64" GOBIN="" GOEXE="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOOS="linux" GOPATH="/home/ndebnath/opensource" GORACE="" GOROOT="/home/ndebnath/golang/go" GOTOOLDIR="/home/ndebnath/golang/go/pkg/tool/linux_amd64" CC="gcc" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build614456670=/tmp/go-build -gno-record-gcc-switches" CXX="g++" CGO_ENABLED="1" What did you do? Install CAcert on FreeBSD system. I placed the certificate in /etc/ssl/certs, calculated the hash and then created a symlink from /etc/ssl/certs/.0 to cacert.pem. Now the problem is fetch doesn't even look there. It only looks at /usr/local/share/certs/ca-root-nss.crt. So if I remove cert.pem then getting below error, Certificate verification failed for /C=xx/ST=xx/OU=Server/L=unknown/CN=localhost 91426:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:974: fetch: https://ip:port/v1/agent/checks: Authentication error And other https request is not going through because of "x509: certificate signed by unknown authority". During investigation I have seen that go does not checks for /etc/ssl/certs/ location files if symbolic link for nss root exist ( https://golang.org/src/crypto/x509/root_unix.go: Line 32). If I comment out this return statement then it worked for me. What did you expect to see? Both, systems default ca cert and ca files inside /etc/ssl/certs/ location should work together on FreeBSD. What did you see instead? ca file at /etc/ssl/certs/ location is not getting validated when system default ca exist. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
