Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go 1.20: fix up retry certificate retry after Go CL "crypto/tls: add CertificateVerificationError to tls handshake" #176

Closed
aktau opened this issue Nov 24, 2022 · 0 comments · Fixed by #210
Closed

Go 1.20: fix up retry certificate retry after Go CL "crypto/tls: add CertificateVerificationError to tls handshake" #176

aktau opened this issue Nov 24, 2022 · 0 comments · Fixed by #210
Labels
bug
Milestone
v0.7.6

Comments

@aktau
Copy link

aktau commented Nov 24, 2022
edited
Loading

Certificate retry inhibiting would be broken in Go 1.20.

The upstream CL http://go.dev/cl/449336 changed the error type returned when there's a certificate verification failure. The following line no longer hits:

go-retryablehttp/client.go

Lines 476 to 478 in 493aa4c

if _, ok := v.Err.(x509.UnknownAuthorityError); ok {
return false, v
}

I believe it would resume working (and also work for older Go versions) if this was changed to:

			// Don't retry if the error was due to TLS cert verification failure.
-			if _, ok := v.Err.(x509.UnknownAuthorityError); ok {
+			if _, ok := errors.As(v.Err, &x509.UnknownAuthorityError{}); ok {
				return false, nil
			}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v0.7.6
Development

Successfully merging a pull request may close this issue.

Fix default retry policy for certificate verification errors and bad request headers
2 participants
@aktau @manicminer