如何使用错误的证书进行 https 请求? [英] How to do a https request with bad certificate?
问题描述
假设我想以编程方式获取 https://golang.org
.目前 golang.org (ssl) 有一个错误的证书颁发给 *.appspot.com
所以当我运行这个时:
Say I want to get https://golang.org
programatically. Currently golang.org (ssl) has a bad certificate which is issued to *.appspot.com
So when I run this:
package main
import (
"log"
"net/http"
)
func main() {
_, err := http.Get("https://golang.org/")
if err != nil {
log.Fatal(err)
}
}
我得到(如我所料)
Get https://golang.org/: certificate is valid for *.appspot.com, *.*.appspot.com, appspot.com, not golang.org
现在,我想自己信任这个证书(想象一个我可以验证指纹等的自行颁发的证书):我如何提出请求并验证/信任证书?
Now, I want to trust this certificate myself (imagine a self-issued certificate where I can validate fingerprint etc.): how can I make a request and validate/trust the certificate?
我可能需要使用 openssl 下载证书,将其加载到我的文件中并填充 tls.Config
结构!?
I probably need to use openssl to download the certificate, load it into my file and fill tls.Config
struct !?
推荐答案
安全说明:禁用安全检查很危险,应该避免
您可以对默认客户端的所有请求全局禁用安全检查:
You can disable security checks globally for all requests of the default client:
package main
import (
"fmt"
"net/http"
"crypto/tls"
)
func main() {
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
_, err := http.Get("https://golang.org/")
if err != nil {
fmt.Println(err)
}
}
您可以禁用客户端的安全检查:
You can disable security check for a client:
package main
import (
"fmt"
"net/http"
"crypto/tls"
)
func main() {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
_, err := client.Get("https://golang.org/")
if err != nil {
fmt.Println(err)
}
}
这篇关于如何使用错误的证书进行 https 请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!