【发布时间】:2017-12-09 23:01:13
【问题描述】:
我正在使用 Go 通过自定义根 CA 执行 HTTPS 请求。根 CA 是我身边唯一的证书。
我的代码如下所示:
// performRequest sets up the HTTPS Client we'll use for communication and handle the actual requesting to the external
// end point. It is used by the auth and collect adapters who set their response data up first.
func performRequest(rawData []byte, soapHeader string) (*http.Response, error) {
conf := config.GetConfig()
// Set up the certificate handler and the HTTP client.
certPool := x509.NewCertPool()
certPool.AppendCertsFromPEM(certificate)
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: certPool,
InsecureSkipVerify: false,
},
},
}
req, err := http.NewRequest(http.MethodPost, baseURL, bytes.NewBuffer(rawData))
if err != nil {
return nil, err
}
// Sets the SOAPAction and Content-Type headers to the request.
req.Header.Set("SOAPAction", soapHeader)
req.Header.Set("Content-Type", "text/xml; charset=UTF-8")
// Send request as our custom client, return response
return client.Do(req)
}
我得到的错误是这样的:
2017/12/09 21:06:13 Post https://secure.site: x509: certificate is not valid for any names, but wanted to match secure.site
我一直无法准确找出造成这种情况的原因。检查 CA 证书的 SAN 时,我没有 secure.site 那里(根本没有名字,如错误所述),但我看不出我是怎么做错的。
我应该怎么做才能解决这个问题?
【问题讨论】:
标签: ssl go cryptography x509