Golang ListenAndServeTLS在浏览器中不使用https时返回数据 [英] Golang ListenAndServeTLS returns data when not using https in the browser
问题描述
以下是我的tls后端:
包主
导入(
fmt
net / http
)
const(
PORT =:8443
PRIV_KEY =./private_key
PUBLIC_KEY =./public_key
)
func rootHander(w http.ResponseWriter,r * http.Request){
fmt.Fprint(w,Nobody should )
}
func main(){
http.HandleFunc(/,rootHander)
err:= http.ListenAndServeTLS(PORT, PUBLIC_KEY,PRIV_KEY,nil)
if err!= nil {
fmt.Printf(main():%s \ n,err)
}
}
使用以下两行生成密钥:
openssl genrsa -out private_key 2048
openssl req -new -x509 -key private_key -out public_key -days 365
当我启动tls服务器并使用浏览器访问网站时( HTTPS:/
<$> c $ c>没有人应该读这个。
到目前为止,一切都很棒。
现在,当我将浏览器指向 http://example.com:8443 时(请注意使用了http, em> not https)我得到了以下Firfox的结果(Chrome的确如此,但下载了该网站):
问题:为什么会有问题mark?
如果您将输出管道输入为od, curl -k-3 http:// localhost:8443 | od -A n -t x1
,你得到以下由浏览器呈现/处理的字节序列 15 03 01 00 02 02 0a
。
其中,根据 https: //code.google.com/p/go/issues/detail?id=2253 ,TLS是我不明白你说的是什么。
The following is my tls backend:
package main
import (
"fmt"
"net/http"
)
const (
PORT = ":8443"
PRIV_KEY = "./private_key"
PUBLIC_KEY = "./public_key"
)
func rootHander(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "Nobody should read this.")
}
func main() {
http.HandleFunc("/", rootHander)
err := http.ListenAndServeTLS(PORT, PUBLIC_KEY, PRIV_KEY, nil)
if err != nil {
fmt.Printf("main(): %s\n", err)
}
}
The keys are generated using these two lines:
openssl genrsa -out private_key 2048
openssl req -new -x509 -key private_key -out public_key -days 365
When I start the tls server, and visit the site with a browser (https://example.com:8443) I get the expected result, after ignoring the browser warning:
Nobody should read this.
So far everything is cool.
Now, when I point my browser to http://example.com:8443 (notice that http is used, not https) I get the following result for Firfox (Chrome does the same, but downloading the site):
Question: Why is there a question mark?
If you pipe the output into od, curl -k -3 http://localhost:8443 | od -A n -t x1
, you get the following sequence of bytes 15 03 01 00 02 02 0a
which is rendered/handled by the browser.
Which, according to https://code.google.com/p/go/issues/detail?id=2253, is TLS for "I didn't understand what you said."
这篇关于Golang ListenAndServeTLS在浏览器中不使用https时返回数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!