0

I didn't found right solution, so just, call an URL from golang on MacOS Sierra, to a server that uses self-signed SSL certificate.

I try to run a program that uses https://github.com/olivere/elastic that does the http query, so I don't have "control" on code-source really.

I am looking for a solution such as:

  • Disable SSL check for go by setting a bash variable (export GOLANG_SSL=false ?)
  • Set self-signed certif to golang

Or any other idea is welcomed!

Merci,

Thomas Decaux
  • 21,738
  • 2
  • 113
  • 124
  • 4
    Dup of [this](http://stackoverflow.com/q/12122159/1892060)? – Ainar-G Nov 24 '16 at 13:29
  • 1
    If you are talking about the NewClient function, you should submit a PR that adds an OptionFunc https://godoc.org/gopkg.in/olivere/elastic.v5#ClientOptionFunc - that can set InsecureSkipVerify to true for the underlying http.Client. Even better: an option that allows the package user to provide their own http.Client. – elithrar Nov 24 '16 at 16:17
  • elithrar is right. SetHttpClient allows you to set InsecureSkipVerify and ignore certicate verification. But what have not been mentioned yet, is that new golang 1.8 allows to set self-signed certificate as root as certificate chain (put self-signed cert in RootCAs in Transport.TLSClientConfig. – lofcek Nov 24 '16 at 23:19
  • I have no access to source, I want to run a go program that uses this library (https://github.com/knes1/elktail) – Thomas Decaux Nov 25 '16 at 09:34
  • 1
    @elithrar: there is already a [SetHTTPClient](https://godoc.org/gopkg.in/olivere/elastic.v5#SetHttpClient) option. – JimB Nov 26 '16 at 16:21
  • @lofcek: you have always been able to add a self-signed cert to the RootCAs (being self-signed has nothing really to do with it). What go1.8 feature are you thinking of? – JimB Nov 26 '16 at 16:28

1 Answers1

0

You should install (trust) the self-signed certificate in the host OS that runs the Go client.

There is no "Set self-signed certif to golang", but "Set self-signed certif to OS".

As for how to do that, it will depend on which OS you're running on the client machine, but a quick Google search can help you with that: install self-signed certificate in Windows/Linux/MacOS/FreeBSD/etc...

peiiion
  • 308
  • 2
  • 4
  • Thats not working on MacOS, know issue but not really solved. thanks you – Thomas Decaux Nov 25 '16 at 17:19
  • You never need to install a cert via the OS to use it as a CA for a TLS connection. – JimB Nov 26 '16 at 16:20
  • @JimB I know, i would never use a service that works on a self-signed certificate, but the author mentioned he has NO access to the source code. – peiiion Nov 27 '16 at 14:20
  • @JimB So no need to downvote my answer while yours is even more invalid than mine because you're not reading the entire post. – peiiion Nov 27 '16 at 14:23
  • @peiiion: yes, after reading the comments it seems you're right. I and others assumed the question is about programming, but it seems it's just about running a program that happens to be written in Go. – JimB Nov 28 '16 at 13:48