dongxin1980
dongxin1980
2019-02-19 15:41
浏览 376
已采纳

带有client.crt和client.key的https请求

I want to send a POST request to https server and get the response. Here is what I am doing in curl and it works well.

curl --key ./client.key --cert ./client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report -H 'Content-Type: application/json' --data '{"key": "value"}'

This is the code snippet I tried in Go.

    url := "https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report"
    pair, e := tls.LoadX509KeyPair("client.crt", "client.key")
    if e != nil {
        log.Fatal("LoadX509KeyPair:", e)
    }

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                InsecureSkipVerify: true,
                Certificates: []tls.Certificate{pair},
            },
        }}

    resp, e := client.Post(url, "application/json", bytes.NewBufferString(payload))

The program is hanging at the last line, error message is

Post: dial tcp connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

I feel there is problem in my connection establish code, instead of the server's problem since server works perfectly with curl.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • donglu8334
    donglu8334 2019-02-19 21:18
    已采纳

    Firstly, never ever ever use InsecureSkipVerify: true no matter how convenient it may seem. Instead set something like:

    tls.Config {
    ServerName: "test-as.sgx.trustedservices.intel.com",
    Certificates: []tls.Certificate{pair}
}

    Second, initializing http.Transport - to pass your custom tls.Config - also zeros out all the other default http.Transport settings that come with the default http.Client.

    Some of those zero defaults may force behavior you might not expect. See here on how to restore some of those original defaults.

    点赞 评论
提交

相关推荐