go: crypto/tls: handshake fails with EOF

Go Version: 1.5.1 OS/Arch: Linux & Darwin/amd64

I’m trying to connect to a web service hosted by a third party using mutual TLS. Here is the simple test case I am trying:

https://play.golang.org/p/wr8x8awD8u

I am able to connect as expected to the same web service with the same parameters for key, cert, etc using curl:

curl --cacert /home/nifi/robtest/nexusproxy/guard_ca.pem --cert /path/to/public_crt.pem --key /path/to/private_key.pem https://some.server.com:8000/some/path

The go test case fails with an EOF error.

Further:

I’ve traced the error to this line in the tls client handshake:

https://github.com/golang/go/blob/go1.5.1/src/crypto/tls/handshake_client.go#L561

This section https://github.com/golang/go/blob/go1.5.1/src/crypto/tls/conn.go#L541-L546 would seem to suggest that an EOF is expected in some cases but there doesn’t appear to be any code to handle such a case.

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Comments: 15 (9 by maintainers)

Most upvoted comments

@einthusan, that seems unrelated. This bug was about client-side TLS. I’d move your server-side question to https://golang.org/wiki/Questions for now.

I think I’m actually going to close this bug as TimedOut, since it’s been a year now (two releases) and there’s nothing quite actionable here.

Anybody, feel free to reopen either this or another perhaps ideally a new bug with details of client-side TLS problems with Go 1.8beta+.

+1
bradfitz on Dec 28, 2016
Read more comments on GitHub
← go: crypto/tls: go get failed on Mac with "x509: certificate signed by unknown authority"
go: crypto/tls: linux/arm64 Go 1.8 performance is slow, max 12.5 MB/sec  →