dongyulian5801 2017-01-24 05:52
浏览 117
已采纳

Golang-跳过SSL / x509验证并构建软件包?

I know nothing about the Go language, I'd just like to use this app on Ubuntu 14:

Before doing anything, I had to set the GOPATH environment variable in my ~/.bashrc. Then the README says this program is installed with:

go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl

This passes fine, and an executable is found. In fact, these are the files found in home, where GOPATH is ~/go:

$ find ~ -name 'fdroidcl*' 2>/dev/null 
/home/myusername/.cache/fdroidcl
/home/myusername/.config/fdroidcl
/home/myusername/go/pkg/gccgo_linux_386/github.com/mvdan/fdroidcl
/home/myusername/go/src/github.com/mvdan/fdroidcl
/home/myusername/go/src/github.com/mvdan/fdroidcl/cmd/fdroidcl
/home/myusername/go/bin/fdroidcl

Nice, but now when I start the initial command:

$ fdroidcl updateDownloading https://f-droid.org/repo/index.jar... 
update: could not update index: Get https://f-droid.org/repo/index.jar: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "COMODO RSA Certification Authority")

This is most likely a failure due to self-signed certificate. A quick fix would be to use http:// instead of https:// (in case of f-droid.org it is currently possible), so I tried changing ~/go/src/github.com/mvdan/fdroidcl/cmd/fdroidcl/main.go:

var config = userConfig{
        Repos: []repo{
                {
                        ID:      "f-droid",
                        //URL:     "https://f-droid.org/repo",
                        URL:     "http://f-droid.org/repo",
                        Enabled: true,
                },
                {
                        ID:      "f-droid-archive",
                        //URL:     "https://f-droid.org/archive",
                        URL:     "http://f-droid.org/archive",
                        Enabled: false,
                },
        },
}

... but the command is actually binary:

$ file $(which fdroidcl)
~/go/bin/fdroidcl: ELF 32-bit LSB  executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=cd1dc87b54f9023983511ef46fda15a4d88dcb2d, not stripped

... which means I'd have to somehow re-build this application from source in order to get those changes in - how would I do that?

Furthermore, there may be other apps with self-signed https certificates that would break, so I'd much rather skip SSL / X509 verification. It seems that, as golang: How to do a https request with bad certificate? points out, that one should do in code:

tr := http.DefaultTransport.(*http.Transport)
tr.TLSClientConfig.InsecureSkipVerify = true

... which again requires hacking/recompiling the source code - but isn't there some sort of a environment variable to help that, like GIT_SSL_NO_VERIFY for git?

  • 写回答

1条回答 默认 最新

  • dongmao4486 2017-01-24 07:20
    关注

    After updating the source as you did (in $GOPATH/src) you can try re-compiling using the following command:

    go install github.com/mvdan/fdroidcl/cmd/fdroidcl
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 回答4f系统的像差计算
  • ¥15 java如何提取出pdf里的文字?
  • ¥100 求三轴之间相互配合画圆以及直线的算法
  • ¥100 c语言,请帮蒟蒻写一个题的范例作参考
  • ¥15 名为“Product”的列已属于此 DataTable
  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 自己瞎改改,结果现在又运行不了了