dongxin1980
dongxin1980
2019-02-19 15:41

带有client.crt和client.key的https请求

已采纳

I want to send a POST request to https server and get the response. Here is what I am doing in curl and it works well.

curl --key ./client.key --cert ./client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report -H 'Content-Type: application/json' --data '{"key": "value"}'

This is the code snippet I tried in Go.

    url := "https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report"
    pair, e := tls.LoadX509KeyPair("client.crt", "client.key")
    if e != nil {
        log.Fatal("LoadX509KeyPair:", e)
    }

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                InsecureSkipVerify: true,
                Certificates: []tls.Certificate{pair},
            },
        }}

    resp, e := client.Post(url, "application/json", bytes.NewBufferString(payload))

The program is hanging at the last line, error message is

Post: dial tcp connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

I feel there is problem in my connection establish code, instead of the server's problem since server works perfectly with curl.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • donglu8334 donglu8334 2年前

    Firstly, never ever ever use InsecureSkipVerify: true no matter how convenient it may seem. Instead set something like:

    tls.Config {
        ServerName: "test-as.sgx.trustedservices.intel.com",
        Certificates: []tls.Certificate{pair}
    }
    

    Second, initializing http.Transport - to pass your custom tls.Config - also zeros out all the other default http.Transport settings that come with the default http.Client.

    Some of those zero defaults may force behavior you might not expect. See here on how to restore some of those original defaults.

    点赞 评论 复制链接分享

为你推荐