3

First of all, although it looks the same as the following questions

it is NOT. as all those questions are on git but this is on go get:

$ go get -v -u golang.org/x/tools/cmd/goimports
get "golang.org/x/tools/cmd/goimports": found meta tag get.metaImport{Prefix:"golang.org/x/tools", VCS:"git", RepoRoot:"https://go.googlesource.com/tools"} at //golang.org/x/tools/cmd/goimports?go-get=1
get "golang.org/x/tools/cmd/goimports": verifying non-authoritative meta tag
golang.org/x/tools (download)
# cd .; git clone -- https://go.googlesource.com/tools /path/to/Go/src/golang.org/x/tools
Cloning into '.../Go/src/golang.org/x/tools'...
error: RPC failed; curl 56 GnuTLS recv error (-110): The TLS connection was non-properly terminated.
package golang.org/x/tools/cmd/goimports: exit status 128

None of the solution works for me, and I believe for anyone within a typical corporate dev environment:

  • We access the Internet behind corporate firewall, thus any secure https access would fail unless special treated.
  • Apart from accessing public https git repos like above, https://go.googlesource.com/tools, which is more or less an one off thing, we need to accessing our in house https TFS git repos all the times. Thus I cannot change the git https access method as other solution suggested.
  • I tried to use git config --global http.sslVerify false beforehand but the problem remains exactly the same.

So the question is, how can I let go get to tell git to relax on its security check?
I think that's the only option I have but I'm all ears.

PS. -insecure doesn't work either:

$ go get -v -insecure golang.org/x/sys/unix
get "golang.org/x/sys/unix": found meta tag get.metaImport{Prefix:"golang.org/x/sys", VCS:"git", RepoRoot:"https://go.googlesource.com/sys"} at //golang.org/x/sys/unix?go-get=1
get "golang.org/x/sys/unix": verifying non-authoritative meta tag
golang.org/x/sys (download)
# cd .; git clone -- https://go.googlesource.com/sys /path/to/Go/src/golang.org/x/sys
Cloning into '/path/to/Go/src/golang.org/x/sys'...
error: RPC failed; curl 56 GnuTLS recv error (-110): The TLS connection was non-properly terminated.
package golang.org/x/sys/unix: exit status 128

PPS. curl -s https://go.googlesource.com/sys works just fine for me:

$ curl -s https://go.googlesource.com/sys
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>sys - Git at Google</title><link rel="stylesheet" . . .
xpt
  • 20,363
  • 37
  • 127
  • 216
  • 1
    This message means your corporate firewall is broken and doesn't speak TLS properly. The TLS standard requires that a connection be correctly terminated, regardless of whether you choose to validate the certificate or not. You'll need to use SSH instead or get your company to fix their broken TLS MITM device. – bk2204 Mar 29 '21 at 22:46
  • 1
    Thx. The broken TLS MITM device is **Zscaler**. I have no way to reason my company, a Windows-only-C#-shop, to fix it for my _"personal"_ problem. So the only thing I can do is to name it publicly here. – xpt Mar 30 '21 at 15:10

1 Answers1

1

I just spent too much time on this. F*ing ZScaller. What finally worked for me was to switch from the WSL version of go (Ubuntu 20 go 1.13 I think) to the latest one (1.17.3)

I used a mix from the following links to achieve this, probably a better way exists:
https://gist.github.com/nikhita/432436d570b89cab172dcf2894465753
https://askubuntu.com/questions/720260/updating-golang-on-ubuntu

but just in case somebody noob as me gets here:

sudo apt-get purge golang*
curl -k https://dl.google.com/go/go1.17.3.linux-amd64.tar.gz --output go1.17.3.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf ./go1.17.3.linux-amd64.tar.gz
GOPATH=~/go
GOROOT=/usr/local/go
PATH=$PATH:$GOROOT/bin:$GOPATH/bin
go install package@latest

success. FUZ (F U ZScaller)

ldobre
  • 361
  • 2
  • 6