dongxin1980 2019-02-19 15:41
浏览 604
已采纳

带有client.crt和client.key的https请求

I want to send a POST request to https server and get the response. Here is what I am doing in curl and it works well.

curl --key ./client.key --cert ./client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report -H 'Content-Type: application/json' --data '{"key": "value"}'

This is the code snippet I tried in Go.

    url := "https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report"
    pair, e := tls.LoadX509KeyPair("client.crt", "client.key")
    if e != nil {
        log.Fatal("LoadX509KeyPair:", e)
    }

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                InsecureSkipVerify: true,
                Certificates: []tls.Certificate{pair},
            },
        }}

    resp, e := client.Post(url, "application/json", bytes.NewBufferString(payload))

The program is hanging at the last line, error message is

Post: dial tcp connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

I feel there is problem in my connection establish code, instead of the server's problem since server works perfectly with curl.

  • 写回答

1条回答 默认 最新

  • donglu8334 2019-02-19 21:18
    关注

    Firstly, never ever ever use InsecureSkipVerify: true no matter how convenient it may seem. Instead set something like:

    tls.Config {
    ServerName: "test-as.sgx.trustedservices.intel.com",
    Certificates: []tls.Certificate{pair}
}

    Second, initializing http.Transport - to pass your custom tls.Config - also zeros out all the other default http.Transport settings that come with the default http.Client.

    Some of those zero defaults may force behavior you might not expect. See here on how to restore some of those original defaults.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?