I haven't had to download a module from remote for a while.  Today I am 
seeing the following:

*go: module k8s.io/client-go/tools/clientcmd: Get 
"https://proxy.golang.org/k8s.io/client-go/tools/clientcmd/@v/list": tls: 
failed to parse certificate from server: x509: negative serial number*

With respect to this particular package, I'm not sure it is actually valid, 
but that's ok. I intend to refactor this to use a different package.  I'm 
more interested in the consequences of the error message.

I had started to see this error message when my k8s client code was 
connecting to some of our newer k8s clusters. In some cases, I would get 
that error.  I have since learned about adding the following block to my 
go.mod file:

godebug (
    x509negativeserial=1
)


This supposedly works around that problem (I'm not saying it "fixes" it).

In the case of "proxy.golang.org", I can get around that problem by putting 
"*.golang.org" into my "no_proxy", but I'm also wondering whether the 
server cert at "proxy.golang.org" actually is deficient with respect to 
this.

The other curious thing I've noticed is that I'm now having trouble 
repeating this problem with my k8s client code.  I tried commenting out 
that "godebug" block and rebuilding (hopefully forcing it to really rebuild 
everything) and connecting to the clusters that I thought I was seeing this 
with before, but now I can't get it to fail.

I was looking for more background on this situation, whatever you can 
provide.

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/golang-nuts/943ccd52-f01d-4325-9249-d1d1a38c9732n%40googlegroups.com.

Reply via email to