douzhigan1687
2019-05-21 13:07
浏览 382
已采纳

curl能够从https获取; 但是从golang的http.get(),相同的https URL无法正常工作

When I do curl https://10.184.96.62:3000/status, server sends back json data. All good.

Using the below golang code, the application prints :

2019/05/21 18:29:15 Get https://10.184.96.62:3000/status: x509: cannot validate certificate for 10.184.96.62 because it doesn't contain any IP SANs

package main

import (
        "log"
        "net/http"
)

func main() {
        _, err := http.Get("https://10.184.96.62:3000/status")
        if err != nil {
                log.Fatal(err)
        }
}

What am I missing?

图片转代码服务由CSDN问答提供 功能建议

执行 curl https://10.184.96.62:3000/status 时,服务器 发回json数据。 一切都很好。

使用下面的golang代码,应用程序将打印:

2019/05/21 18:29:15 获取 https://10.184.96.62:3000/status :x509:无法 验证10.184的证书 .96.62,因为它不包含任何 IP SAN

 程序包main 
 
import(
“ log” 
“ net /  http“ 
)
 
func main(){
 _,err:= http.Get(” https://10.184.96.62:3000/status“)
如果err!= nil {
日志。 致命(err)
} 
} 
   
 
 

我缺少什么?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongyang7152 2019-05-24 12:48
    已采纳

    The problem was with the certificate I generated. I used openssl to create a self-signed certificate. As I shared, curl was able to use it to establish connection with the server. But not the go application.

    In some forum I saw a comment that said that getting openssl to work in this scenario is tricky. So I used this go code to generate the certificate. Using this certificate, go app was also able to make the request with out making any change to the source code I shared in my question.

    Hope this helps some one in need.

    点赞 打赏 评论
  • douchun1948 2019-05-21 13:52

    The problem that the error message indicates is specific to the combination of HTTPS with IP addresses: usually a SSL certificate uses the hostname to check the authenticity of the server. In your case there is no hostname, but a IP address instead. There are two possible solutions to your problem:

    1. Use a hostname instead of the IP address and put that hostname into your certificate.
    2. Put the IP address you want to use into the subjectAltNames ("Subject Alternative Names" - SAN) field of your certificate (see RFC 5280).
    点赞 打赏 评论

相关推荐 更多相似问题