1276255 – golang-1.5 breaks tls handshake certificate chain verification

Bug 1276255 - golang-1.5 breaks tls handshake certificate chain verification

Summary: golang-1.5 breaks tls handshake certificate chain verification

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	golang
Sub Component:
Version:	23
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Vincent Batts
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1274854
TreeView+	depends on / blocked

Reported:	2015-10-29 09:22 UTC by Jan Chaloupka
Modified:	2015-10-29 14:53 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-10-29 14:53:10 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Chaloupka 2015-10-29 09:22:05 UTC

Description of problem:
When building kubernetes with go-1.5, 'kubectl exec --v=9 mock /bin/sh -i' ends with "tls: handshake did not verify certificate chain". This does not happen with go-1.4,

Version-Release number of selected component (if applicable):
golang-1.5.1-1.fc23

How reproducible:
always

Steps to Reproduce:
See bz#1274854

Comment 1 Jan Chaloupka 2015-10-29 09:40:33 UTC

Based on https://github.com/golang/go/issues/12024, it should be fixed.

This PR [1] introduces the issue. This PR [2] is supposed to fix it. Does not appear so. Maybe it is a question of correct configuration.

[1] https://github.com/golang/go/commit/3cf15b57f76400b22366ccd8ef5b211c72ab6a7f
[2] https://github.com/golang/go/commit/46a29138827cefb15e437f291cbb2ccda685b840

Comment 2 Jan Chaloupka 2015-10-29 14:53:10 UTC

Confirming it is fixed in golang. Kubernetes upstream has refactored and patched the code for TLS connection in 1.2. Backporting the patch to 1.0.6 solves the issue.

Note You need to log in before you can comment on or make changes to this bug.