V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
lanceadd
V2EX  ›  问与答

Mac os 的证书本地劫持如何解决

  •  1
     
  •   lanceadd · 2019-08-04 13:30:10 +08:00 · 1897 次点击
    这是一个创建于 1942 天前的主题,其中的信息可能已经有所发展或是发生改变。

    我用 go mod 所以使用了 goproxy.io ,然后今天 go get 一直报错

    go get -u github.com/kataras/iris@master
    go: finding github.com/kataras/iris master
    go: finding github.com/kataras master
    go: finding github.com master
    go get github.com/kataras/iris@master: Get https://goproxy.io/github.com/kataras/iris/@v/master.info: x509: certificate has expired or is not yet valid
    

    然后联系了项目作者,并使用如下命令排查

    echo | openssl s_client -showcerts -servername g -connect goproxy.io:443 2>/dev/null | openssl x509 -inform pem -noout -text
    
    

    排查结果

    $ echo | openssl s_client -showcerts -servername g -connect goproxy.io:443 2>/dev/null | openssl x509 -inform pem -noout -text
    
    Certificate:
        Data:
            Version: 1 (0x0)
            Serial Number: 13475652372996557386 (0xbb03226fa91c0a4a)
        Signature Algorithm: sha1WithRSAEncryption
            Issuer: C=CN, ST=BJ, L=BJ, O=Default Company Ltd
            Validity
                Not Before: Jun 15 10:59:49 2018 GMT
                Not After : Jun 16 10:59:49 2019 GMT
            Subject: C=CN, ST=BJ, L=BJ, O=Default Company Ltd
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (1024 bit)
                    Modulus:
                        00:a2:7d:88:5f:e0:3c:d0:ba:1f:c5:d9:81:31:f5:
                        c2:bf:59:74:5e:cd:6e:9d:52:bf:b4:5c:f1:5a:59:
                        a8:ec:8f:1d:01:f5:a4:66:86:a9:d3:9d:26:9d:b9:
                        d4:c3:bf:39:8c:a3:07:43:00:75:d3:34:1e:06:33:
                        04:ef:2b:46:ad:15:93:99:3c:0c:22:a1:e5:a9:08:
                        ce:18:c2:bc:71:d0:8f:8a:20:69:6a:ed:86:53:b4:
                        d1:fd:be:a2:3f:a0:3e:74:32:82:ea:40:a6:de:d9:
                        91:d9:bf:23:37:fa:5b:7c:c3:fc:2c:b9:38:76:37:
                        53:0d:42:a9:bb:4e:5b:a9:e3
                    Exponent: 65537 (0x10001)
        Signature Algorithm: sha1WithRSAEncryption
             97:f3:97:ae:c9:18:37:1b:55:61:b6:12:fe:3f:65:84:59:cf:
             e5:eb:f3:cf:4a:a5:9f:fb:a2:2f:3f:71:da:b2:27:fd:b0:7f:
             f2:8a:7f:28:e0:ac:77:ee:84:c5:e7:47:89:47:47:7a:a1:21:
             5d:49:32:e3:a3:f8:53:0a:5b:aa:71:64:c6:39:21:4c:95:3a:
             7b:d1:57:6b:72:31:c2:5b:01:02:04:a6:cb:e7:8a:61:7c:49:
             6e:36:eb:74:ed:af:52:17:d7:0b:a8:88:b9:ac:a3:92:5c:ac:
             7f:7f:94:88:fd:a3:64:ab:61:77:05:a4:50:b5:8f:84:d3:6f:
             74:e1
    

    然后作者给的回复

    证书确实被人劫持了,你这个不是被信任的证书,有人想窥探隐私吧,正确的证书应该是
    
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                4b:a1:7a:07:16:43:3c:e5:83:fc:4e:ee:5c:e9:c6:df
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
            Validity
                Not Before: Jul 15 00:00:00 2019 GMT
                Not After : Jul 14 23:59:59 2021 GMT
            Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=gomirrors.org
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
    
    我这边能做的非常有限,你这是本地的劫持。
    
    或者说如果你是在公司的话,可能是公司强制做的,原因你应该明白。
    

    现在很无奈,有哪位大佬能救救我

    3 条回复    2019-08-10 00:33:09 +08:00
    tankren
        1
    tankren  
       2019-08-04 14:44:29 +08:00 via Android
    中间人吧
    lcdtyph
        2
    lcdtyph  
       2019-08-04 16:22:16 +08:00 via iPhone
    挂梯子…
    wonderingray
        3
    wonderingray  
       2019-08-10 00:33:09 +08:00 via iPad
    试试 goproxy.cn 呀,比这个 io 的快好多呢,阿里云的那个也比 io 的快呀,目前所有已知代理的测试结果里 io 是最慢的了,搞不懂为啥大家都要用它。。。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5098 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 09:45 · PVG 17:45 · LAX 01:45 · JFK 04:45
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.