OpenSSL generating .cnf from windows bat script, error: no objects specified in config file

I’m a little stuck trying to generate certificates against a windows 2012R2 AD CS CA using openSSL.

My bat script asks for some inputs and uses them to generate a .cnf file for that specific request. When i run the script and open the .cnf file i see the following which all appears correct:

[ req ] default_bits       = 2048 distinguished_name = req_distinguished_name req_extensions     = req_ext [ req_distinguished_name ] countryName                 = US stateOrProvinceName         = Michigan localityName               = Detroit organizationName           = LEI commonName                 = nas.lei.com [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = nas.lei.com DNS.2 = 192.168.1.15 DNS.3 =  

So far so good, after the bat script generates this file it calls the following openSSL command:

openssl req -out TEMP/%_CNAME%.req -newkey rsa:2048 -nodes -keyout TEMP/%_CNAME%.key -config TEMP/%_CNAME%.cnf 

OpenSSL does it’s thing and starts to give me output as follows:

---- You are about to based to enter information that will be incorporated into your certificate request. For some fields there will be a default value, If you enter '.', the field will be left blank. ---- US []: Michigan []: etc... 

Here is where things go sideways. If i just enter through the fields accepting the default values from the .cnf file, i get the following:

error, no objects specified in config file. Problems making Certificate Request 

Now, if i go back and don’t just enter through my defaults, say i set the following:

US []: US 

It then accepts my .cnf files, does not generate an error, but generates an invalid CSR, the only items that show up in the CSR in this case would be Country=US.

I can’t sort this out, i thought it was an encoding issue but when i inspect the file in notepad++ it’s UTF-8 encoded. Anyone have any suggestions?

Here is the section of the bat scripting that genetrates the .cnf file:

REM Create .cnf file @echo off @echo [ req ]> TEMP/%_CNAME%.cnf @echo default_bits       = 2048>> TEMP/%_CNAME%.cnf @echo distinguished_name = req_distinguished_name>> TEMP/%_CNAME%.cnf @echo req_extensions     = req_ext>> TEMP/%_CNAME%.cnf @echo [ req_distinguished_name ]>> TEMP/%_CNAME%.cnf @echo countryName                 = US>> TEMP/%_CNAME%.cnf @echo stateOrProvinceName         = Michigan>> TEMP/%_CNAME%.cnf @echo localityName               = Detroit>> TEMP/%_CNAME%.cnf @echo organizationName           = LEI>> TEMP/%_CNAME%.cnf @echo commonName                 = %_DNS%>> TEMP/%_CNAME%.cnf @echo [ req_ext ]>> TEMP/%_CNAME%.cnf @echo subjectAltName = @alt_names>> TEMP/%_CNAME%.cnf @echo [alt_names]>> TEMP/%_CNAME%.cnf @echo DNS.1 = %_DNS%>> TEMP/%_CNAME%.cnf @echo DNS.2 = %_DNS2%>> TEMP/%_CNAME%.cnf @echo DNS.3 = %_DNS3%>> TEMP/%_CNAME%.cnf 

openSSL use SAN from CSR

I am trying to create an ssl certificate from a CSR file containing a SAN using openssl, using the command line:

openssl x509 -req -in keyshare.acceptance.privacybydesign.foundation.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out keyshare.acceptance.privacybydesign.foundation.crt -days 500 -sha256 

However, when doing this, it ignores the SAN information in the certificate sign request. How can I get openSSL to use this information?

openssl cms verify/decrypt get content

I’m trying to decrypt a message. This command almost gets me the correct result:

openssl cms -verify -in message_from_alice_for_bob.msg -inform DER -CAfile ehealth_root_ca.cer | openssl cms -decrypt -inform DER -recip bob_etk_pair.pem  | openssl cms -inform DER -cmsout -print 

I can see the correct message in eContent, but how can I extract this? The only result I need is: This is a secret message from Alice for Bob written at Thu Mar 13 12:39:12 CET 2014

