带有client.crt和client.key的https请求 [英] https request with client.crt and client.key

问题描述

我想将POST请求发送到https服务器并获取响应。这就是我在curl中所做的事情，并且效果很好。

I want to send a POST request to https server and get the response. Here is what I am doing in curl and it works well.

curl --key ./client.key --cert ./client。 crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report -H'Content-Type：application / json'--data'{ key： value} '

这是我在Go中尝试过的代码段。

This is the code snippet I tried in Go.

    url := "https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report"
    pair, e := tls.LoadX509KeyPair("client.crt", "client.key")
    if e != nil {
        log.Fatal("LoadX509KeyPair:", e)
    }

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                InsecureSkipVerify: true,
                Certificates: []tls.Certificate{pair},
            },
        }}

    resp, e := client.Post(url, "application/json", bytes.NewBufferString(payload))

程序挂在最后一行，错误消息是

The program is hanging at the last line, error message is

Post: dial tcp connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

我觉得我的连接建立代码有问题，而不是服务器的问题，因为服务器与

I feel there is problem in my connection establish code, instead of the server's problem since server works perfectly with curl.

推荐答案

首先， 永远不会 使用 InsecureSkipVerify：正确不管看上去多么方便。而是设置以下内容：

Firstly, never ever ever use InsecureSkipVerify: true no matter how convenient it may seem. Instead set something like:

tls.Config {
    ServerName: "test-as.sgx.trustedservices.intel.com",
    Certificates: []tls.Certificate{pair}
}

第二，初始化 http.Transport -传递自定义的tls.Config-还将所有其他默认 http.Transport http.Client 附带的c>设置。

Second, initializing http.Transport - to pass your custom tls.Config - also zeros out all the other default http.Transport settings that come with the default http.Client.

其中一些默认值为零可能会强制您没想到。
有关如何还原某些原始默认设置的信息，请参见此处。

Some of those zero defaults may force behavior you might not expect. See here on how to restore some of those original defaults.

这篇关于带有client.crt和client.key的https请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！