dongyulian5801 2017-01-24 05:52
浏览 117
已采纳

Golang-跳过SSL / x509验证并构建软件包?

I know nothing about the Go language, I'd just like to use this app on Ubuntu 14:

Before doing anything, I had to set the GOPATH environment variable in my ~/.bashrc. Then the README says this program is installed with:

go get -u github.com/mvdan/fdroidcl/cmd/fdroidcl

This passes fine, and an executable is found. In fact, these are the files found in home, where GOPATH is ~/go:

$ find ~ -name 'fdroidcl*' 2>/dev/null 
/home/myusername/.cache/fdroidcl
/home/myusername/.config/fdroidcl
/home/myusername/go/pkg/gccgo_linux_386/github.com/mvdan/fdroidcl
/home/myusername/go/src/github.com/mvdan/fdroidcl
/home/myusername/go/src/github.com/mvdan/fdroidcl/cmd/fdroidcl
/home/myusername/go/bin/fdroidcl

Nice, but now when I start the initial command:

$ fdroidcl updateDownloading https://f-droid.org/repo/index.jar... 
update: could not update index: Get https://f-droid.org/repo/index.jar: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "COMODO RSA Certification Authority")

This is most likely a failure due to self-signed certificate. A quick fix would be to use http:// instead of https:// (in case of f-droid.org it is currently possible), so I tried changing ~/go/src/github.com/mvdan/fdroidcl/cmd/fdroidcl/main.go:

var config = userConfig{
        Repos: []repo{
                {
                        ID:      "f-droid",
                        //URL:     "https://f-droid.org/repo",
                        URL:     "http://f-droid.org/repo",
                        Enabled: true,
                },
                {
                        ID:      "f-droid-archive",
                        //URL:     "https://f-droid.org/archive",
                        URL:     "http://f-droid.org/archive",
                        Enabled: false,
                },
        },
}

... but the command is actually binary:

$ file $(which fdroidcl)
~/go/bin/fdroidcl: ELF 32-bit LSB  executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=cd1dc87b54f9023983511ef46fda15a4d88dcb2d, not stripped

... which means I'd have to somehow re-build this application from source in order to get those changes in - how would I do that?

Furthermore, there may be other apps with self-signed https certificates that would break, so I'd much rather skip SSL / X509 verification. It seems that, as golang: How to do a https request with bad certificate? points out, that one should do in code:

tr := http.DefaultTransport.(*http.Transport)
tr.TLSClientConfig.InsecureSkipVerify = true

... which again requires hacking/recompiling the source code - but isn't there some sort of a environment variable to help that, like GIT_SSL_NO_VERIFY for git?

  • 写回答

1条回答

  • dongmao4486 2017-01-24 07:20
    关注

    After updating the source as you did (in $GOPATH/src) you can try re-compiling using the following command:

    go install github.com/mvdan/fdroidcl/cmd/fdroidcl
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler
  • ¥15 关于#python#的问题:自动化测试