dongyue1988 2017-11-01 00:21
浏览 64
已采纳

代理https时强制客户端主机名

I'm using toxiproxy. I'm having this exact issue. Both of the curl solutions mentioned in the issue work (solution a, solution b), but I can't use curl. I need to use the go standard net/http library.

Is there any way to use net/http in such a fashion that I can explicitly tell it what host the proxy is using so it can see that the certificate is valid?

I've tried setting Host and Authority headers on the net/http.Request, but that didn't work.

Details

Toxiproxy output:

proxy=[::]:22002 upstream=maps.googleapis.com:443

My code:

url := "https://localhost:22002/maps/api/geocode/json..."
req, err := http.NewRequest("GET", url, nil)
req.Host = "maps.googleapis.com"
req.Header.Set("Host", "maps.googleapis.com")
res, err := httpClient.Do(req)

Error:

x509: certificate is valid for *.googleapis.com, *.clients6.google.com, *.cloudendpointsapis.com, cloudendpointsapis.com, googleapis.com, not localhost

  • 写回答

1条回答 默认 最新

  • dongshuan8722 2017-11-01 02:11
    关注

    You need to set the http.Request.Host field so that the http request has the correct header

    req.Host = "maps.googleapis.com"

    An you also need to set the hostname in the tls.Config.ServerName field for SNI and host name verification.

    If you've already configured a transport for your httpClient, you can set it like so:

    httpClient.Transport.(*http.Transport).TLSClientConfig = &tls.Config{
    ServerName: "maps.googleapis.com",
}

    Or for small programs you can override the default:

    http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
    ServerName: "maps.googleapis.com",
}

    Or create a custom transport for your program

    var httpTransport = &http.Transport{
    Proxy: http.ProxyFromEnvironment,
    DialContext: (&net.Dialer{
        Timeout:   30 * time.Second,
        KeepAlive: 30 * time.Second,
        DualStack: true,
    }).DialContext,
    MaxIdleConns:          100,
    IdleConnTimeout:       90 * time.Second,
    TLSHandshakeTimeout:   10 * time.Second,
    ExpectContinueTimeout: 1 * time.Second,
    TLSClientConfig: &tls.Config{
        ServerName: "maps.googleapis.com",
    },
}

    Just make sure you reuse the Transport, and don't create a new one for each request.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 有两个非常“自以为是”烦人的问题急期待大家解决!
  • ¥30 STM32 INMP441无法读取数据
  • ¥100 求汇川机器人IRCB300控制器和示教器同版本升级固件文件升级包
  • ¥15 用visualstudio2022创建vue项目后无法启动
  • ¥15 x趋于0时tanx-sinx极限可以拆开算吗
  • ¥500 把面具戴到人脸上,请大家贡献智慧,别用大模型回答,大模型的答案没啥用
  • ¥15 任意一个散点图自己下载其js脚本文件并做成独立的案例页面,不要作在线的,要离线状态。
  • ¥15 各位 帮我看看如何写代码,打出来的图形要和如下图呈现的一样,急
  • ¥30 c#打开word开启修订并实时显示批注
  • ¥15 如何解决ldsc的这条报错/index error