带有client.crt和client.key的https请求 [英] https request with client.crt and client.key
问题描述
我想将POST请求发送到https服务器并获取响应。这就是我在curl中所做的事情,并且效果很好。
I want to send a POST request to https server and get the response. Here is what I am doing in curl and it works well.
curl --key ./client.key --cert ./client。 crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report -H'Content-Type:application / json'--data'{ key: value} '
这是我在Go中尝试过的代码段。
This is the code snippet I tried in Go.
url := "https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report"
pair, e := tls.LoadX509KeyPair("client.crt", "client.key")
if e != nil {
log.Fatal("LoadX509KeyPair:", e)
}
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
Certificates: []tls.Certificate{pair},
},
}}
resp, e := client.Post(url, "application/json", bytes.NewBufferString(payload))
程序挂在最后一行,错误消息是
The program is hanging at the last line, error message is
Post: dial tcp connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
我觉得我的连接建立代码有问题,而不是服务器的问题,因为服务器与
I feel there is problem in my connection establish code, instead of the server's problem since server works perfectly with curl.
推荐答案
首先, 永远不会 使用 InsecureSkipVerify:正确
不管看上去多么方便。而是设置以下内容:
Firstly, never ever ever use InsecureSkipVerify: true
no matter how convenient it may seem. Instead set something like:
tls.Config {
ServerName: "test-as.sgx.trustedservices.intel.com",
Certificates: []tls.Certificate{pair}
}
第二,初始化 http.Transport
-传递自定义的tls.Config-还将所有其他默认 http.Transport $ c $清零默认值
http.Client
附带的c>设置。
Second, initializing http.Transport
- to pass your custom tls.Config - also zeros out all the other default http.Transport
settings that come with the default http.Client
.
其中一些默认值为零可能会强制您没想到。
有关如何还原某些原始默认设置的信息,请参见此处。
Some of those zero defaults may force behavior you might not expect. See here on how to restore some of those original defaults.
这篇关于带有client.crt和client.key的https请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!