Verification successful CMS_ContentInfo:   contentType: pkcs7-signedData (1.2.840.113549.1.7.2)   d.signedData:     version: 1     digestAlgorithms:         algorithm: sha256 (2.16.840.1.101.3.4.2.1)         parameter: NULL     encapContentInfo:       eContentType: pkcs7-data (1.2.840.113549.1.7.1)       eContent:         0000 - 54 68 69 73 20 69 73 20-61 20 73 65 63 72 65   This is a secre         000f - 74 20 6d 65 73 73 61 67-65 20 66 72 6f 6d 20   t message from         001e - 41 6c 69 63 65 20 66 6f-72 20 42 6f 62 20 77   Alice for Bob w         002d - 72 69 74 74 65 6e 20 61-74 20 54 68 75 20 4d   ritten at Thu M         003c - 61 72 20 31 33 20 31 32-3a 33 39 3a 31 32 20   ar 13 12:39:12         004b - 43 45 54 20 32 30 31 34-                       CET 2014     certificates:       <ABSENT>     crls:       <ABSENT>     signerInfos:         version: 1         d.issuerAndSerialNumber:           issuer: C=BE, O=Federal Government, OU=eHealth-platform Belgium, CN=eH CA           serialNumber: 11687039761893623079         digestAlgorithm:           algorithm: sha256 (2.16.840.1.101.3.4.2.1)           parameter: NULL         signedAttrs:             object: contentType (1.2.840.113549.1.9.3)             set:               OBJECT:pkcs7-data (1.2.840.113549.1.7.1)              object: signingTime (1.2.840.113549.1.9.5)             set:               UTCTIME:Mar 13 11:39:12 2014 GMT              object: messageDigest (1.2.840.113549.1.9.4)             set:               OCTET STRING:                 0000 - 76 64 f2 6c 21 f7 8e 53-ea 12 42 03 38   vd.l!..S..B.8                 000d - a8 17 ff cc 5e 41 07 ed-ad 14 3b ab 49   ....^A....;.I                 001a - d0 b2 87 74 db f4                        ...t..         signatureAlgorithm:           algorithm: rsassaPss (1.2.840.113549.1.1.10)           parameter: SEQUENCE:     0:d=0  hl=2 l=  52 cons: SEQUENCE     2:d=1  hl=2 l=  15 cons:  cont [ 0 ]     4:d=2  hl=2 l=  13 cons:   SEQUENCE     6:d=3  hl=2 l=   9 prim:    OBJECT            :sha256    17:d=3  hl=2 l=   0 prim:    NULL    19:d=1  hl=2 l=  28 cons:  cont [ 1 ]    21:d=2  hl=2 l=  26 cons:   SEQUENCE    23:d=3  hl=2 l=   9 prim:    OBJECT            :mgf1    34:d=3  hl=2 l=  13 cons:    SEQUENCE    36:d=4  hl=2 l=   9 prim:     OBJECT            :sha256    47:d=4  hl=2 l=   0 prim:     NULL    49:d=1  hl=2 l=   3 cons:  cont [ 2 ]    51:d=2  hl=2 l=   1 prim:   INTEGER           :20         signature:           0000 - a9 d1 19 05 47 5c 9c 57-db 94 5f f3 3a 25 55   ....G\.W.._.:%U           000f - b7 60 87 cd 07 02 43 16-21 a7 11 d6 a5 b4 be   .`....C.!......           001e - 0f 46 d3 a6 2c 8c e8 1d-9b be 34 b1 49 38 85   .F..,.....4.I8.           002d - 8b 26 b3 b7 3e 11 dd 6e-45 b7 42 d1 3c fe 87   .&..>..nE.B.<..           003c - 92 52 9a 08 24 9e b8 bf-36 23 09 d0 7e 93 c5   .R..$  ...6#..~..           004b - d7 b7 65 11 32 57 83 bc-71 e4 6f cd 2e 56 23   ..e.2W..q.o..V#           005a - 64 e6 2d 53 23 a8 2d 73-92 fd a8 d7 1f 3e 02   d.-S#.-s.....>.           0069 - ef 4e bc 46 dc d2 39 53-1d 12 7c 93 02 25 25   .N.F..9S..|..%%           0078 - 59 40 72 e7 7b 51 3b fd-27 4d ab 21 3f 14 5c   Y@r.{Q;.'M.!?.\           0087 - 77 b8 18 0b 8d 6c 9d b9-ab 7e b6 45 b3 bc d8   w....l...~.E...           0096 - 79 36 06 22 aa b7 12 13-0c 0e 57 e9 fa ea 4c   y6."......W...L           00a5 - 3e a4 07 de 6a 10 13 69-e9 c8 70 f2 ad f2 26   >...j..i..p...&           00b4 - f0 71 96 e3 52 aa 74 b1-39 17 54 f1 b5 d8 d6   .q..R.t.9.T....           00c3 - 2e 64 c2 f7 c5 d4 d3 52-1d 3c 83 61 65 9a 90   .d.....R.<.ae..           00d2 - 39 07 a3 40 58 d1 53 1c-3c cf 67 49 e9 7a d3   9..@X.S.<.gI.z.           00e1 - 3e 6c ac 83 51 e1 08 f4-eb e1 c5 54 58 b8 43   >l..Q......TX.C           00f0 - d2 c0 2d 26 8f 16 53 c5-04 f0 36 b1 1f 2e 54   ..-&..S...6...T           00ff - ec                                             .         unsignedAttrs:           <EMPTY> 

