If it was affected by no_proxy, that points to your proxy serving the invalid cert, rather than the upstream.
- sean On Thu, Apr 24, 2025, 19:11 David Karr <davidmichaelk...@gmail.com> wrote: > I haven't had to download a module from remote for a while. Today I am > seeing the following: > > *go: module k8s.io/client-go/tools/clientcmd > <http://k8s.io/client-go/tools/clientcmd>: Get > "https://proxy.golang.org/k8s.io/client-go/tools/clientcmd/@v/list > <https://proxy.golang.org/k8s.io/client-go/tools/clientcmd/@v/list>": tls: > failed to parse certificate from server: x509: negative serial number* > > With respect to this particular package, I'm not sure it is actually > valid, but that's ok. I intend to refactor this to use a different > package. I'm more interested in the consequences of the error message. > > I had started to see this error message when my k8s client code was > connecting to some of our newer k8s clusters. In some cases, I would get > that error. I have since learned about adding the following block to my > go.mod file: > > godebug ( > x509negativeserial=1 > ) > > > This supposedly works around that problem (I'm not saying it "fixes" it). > > In the case of "proxy.golang.org", I can get around that problem by > putting "*.golang.org" into my "no_proxy", but I'm also wondering whether > the server cert at "proxy.golang.org" actually is deficient with respect > to this. > > The other curious thing I've noticed is that I'm now having trouble > repeating this problem with my k8s client code. I tried commenting out > that "godebug" block and rebuilding (hopefully forcing it to really rebuild > everything) and connecting to the clusters that I thought I was seeing this > with before, but now I can't get it to fail. > > I was looking for more background on this situation, whatever you can > provide. > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion visit > https://groups.google.com/d/msgid/golang-nuts/943ccd52-f01d-4325-9249-d1d1a38c9732n%40googlegroups.com > <https://groups.google.com/d/msgid/golang-nuts/943ccd52-f01d-4325-9249-d1d1a38c9732n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/CAGabyPr6Fc87UY_JYu-SABx97xDPP0bXwTp_WkBFDjSm4ip3Ew%40mail.gmail.com.
