Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get "https://google.com": tls: failed to verify certificate: SecPolicyCreateSSL error: 0 #103

Open
NorseGaud opened this issue Jul 19, 2024 · 3 comments
Open

Get "https://google.com": tls: failed to verify certificate: SecPolicyCreateSSL error: 0 #103

NorseGaud opened this issue Jul 19, 2024 · 3 comments

Comments

@NorseGaud
Copy link
Contributor

NorseGaud commented Jul 19, 2024
edited
Loading

Reproduction on macOS:

  1. clone go-daemon locally

  2. create the files below and run go mod tidy

  • go.mod
module repro

go 1.22.5

require github.com/norsegaud/go-daemon v0.1.10

require (
        github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
        golang.org/x/sys v0.19.0 // indirect
)

replace github.com/norsegaud/go-daemon => ../go-daemon
  • main.go
package main

import (
	"fmt"
	"io"
	"log"
	"net/http"
	"time"

	"github.com/norsegaud/go-daemon"
)

func main() {

	daemonContext := &daemon.Context{
		PidFileName: "test.pid",
		PidFilePerm: 0644,
		LogFileName: "test.log",
		LogFilePerm: 0640,
		WorkDir:     "/tmp",
		Umask:       027,
		Args:        []string{"SecPolicyCreateSSL"},
	}

	d, err := daemonContext.Reborn()
	if err != nil {
		log.Fatalln(err)
	}
	if d != nil { // return the parent process since it's now forked into a child
		return
	}
	defer daemonContext.Release()

	time.Sleep(5 * time.Second)

	// go runService(serviceCtx)
	fmt.Println("doing get...")
	resp, err := http.Get("https://google.com")
	if err != nil {
		log.Println(err)
		return
	}
	defer resp.Body.Close()

	body, err := io.ReadAll(resp.Body)
	if err != nil {
		log.Println(err)
		return
	}
	fmt.Println(string(body))

	return

	err = daemon.ServeSignals()
	if err != nil {
		log.Printf("Error: %s", err.Error())
	}

	fmt.Println("main done")

}
  1. run go run main.go and tail the test.log
cat test.log
doing get...
2024/07/22 14:22:24 Get "https://google.com": tls: failed to verify certificate: SecPolicyCreateSSL error: 0

If I remove the time.Sleep(5 * time.Second) from the main.go, it works. But that's because the child has access to things while the parent is still live. Once the parent has returned, the child gets the SSL error.

The child shouldn't be dependent on the parent, but I'm not entirely sure what to do about it.
@NorseGaud
Copy link
Contributor Author

NorseGaud commented Jul 19, 2024
edited
Loading

Seems related to #100. If I increase the workaround I added (the sleep), it is fine again.

Repository owner deleted a comment from techwizard210 Jul 22, 2024
Repository owner deleted a comment Jul 22, 2024
@luigimorel
Copy link
Contributor

luigimorel commented Jul 22, 2024
edited
Loading

The code is able to perform the request without the sleeping. I have upgraded the Go version to the latest.
image

OS: Ubuntu 20

NorseGaud added a commit to NorseGaud/go-daemon that referenced this issue Jul 23, 2024
@NorseGaud
https://github.com/sevlyar/go-daemon/issues/103
b4b1cc3
@NorseGaud
Copy link
Contributor Author

golang/go#68557

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NorseGaud @luigimorel