If I try this:

openssl cms -verify -in message_from_alice_for_bob.msg -inform DER -CAfile ehealth_root_ca.cer | openssl cms -decrypt -inform DER  -recip bob_etk_pair.pem  | openssl cms -verify -inform DER 

I get this error:

Verification successful Verification failure 4433208768:error:2E09D08A:CMS routines:CMS_verify:signer certificate not found:crypto/cms/cms_smime.c:304: 

I’m not sure what certificate is expected here?

Confusion over OCSP support from a web-site? Openssl vs Broweser Information? Which one to believe?

I am looking at a website in Google Chrome, according to an article that I read online in order to check if a website supports OCSF you can look at the Certificates>Details>Extensions and then see if it has smth like http://ocsp.blla.blla.blla …

So I am looking to the website that I am interested to know if it supports OCSP, and I am looking at the certificates extensions and I see the link and the issuer for OCSP.

But when I am testing for OCSP using OpenSSL, with the following line:

openssl s_client -connect thewebIwantToLookat.com:443 -tls1 -tlsextdebug -status 

It is returning:

OCSP response: no response sent 

Meaning there is no OCSP support.

So now which one should I believe, this should be deterministic, right?

encryp/decrypt using openssl

Hi I have a groovy script that uses looks like cmd1 = “echo $ {really_long_key}” ssl_cmd = “openssl aes-256-cbc -md md5 -nosalt -a -pass pass:$ {encryptPassword} dec”

def process = cmd1.execute() | ssl_cmd.execute() process.waitFor()

it works for smaller keys but if the key is 2900+ characters it fails to decode.

also if done on the command line (echo “really_long_key” | openssl aes-….. I end up with: bad decrypt 140150542661448:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:589:

Converting a raw EC public key into EVP_PKEY using openssl

I am trying to convert a raw EC key and EVP_PKEY structure. The process seems straightforward but am running into issues.

Here is the code I am using —

unsigned char tmpPubKey[] = {     0x04, 0xbf, 0x7a, 0x7f, 0xf3, 0x62, 0x8f, 0x91, 0xcd, 0xa5,     0x57, 0x41, 0x57, 0x63, 0x4d, 0x59, 0x45, 0xc8, 0xb2, 0x6d,     0x71, 0xf6, 0xe0, 0x6a, 0x79, 0x2d, 0x36, 0x2f, 0x16, 0xb1,      0xc0, 0xd0, 0xc8, 0xa7, 0x2a, 0x9d, 0xe8, 0x30, 0x9c, 0xc6,      0xa5, 0x70, 0xa5, 0xb2, 0x04, 0x21, 0x4d, 0x30, 0xfe, 0x59,      0x3a, 0x41, 0xd0, 0xc8, 0x8e, 0x33, 0xf3, 0xa2, 0x2e, 0x6b,      0x09, 0x78, 0x0d, 0x48, 0x98 }; EC_GROUP *g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);; EC_POINT *p = EC_POINT_new(g); EC_KEY  *k = EC_KEY_new(); error = EC_POINT_oct2point(g, p, tmpPubKey, sizeof(tmpPubKey), NULL); error = EC_KEY_set_public_key(k, p); error = EVP_PKEY_set1_EC_KEY(nodePubKey, k); 

This should work from what I have looked up. But its not working

I get this error “EC_POINT_new:passed a null parameter” on calling EC_POINT_oct2point()

The key used is correct as I have generated in manually and exported it.

Can some one tell me what I am missing?

