dongyue1988 2017-11-01 00:21
浏览 64
已采纳

代理https时强制客户端主机名

I'm using toxiproxy. I'm having this exact issue. Both of the curl solutions mentioned in the issue work (solution a, solution b), but I can't use curl. I need to use the go standard net/http library.

Is there any way to use net/http in such a fashion that I can explicitly tell it what host the proxy is using so it can see that the certificate is valid?

I've tried setting Host and Authority headers on the net/http.Request, but that didn't work.

Details

Toxiproxy output:

proxy=[::]:22002 upstream=maps.googleapis.com:443

My code:

url := "https://localhost:22002/maps/api/geocode/json..."
req, err := http.NewRequest("GET", url, nil)
req.Host = "maps.googleapis.com"
req.Header.Set("Host", "maps.googleapis.com")
res, err := httpClient.Do(req)

Error:

x509: certificate is valid for *.googleapis.com, *.clients6.google.com, *.cloudendpointsapis.com, cloudendpointsapis.com, googleapis.com, not localhost

  • 写回答

1条回答 默认 最新

  • dongshuan8722 2017-11-01 02:11
    关注

    You need to set the http.Request.Host field so that the http request has the correct header

    req.Host = "maps.googleapis.com"

    An you also need to set the hostname in the tls.Config.ServerName field for SNI and host name verification.

    If you've already configured a transport for your httpClient, you can set it like so:

    httpClient.Transport.(*http.Transport).TLSClientConfig = &tls.Config{
    ServerName: "maps.googleapis.com",
}

    Or for small programs you can override the default:

    http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
    ServerName: "maps.googleapis.com",
}

    Or create a custom transport for your program

    var httpTransport = &http.Transport{
    Proxy: http.ProxyFromEnvironment,
    DialContext: (&net.Dialer{
        Timeout:   30 * time.Second,
        KeepAlive: 30 * time.Second,
        DualStack: true,
    }).DialContext,
    MaxIdleConns:          100,
    IdleConnTimeout:       90 * time.Second,
    TLSHandshakeTimeout:   10 * time.Second,
    ExpectContinueTimeout: 1 * time.Second,
    TLSClientConfig: &tls.Config{
        ServerName: "maps.googleapis.com",
    },
}

    Just make sure you reuse the Transport, and don't create a new one for each request.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值