Skip to content

crypto/x509: verification with system and custom roots (backport to 1.17?) #52370

New issue
New issue
Not planned
Not planned
crypto/x509: verification with system and custom roots (backport to 1.17?)#52370
Labels
FrozenDueToAgeNeedsDecisionFeedback is required from experts, contributors, and/or the community before a change can be made.
@dims

Description

@dims
dims
opened on Apr 15, 2022

#16736 has been fixed in go 1.18 via https://go-review.googlesource.com/c/go/+/353589

Will the team consider back porting https://go-review.googlesource.com/c/go/+/353589 to go 1.17.x ? Is that feasible?

Context: Kubernetes/Containerd on windows has some older branches that could use this patch (example k8s 1.22.x + containerd 1.6)

Thanks,
Dims

Activity

seankhliao
added
NeedsDecisionFeedback is required from experts, contributors, and/or the community before a change can be made.
on Apr 15, 2022
seankhliao

seankhliao commented on Apr 15, 2022

@seankhliao
seankhliao
on Apr 15, 2022
Member

cc @golang/security

jayunit100

jayunit100 commented on Apr 15, 2022

@jayunit100
jayunit100
on Apr 15, 2022 · edited by jayunit100

On the sig-windows (kubernetes) side, for kubernetes, wed like to be able to use containerd for airgapped installations of windows kubelets - but without having this feature in containerd, we cannot .

rosskirkpat

rosskirkpat commented on Apr 15, 2022

@rosskirkpat
rosskirkpat
on Apr 15, 2022 · edited by rosskirkpat

We hit this issue in RKE2 Windows when using self-signed certs in an airgapped environment. rancher/rke2#1648
Here’s the workaround: rancher/rke2#1648 (comment)

In short - we had to import all self-signed certs into the windows root ca store. The error was seen when containerd in rke2 Windows tried to pull images from a private registry that used a self-signed cert.
Import-Certificate -FilePath "C:\Users\Administrator\ca.pem" -CertStoreLocation cert:\CurrentUser\Root

seankhliao

seankhliao commented on Aug 20, 2022

@seankhliao
seankhliao
on Aug 20, 2022
Member

1.17 is no longer supported

seankhliao
closed this as not plannedon Aug 20, 2022
golang
locked and limited conversation to collaborators on Aug 20, 2023
gopherbot
added
FrozenDueToAge
on Aug 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsDecisionFeedback is required from experts, contributors, and/or the community before a change can be made.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @dims@jayunit100@gopherbot@seankhliao@rosskirkpat

        Issue actions
          crypto/x509: verification with system and custom roots (backport to 1.17?) · Issue #52370 · golang/go