Converting a raw EC public key into EVP_PKEY using openssl

I am trying to convert a raw EC key and EVP_PKEY structure. The process seems straightforward but am running into issues.

Here is the code I am using —

unsigned char tmpPubKey[] = {         0x04, 0xbf, 0x7a, 0x7f, 0xf3, 0x62, 0x8f, 0x91, 0xcd, 0xa5,         0x57, 0x41, 0x57, 0x63, 0x4d, 0x59, 0x45, 0xc8, 0xb2, 0x6d,         0x71, 0xf6, 0xe0, 0x6a, 0x79, 0x2d, 0x36, 0x2f, 0x16, 0xb1,          0xc0, 0xd0, 0xc8, 0xa7, 0x2a, 0x9d, 0xe8, 0x30, 0x9c, 0xc6,          0xa5, 0x70, 0xa5, 0xb2, 0x04, 0x21, 0x4d, 0x30, 0xfe, 0x59,          0x3a, 0x41, 0xd0, 0xc8, 0x8e, 0x33, 0xf3, 0xa2, 0x2e, 0x6b,          0x09, 0x78, 0x0d, 0x48, 0x98 }; EC_GROUP *g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);; EC_POINT *p = EC_POINT_new(g); EC_KEY  *k = EC_KEY_new(); error = EC_POINT_oct2point(g, p, tmpPubKey, sizeof(tmpPubKey), NULL); error = EC_KEY_set_public_key(k, p); error = EVP_PKEY_set1_EC_KEY(nodePubKey, k); 

This should work from what I have looked up. But its not working

I get this error “EC_POINT_new:passed a null parameter” on calling EC_POINT_oct2point()

The key used is correct as I have generated in manually and exported it.

Can some one tell me what I am missing?

Error al cifrar string con AES128 utilizando OpenSSL en C++

Estoy teniendo problemas con los últimos 32 caracteres (16 bytes) del mensaje cifrado que estoy generando con la biblioteca OpenSSL y el algoritmo AES 128 en modo CBC, estos son los datos que estoy usando:

Message in Hex = "7b22494443223a2232363930393439376434222c22444553223a2256656e74616d656e7564656f222c22414d4f223a3530302c22444154223a313530383233303035383730362c22524546223a302c22434f4d223a312c22545950223a31392c2276223a7b224e414d223a2252616661656c56616c656e7a75656c614172656e6173222c22414343223a2235383732313233343536373836303132222c2242414e223a34303132372c22545943223a332c22444556223a22353532373139323132382f30227d7da" Key128 in Hex = "dadf11e74d014a62d73ccadd9591442a" Initialization Vector in Hex = "cab9da8940cd7dc9510c7249fe47c6e6" 

Este es mi código que estoy implementando:

#include <string.h> #include <stdio.h> #include <stdlib.h> #include <stdarg.h> #include <unistd.h> #include <math.h> #include <assert.h> #include <stdint.h> #include <stdbool.h> #include <sstream> #include <iostream> #include <algorithm> #include <iomanip> #include <locale>  #include <openssl/aes.h> #include <openssl/des.h> #include <openssl/sha.h> #include <openssl/hmac.h>  using namespace std;  /* AES key for Encryption and Decryption */ const static unsigned char aes_key[16]={0xda, 0xdf, 0x11, 0xe7, 0x4d, 0x01, 0x4a, 0x62, 0xd7, 0x3c, 0xca, 0xdd, 0x95, 0x91, 0x44, 0x2a};  /* Print Encrypted and Decrypted data packets */ void print_data(const char *tittle, const void* data, int len) {     printf("%s : ",tittle);     const unsigned char * p = (const unsigned char*)data;     int i = 0;      for (; i<len; ++i)     {         printf("%02X ", *p++);     }      printf("\n"); }  int main( ) {     /* Input data to encrypt */     unsigned char enc_out[235]={0x7b, 0x22, 0x49, 0x44, 0x43, 0x22, 0x3a, 0x22, 0x32, 0x36, 0x39, 0x30, 0x39, 0x34, 0x39, 0x37, 0x64, 0x34, 0x22, 0x2c, 0x22, 0x44, 0x45, 0x53, 0x22, 0x3a, 0x22, 0x56, 0x65, 0x6e, 0x74, 0x61, 0x6d, 0x65, 0x6e, 0x75, 0x64, 0x65, 0x6f, 0x22, 0x2c, 0x22, 0x41, 0x4d, 0x4f, 0x22, 0x3a, 0x35, 0x30, 0x30, 0x2c, 0x22, 0x44, 0x41, 0x54, 0x22, 0x3a, 0x31, 0x35, 0x30, 0x38, 0x32, 0x33, 0x30, 0x30, 0x35, 0x38, 0x37, 0x30, 0x36, 0x2c, 0x22, 0x52, 0x45, 0x46, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x43, 0x4f, 0x4d, 0x22, 0x3a, 0x31, 0x2c, 0x22, 0x54, 0x59, 0x50, 0x22, 0x3a, 0x31, 0x39, 0x2c, 0x22, 0x76, 0x22, 0x3a, 0x7b, 0x22, 0x4e, 0x41, 0x4d, 0x22, 0x3a, 0x22, 0x52, 0x61, 0x66, 0x61, 0x65, 0x6c, 0x56, 0x61, 0x6c, 0x65, 0x6e, 0x7a, 0x75, 0x65, 0x6c, 0x61, 0x41, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x22, 0x2c, 0x22, 0x41, 0x43, 0x43, 0x22, 0x3a, 0x22, 0x35, 0x38, 0x37, 0x32, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x36, 0x30, 0x31, 0x32, 0x22, 0x2c, 0x22, 0x42, 0x41, 0x4e, 0x22, 0x3a, 0x34, 0x30, 0x31, 0x32, 0x37, 0x2c, 0x22, 0x54, 0x59, 0x43, 0x22, 0x3a, 0x33, 0x2c, 0x22, 0x44, 0x45, 0x56, 0x22, 0x3a, 0x22, 0x35, 0x35, 0x32, 0x37, 0x31, 0x39, 0x32, 0x31, 0x32, 0x38, 0x2f, 0x30, 0x22, 0x7d, 0x7d, 0xa};      /* Init vector */     unsigned char iv[16]={0xca, 0xb9, 0xda, 0x89, 0x40, 0xcd, 0x7d, 0xc9, 0x51, 0x0c, 0x72, 0x49, 0xfe, 0x47, 0xc6, 0xe6};     //memset(iv, 0x00, AES_BLOCK_SIZE);      /* Buffers for Encryption and Decryption */     unsigned char dec_out[400];     unsigned char aux_out[400];      memset(dec_out, 0, sizeof(dec_out));     memset(aux_out, 0, sizeof(aux_out));      /* AES-128 bit CBC Encryption */     AES_KEY enc_key, dec_key;     AES_set_encrypt_key(aes_key, sizeof(aes_key)*8, &enc_key);     AES_cbc_encrypt(enc_out, dec_out, sizeof(enc_out), &enc_key, iv, AES_ENCRYPT);     /* AES-128 bit CBC Decryption */     memset(iv, 0x00, AES_BLOCK_SIZE); // don't forget to set iv vector again, else you can't decrypt data properly     AES_set_decrypt_key(aes_key, sizeof(aes_key)*8, &dec_key); // Size of key is in bits     AES_cbc_encrypt(dec_out, aux_out, sizeof(enc_out), &dec_key, iv, AES_DECRYPT);      /* Printing and Verifying */     print_data("\n Original ",enc_out, sizeof(enc_out)); // you can not print data as a string, because after Encryption its not ASCII      print_data("\n Encrypted",dec_out, sizeof(enc_out));      print_data("\n Decrypted",aux_out, sizeof(dec_out));      return 0; } 

Aparentemente, solo el final de la cadena es el incorrecto (los últimos 32 caracteres) el resto está bien, he investigado un poco y algunos comentarios apuntan a que tiene que ver el error a el tipo de rellenado del texto que esta configurado (padding), pero de acuerdo con lo que leo, ese rellenado ya esta con PKCS5 (que es el relleno que necesito, de hecho) así que no puedo ver cuál es el error al cifrar los datos, también he intentado hacerlo por bloques pero no resulta bien. Estos son los resultados:

El cifrado esperado (Correcto) = EFC063DD33406D424D359809695D0B1E2D65027E803962C6A115DF7CCABEEB0C8C358830E556ED23943FA4F02E6461D235EF913CFCE5519F7CE2279DD07D3C4054D045827D5D7D9FE94DA3C5B718A24E79539B3FFC1E68E4C3FF441EEA176F61EE3D7B33B622E3069D95815F6407FBC79342BB972A2DDE4E50FDE9302BDE4409B7D2BD388AB6A043B9EF236D982937D8537F954564FF4134BD8A6EAB994FE4C29E9DC4E54D53A561A4688C45C90961EDB1763B6EF6C86B593C7E16FDF35C49CE16B1E6948BB1EAE6A8692326A019960B  La salida del programa (Incorrecto) = EFC063DD33406D424D359809695D0B1E2D65027E803962C6A115DF7CCABEEB0C8C358830E556ED23943FA4F02E6461D235EF913CFCE5519F7CE2279DD07D3C4054D045827D5D7D9FE94DA3C5B718A24E79539B3FFC1E68E4C3FF441EEA176F61EE3D7B33B622E3069D95815F6407FBC79342BB972A2DDE4E50FDE9302BDE4409B7D2BD388AB6A043B9EF236D982937D8537F954564FF4134BD8A6EAB994FE4C29E9DC4E54D53A561A4688C45C90961EDB1763B6EF6C86B593C7E16FDF35C49CE608E3F73FC8E3DDF1D3BCF40B3DFACD00B732A9FCC10F6E0FB18E126A1C21A082D7A4F053F131A9329474D 

Entiendo que el código tiene mejoras y al parecer el descifrado no esta funcionando pero de momento lo que me interesa es el cifrado.

How to limit an openssl physical key size to 2048 bytes for openvpn?

I’m trying to get a personal VPN working using OpenVPN and I’m running into a fatal error when starting the service…

openvpn Key file can be a maximum of 2048 bytes 

I’m using openssl to generate my keys like this…

openssl genrsa -out /etc/ssl/my.key 2048 

And the resulting key is 3272 bytes. I’m unsure what I’m supposed to be doing here to reduce the key file size… should I be reducing the key strength to 1024? That would seem counter intuitive as I would prefer a higher strength key would I not?

Just to add some additional detail, I’m using letsencrypt to sign the key and produce the public keys… should I be generating self-signed keys instead, and would that have anything to do with the errors above? Also, I’m using a 4096bit DH, not sure if that has effect on key size either.

NOTE: This is x-posted from SO, wasn’t sure where best to ask… https://stackoverflow.com/questions/56008878/how-to-limit-an-openssl-physical-key-size-to-2048-bytes-for-openvpn

OpenSSL SSL_connect: SSL_ERROR_SYSCALL – build/run golang app

Operating System: Ubuntu 18.04.2 LTS

Kernel: Linux 4.15.0-47-generic

Architecture: x86-64

First, I run go run main.go others package was running very well. But some problems come through… here is the result after I run the main.go app.

go: finding github.com/kr/pty v1.1.1 go: finding golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01 go: gopkg.in/check.v1@v1.0.0-20180628173108-788fd7840127: unrecognized import path "gopkg.in/check.v1" (https fetch: Get https://gopkg.in/check.v1?go-get=1: net/http: TLS handshake timeout) go: gopkg.in/sourcemap.v1@v1.0.5: unrecognized import path "gopkg.in/sourcemap.v1" (https fetch: Get https://gopkg.in/sourcemap.v1?go-get=1: net/http: TLS handshake timeout) go: gopkg.in/xmlpath.v2@v2.0.0-20150820204837-860cbeca3ebc: unrecognized import path "gopkg.in/xmlpath.v2" (https fetch: Get https://gopkg.in/xmlpath.v2?go-get=1: net/http: TLS handshake timeout) go: error loading module requirements 

I got an issue with SSL/Open SSL. I tried to get a package source from gopkg.in but this happen to me :

* Rebuilt URL to: https://gopkg.in/ *   Trying 35.196.143.184... * TCP_NODELAY set * Connected to gopkg.in (35.196.143.184) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: *   CAfile: /etc/ssl/certs/ca-certificates.crt   CApath: /etc/ssl/certs * (304) (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to gopkg.in:443 * stopped the pause stream! * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to gopkg.in:443 

I was reading from https://stackoverflow.com/questions/31183297/ssl-connect-fails-with-ssl-error-syscall-error/31183611#31183611 but it’s kinda complicated. I can’t get it, just trying to fix it since I need a source from that site on my apps.