Golang – 跳过 SSL / x509 验证并构建包?

huangapple
go评论85阅读模式
英文:

Golang - skip SSL / x509 verification and build package?

问题

我对Go语言一无所知,我只想在Ubuntu 14上使用这个应用程序:

在进行任何操作之前,我必须在我的~/.bashrc文件中设置GOPATH环境变量。然后README中说要使用以下命令安装该程序:

go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl

这个命令执行成功了,并找到了可执行文件。实际上,这些文件都在我的主目录下,GOPATH设置为~/go:

$ find ~ -name 'fdroidcl*' 2>/dev/null 
/home/myusername/.cache/fdroidcl
/home/myusername/.config/fdroidcl
/home/myusername/go/pkg/gccgo_linux_386/github.com/mvdan/fdroidcl
/home/myusername/go/src/github.com/mvdan/fdroidcl
/home/myusername/go/src/github.com/mvdan/fdroidcl/cmd/fdroidcl
/home/myusername/go/bin/fdroidcl

很好,但是当我运行初始命令时:

$ fdroidcl updateDownloading https://f-droid.org/repo/index.jar... 
update: could not update index: Get https://f-droid.org/repo/index.jar: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "COMODO RSA Certification Authority")

这很可能是由于自签名证书导致的错误。一个快速的解决方法是使用http://而不是https://(在f-droid.org的情况下是可行的),所以我尝试修改~/go/src/github.com/mvdan/fdroidcl/cmd/fdroidcl/main.go文件:

var config = userConfig{
        Repos: []repo{
                {
                        ID:      "f-droid",
                        //URL:     "https://f-droid.org/repo",
                        URL:     "http://f-droid.org/repo",
                        Enabled: true,
                },
                {
                        ID:      "f-droid-archive",
                        //URL:     "https://f-droid.org/archive",
                        URL:     "http://f-droid.org/archive",
                        Enabled: false,
                },
        },
}

...但实际上该命令是二进制文件:

$ file $(which fdroidcl)
~/go/bin/fdroidcl: ELF 32-bit LSB  executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=cd1dc87b54f9023983511ef46fda15a4d88dcb2d, not stripped

...这意味着我必须以某种方式重新构建这个应用程序的源代码,以便应用这些更改-我该如何做到这一点?

此外,可能还有其他具有自签名https证书的应用程序会出现问题,所以我更愿意跳过SSL/X509验证。根据https://stackoverflow.com/questions/12122159/golang-how-to-do-a-https-request-with-bad-certificate中的解释,似乎可以在代码中进行如下设置:

tr := http.DefaultTransport.(*http.Transport)
tr.TLSClientConfig.InsecureSkipVerify = true

...但这又需要对源代码进行修改/重新编译-但是难道没有一种类似于GIT_SSL_NO_VERIFY对于git的环境变量来帮助吗?

英文:

I know nothing about the Go language, I'd just like to use this app on Ubuntu 14:

Before doing anything, I had to set the GOPATH environment variable in my ~/.bashrc. Then the README says this program is installed with:

go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl

This passes fine, and an executable is found. In fact, these are the files found in home, where GOPATH is ~/go:

$ find ~ -name 'fdroidcl*' 2>/dev/null 
/home/myusername/.cache/fdroidcl
/home/myusername/.config/fdroidcl
/home/myusername/go/pkg/gccgo_linux_386/github.com/mvdan/fdroidcl
/home/myusername/go/src/github.com/mvdan/fdroidcl
/home/myusername/go/src/github.com/mvdan/fdroidcl/cmd/fdroidcl
/home/myusername/go/bin/fdroidcl

Nice, but now when I start the initial command:

$ fdroidcl updateDownloading https://f-droid.org/repo/index.jar... 
update: could not update index: Get https://f-droid.org/repo/index.jar: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "COMODO RSA Certification Authority")

This is most likely a failure due to self-signed certificate. A quick fix would be to use http:// instead of https:// (in case of f-droid.org it is currently possible), so I tried changing ~/go/src/github.com/mvdan/fdroidcl/cmd/fdroidcl/main.go:

var config = userConfig{
        Repos: []repo{
                {
                        ID:      "f-droid",
                        //URL:     "https://f-droid.org/repo",
                        URL:     "http://f-droid.org/repo",
                        Enabled: true,
                },
                {
                        ID:      "f-droid-archive",
                        //URL:     "https://f-droid.org/archive",
                        URL:     "http://f-droid.org/archive",
                        Enabled: false,
                },
        },
}

... but the command is actually binary:

$ file $(which fdroidcl)
~/go/bin/fdroidcl: ELF 32-bit LSB  executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=cd1dc87b54f9023983511ef46fda15a4d88dcb2d, not stripped

... which means I'd have to somehow re-build this application from source in order to get those changes in - how would I do that?

Furthermore, there may be other apps with self-signed https certificates that would break, so I'd much rather skip SSL / X509 verification. It seems that, as https://stackoverflow.com/questions/12122159/golang-how-to-do-a-https-request-with-bad-certificate points out, that one should do in code:

tr := http.DefaultTransport.(*http.Transport)
tr.TLSClientConfig.InsecureSkipVerify = true

... which again requires hacking/recompiling the source code - but isn't there some sort of a environment variable to help that, like GIT_SSL_NO_VERIFY for git?

答案1

得分: 2

在将源代码更新为您所做的方式(在$GOPATH/src中)之后,您可以尝试使用以下命令重新编译:

go install github.com/mvdan/fdroidcl/cmd/fdroidcl
英文:

After updating the source as you did (in $GOPATH/src) you can try re-compiling using the following command:

go install github.com/mvdan/fdroidcl/cmd/fdroidcl

huangapple
  • 本文由 发表于 2017年1月24日 13:52:07
  • 转载请务必保留本文链接:https://go.coder-hub.com/41820908.html
  • compilation
  • go
  • ssl
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定