如何使用错误的证书执行https请求? [英] How to do a https request with bad certificate?

问题描述

说我想以编程方式获取https://golang.org.当前，golang.org(ssl)的证书不正确，该证书已颁发给*.appspot.com，因此当我运行此证书时:

Say I want to get https://golang.org programatically. Currently golang.org (ssl) has a bad certificate which is issued to *.appspot.com So when I run this:

package main

import (
    "log"
    "net/http"
)

func main() {
    _, err := http.Get("https://golang.org/")
    if err != nil {
        log.Fatal(err)
    }
}

我得到了(如我预期的那样)

I get (as I expected)

Get https://golang.org/: certificate is valid for *.appspot.com, *.*.appspot.com, appspot.com, not golang.org

现在，我想自己信任此证书(想象一个可以在其中验证指纹等的自发证书):如何提出请求并验证/信任该证书?

Now, I want to trust this certificate myself (imagine a self-issued certificate where I can validate fingerprint etc.): how can I make a request and validate/trust the certificate?

我可能需要使用openssl下载证书，将其加载到我的文件中并填写tls.Config struct！?

I probably need to use openssl to download the certificate, load it into my file and fill tls.Config struct !?

推荐答案

安全说明:禁用安全检查是危险的，应避免

您可以全局禁用默认客户端的所有请求的安全检查:

You can disable security checks globally for all requests of the default client:

package main

import (
    "fmt"
    "net/http"
    "crypto/tls"
)

func main() {
    http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
    _, err := http.Get("https://golang.org/")
    if err != nil {
        fmt.Println(err)
    }
}

您可以禁用客户端的安全检查:

You can disable security check for a client:

package main

import (
    "fmt"
    "net/http"
    "crypto/tls"
)

func main() {
    tr := &http.Transport{
        TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
    }
    client := &http.Client{Transport: tr}
    _, err := client.Get("https://golang.org/")
    if err != nil {
        fmt.Println(err)
    }
}

这篇关于如何使用错误的证书执行https请求?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！