在GoLang中执行反向代理时确认TLS证书

In GoLang I'm using NewSingleHostReverseProxy to preform a reverse proxy, however I need to confirm the SSL certificates of the host site, to make sure I have the correct secure certificate... any ideas how I should do this? Should I be doing this with the handler or transport? I'm new to GoLang and still getting my head around it. Thanks

proxy := httputil.NewSingleHostReverseProxy(&url.URL{
         Scheme: "https",
         Host:   "sha256.badssl.com",
})

http.ListenAndServe("127.0.0.1:80", proxy)

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答

dongrao1862 2016-02-15 00:18

关注

To access the certificate, you will have get access to the ConnectionState. The easiest way to do that is to provide your own version of DialTLS. In there you connect to the server using net.Dial, do the TLS handshake and then you are free to verify.

package main

import (
    "crypto/tls"
    "log"
    "net"
    "net/http"
    "net/http/httputil"
    "net/url"
)

func main() {
    proxy := httputil.NewSingleHostReverseProxy(&url.URL{
        Scheme: "https",
        Host:   "sha256.badssl.com",
    })

    // Set a custom DialTLS to access the TLS connection state
    proxy.Transport = &http.Transport{DialTLS: dialTLS}

    // Change req.Host so badssl.com host check is passed
    director := proxy.Director
    proxy.Director = func(req *http.Request) {
        director(req)
        req.Host = req.URL.Host
    }

    log.Fatal(http.ListenAndServe("127.0.0.1:3000", proxy))
}

func dialTLS(network, addr string) (net.Conn, error) {
    conn, err := net.Dial(network, addr)
    if err != nil {
        return nil, err
    }

    host, _, err := net.SplitHostPort(addr)
    if err != nil {
        return nil, err
    }
    cfg := &tls.Config{ServerName: host}

    tlsConn := tls.Client(conn, cfg)
    if err := tlsConn.Handshake(); err != nil {
        conn.Close()
        return nil, err
    }

    cs := tlsConn.ConnectionState()
    cert := cs.PeerCertificates[0]

    // Verify here
    cert.VerifyHostname(host)
    log.Println(cert.Subject)

    return tlsConn, nil
}

本回答被题主选为最佳回答 , 对您是否有帮助呢?

查看更多回答(1条)

报告相同问题？

关注问题

在GoLang中执行反向代理时确认TLS证书 ssl
2016-02-14 10:29

回答 2 已采纳 To access the certificate, you will have get access to the ConnectionState. The easiest way to do
如何在golang中创建没有证书的TLS连接？ ssl
2019-04-22 05:33

回答 2 已采纳 TLS without certificates would require support for cipher suites which don't use certificates. L
在Golang中使用bufio.Scanner时如何继续执行程序
2019-01-04 10:28

回答 1 已采纳 You have a for loop which reads lines from the standard input. This loop will run as long as os.St
快速获取“让我们加密证书”并提供反向代理-Golang开发
2021-05-26 17:31

LetsProxy没有多余的装饰，没有配置，反向代理会自动从Let's Encrypt中提取TLS证书。用法./letsproxy --domain example.com-至http：// localhost：3000 ./letsproxy -d example.com -t http：// 127。 LetsProxy...
Golang：如何在HTTP客户端的TLS配置中指定证书 ssl
2014-02-04 20:05

回答 1 已采纳 You can replace the system CA set by providing a root CA pool in tls.Config. certs := x509.NewCer
在Golang中执行json解组时为空字段 json
2018-05-16 09:16

回答 1 已采纳 Your JSON to Go mapping is incorrect. To have automatic matching between struct fields and the JSO
在Golang中执行命令时出错
2016-03-21 06:59

回答 1 已采纳 Your command is not right. Your command is shell code and cannot be executed except by a shell (he
开源HTTP反向代理缓存和时间序列仪表板加速器-Golang开发
2021-05-26 14:52

Trickster Trickster是Prometheus HTTP APIv1的反向代理缓存，可极大地加快从Prometheus查询的任何系列的仪表板渲染时间。工作原理1. Delta Proxy Mo Trickster是HTTP应用程序的HTTP反向代理/缓存，以及时间序列...
如何使用exec.Command在Golang中执行Mysql脚本 mysql
2017-10-23 17:02

回答 2 已采纳 +1 to answer from @MatteoRagni for showing how to do stdin redirection in Golang. But here's a s
如何在Golang中使用命令执行SQL文件 database postgresql sql
2018-03-28 22:24

回答 1 已采纳 You can read the file's contents into a string and pass that to Exec. query, err := ioutil.ReadFi
在GoLang中执行bash shell函数？ bash
2018-03-01 23:41

回答 2 已采纳 I guess you can simply invoke bash -l -c 'your alias function'. Just make sure that your .bash_al
golang实现反向代理
2019-07-11 14:14

悠然~的博客 golang实现反向代理golang实现反向代理 golang实现反向代理 将前端传来的/dcv/:host/请求转发到https://" + host + ":8443 package dcvproxy import ( "net/http" "strings" "net" "net/http/httputil" ...
在Golang中执行net.DialTCP时如何设置超时时间？
2017-11-05 03:22

回答 2 已采纳 Use net.Dialer with either the Timeout or Deadline fields set. d := net.Dialer{Timeout: timeout}
Go语言正/反向代理的姿势
2022-11-07 08:41

有态度的马甲的博客先重温一下什么叫反向代理，正向代理。鹅厂二面，nginx回忆录[1]所谓正向，反向代理取决于代理的是出站请求，还是入站...前几天利用golang实现反向代理程序[2]，引出了Host请求头在反代中的关键作用。代理程序预置...
GoProxy:golang实现的高性能代理服务器-开源
2021-06-15 11:15

支持正向代理、反向代理、透明代理、internet nat 代理、https 代理负载均衡、http 代理负载均衡、socks5 代理负载均衡、socket 代理负载均衡、ss 代理负载均衡、TCP/UDP 端口映射、SSH 传输、TLS 加密传输、协议...
没有解决我的问题, 去提问

悬赏问题

¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场部分对应不上
¥15 如何在scanpy上做差异基因和通路富集？
¥20 关于#硬件工程#的问题，请各位专家解答！
¥15 关于#matlab#的问题：期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707，使系统具有较小的超调量
¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
¥30 截图中的mathematics程序转换成matlab
¥15 动力学代码报错，维度不匹配
¥15 Power query添加列问题
¥50 Kubernetes&Fission&Eleasticsearch
¥15 報錯：Person is not mapped，如何解決？

码龄粉丝数原力等级 --

在GoLang中执行反向代理时确认TLS证书

2条回答

码龄粉丝数原力等级 --

悬赏问题