Mac os 的证书本地劫持如何解决

2019-08-04 13:30:10 +08:00
 lanceadd

我用 go mod 所以使用了 goproxy.io ,然后今天 go get 一直报错

go get -u github.com/kataras/iris@master
go: finding github.com/kataras/iris master
go: finding github.com/kataras master
go: finding github.com master
go get github.com/kataras/iris@master: Get https://goproxy.io/github.com/kataras/iris/@v/master.info: x509: certificate has expired or is not yet valid

然后联系了项目作者,并使用如下命令排查

echo | openssl s_client -showcerts -servername g -connect goproxy.io:443 2>/dev/null | openssl x509 -inform pem -noout -text

排查结果

$ echo | openssl s_client -showcerts -servername g -connect goproxy.io:443 2>/dev/null | openssl x509 -inform pem -noout -text

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 13475652372996557386 (0xbb03226fa91c0a4a)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CN, ST=BJ, L=BJ, O=Default Company Ltd
        Validity
            Not Before: Jun 15 10:59:49 2018 GMT
            Not After : Jun 16 10:59:49 2019 GMT
        Subject: C=CN, ST=BJ, L=BJ, O=Default Company Ltd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:a2:7d:88:5f:e0:3c:d0:ba:1f:c5:d9:81:31:f5:
                    c2:bf:59:74:5e:cd:6e:9d:52:bf:b4:5c:f1:5a:59:
                    a8:ec:8f:1d:01:f5:a4:66:86:a9:d3:9d:26:9d:b9:
                    d4:c3:bf:39:8c:a3:07:43:00:75:d3:34:1e:06:33:
                    04:ef:2b:46:ad:15:93:99:3c:0c:22:a1:e5:a9:08:
                    ce:18:c2:bc:71:d0:8f:8a:20:69:6a:ed:86:53:b4:
                    d1:fd:be:a2:3f:a0:3e:74:32:82:ea:40:a6:de:d9:
                    91:d9:bf:23:37:fa:5b:7c:c3:fc:2c:b9:38:76:37:
                    53:0d:42:a9:bb:4e:5b:a9:e3
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         97:f3:97:ae:c9:18:37:1b:55:61:b6:12:fe:3f:65:84:59:cf:
         e5:eb:f3:cf:4a:a5:9f:fb:a2:2f:3f:71:da:b2:27:fd:b0:7f:
         f2:8a:7f:28:e0:ac:77:ee:84:c5:e7:47:89:47:47:7a:a1:21:
         5d:49:32:e3:a3:f8:53:0a:5b:aa:71:64:c6:39:21:4c:95:3a:
         7b:d1:57:6b:72:31:c2:5b:01:02:04:a6:cb:e7:8a:61:7c:49:
         6e:36:eb:74:ed:af:52:17:d7:0b:a8:88:b9:ac:a3:92:5c:ac:
         7f:7f:94:88:fd:a3:64:ab:61:77:05:a4:50:b5:8f:84:d3:6f:
         74:e1

然后作者给的回复

证书确实被人劫持了,你这个不是被信任的证书,有人想窥探隐私吧,正确的证书应该是

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:a1:7a:07:16:43:3c:e5:83:fc:4e:ee:5c:e9:c6:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
        Validity
            Not Before: Jul 15 00:00:00 2019 GMT
            Not After : Jul 14 23:59:59 2021 GMT
        Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=gomirrors.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:

我这边能做的非常有限,你这是本地的劫持。

或者说如果你是在公司的话,可能是公司强制做的,原因你应该明白。

现在很无奈,有哪位大佬能救救我

1896 次点击
所在节点    问与答
3 条回复
tankren
2019-08-04 14:44:29 +08:00
中间人吧
lcdtyph
2019-08-04 16:22:16 +08:00
挂梯子…
wonderingray
2019-08-10 00:33:09 +08:00
试试 goproxy.cn 呀,比这个 io 的快好多呢,阿里云的那个也比 io 的快呀,目前所有已知代理的测试结果里 io 是最慢的了,搞不懂为啥大家都要用它。。。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/588912

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX