golang GET 出现 x509: certificate signed by unknown authority
我们编写一个Go程序来尝试与这个HTTPS server建立连接并通信。
//gohttps/4-https/client1.go
package main
import (
"fmt"
"io/ioutil"
"net/http"
)
func main() {
resp, err := http.Get("https://localhost:8081")
if err != nil {
fmt.Println("error:", err)
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
fmt.Println(string(body))
}
运行这个client,我们得到如下错误:
$go run client1.go
error: Get https://localhost:8081: x509: certificate signed by unknown authority
此时服务端也给出了错误日志提示:
2015/04/30 16:03:31 http: TLS handshake error from 127.0.0.1:62004: remote error: bad certificate
显然从客户端日志来看,go实现的Client端默认也是要对服务端传过来的数字证书进行校验的,但客户端提示:这个证书是由不知名CA签发 的!
我们可以修改一下client1.go的代码,让client端略过对证书的校验:
//gohttps/4-https/client2.go
package main
import (
"crypto/tls"
"fmt"
"io/ioutil"
"net/http"
)
func main() {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
resp, err := client.Get("https://localhost:8081")
if err != nil {
fmt.Println("error:", err)
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
fmt.Println(string(body))
}
通过设置tls.Config的InsecureSkipVerify为true,client将不再对服务端的证书进行校验。执行后的结果 也证实了这一点:
$go run client2.go
Hi, This is an example of http service in golang!
golang GET 出现 x509: certificate signed by unknown authority的更多相关文章
- docker push 出现:x509: certificate signed by unknown authority
今天,部署生产的程序的时候,出现一个问题:编译正常,但是,docker 把编译好的image 推送到生产环境上去的时候,出现:x509: certificate signed by unknown a ...
- docker从私有镜像库pull/push镜像问题:Error response from daemon: Get https://xxxx.com/: x509: certificate signed by unknown authority
docker从私有镜像库pull/push镜像问题:Error response from daemon: Get https://harbor.op.xxxx.com/v2/: x509: cert ...
- Unable to connect to the server: x509: certificate signed by unknown authority
0x00 Problem 在使用二进制搭建 k8s 集群的过程中,使用 kubectl get 等操作时始终显示 x509: certificate signed by unknown authori ...
- gitlab runner使用docker报错(x509: certificate signed by unknown authority)定位
如果gitlab runner使用docker,docker是普通配置,配置好后,runner就可以正常执行任务了. 另外一个环节Docker配置了tls加密连接,添加runner后,runner的配 ...
- 解决go mod或go get时`x509: certificate signed by unknown authority`错误
一般go get私有仓库时会出现如下错误: go: xxx@v0.0.0-20190918102752-bb51b27911ca: unrecognized import path "xxx ...
- go使用websocket遇到dial:x509: certificate signed by unknown authority
websocket.DefaultDialer.Dial(url, headers) 改为 websocket.Dialer{TLSClientConfig: &tls.Config{Root ...
- x509: certificate signed by unknown authority harbor 架构图
默认时,client 与 Registry 的交互是通过 https 通信的.在 install Registry 时,若未配置任何tls 相关的 key 和 crt 文件,https 访问必然失败. ...
- Docker: Unknown – Unable to query docker version: x509: certificate is valid for
I was playing around with Docker locally and somehow ended up with this error when I tried to list ...
- docker 报错:x509: certificate has expired or is not yet valid
环境:centos 7 程序:docker 下载镜像报错: # docker pull centos Pulling repository centos FATA[0004] Get https:// ...
随机推荐
- 用AngularJS实现对表格的增删改查(仅限前端)
<!DOCTYPE html> <html> <head lang="en"> <meta charset="UTF-8&quo ...
- PHP 常用的header头部定义汇总
http://www.jb51.net/article/68159.htm
- ASP.NET Core下发布网站
一.windows下发布到IIS 1.前奏:IIS上的准备 (1)IIS 必须安装AspNetCoreModule 模块 下载地址:(DotNetCore.2.0.3-WindowsHosting-a ...
- Java数据持久层框架 MyBatis之背景知识二
对于MyBatis的学习而言,最好去MyBatis的官方文档:http://www.mybatis.org/mybatis-3/zh/index.html 对于语言的学习而言,马上上手去编程,多多练习 ...
- Qt出现堆溢出(Error Code -1073741823)
症状 在使用Debug模式时,程序可以正常启动,但是切换到Release模式,程序报错,错误码-1073741823 原因 程序中使用了过多的new.比如: QActionGroup *mProtoc ...
- 一个不可思议的MySQL慢查分析与解决
转自:http://fordba.com/optimize-an-amazing-mysql-slowlog.html?hmsr=toutiao.io&utm_medium=toutiao.i ...
- CentOS如何把deb转为rpm
说明:可以转换,但不一定可用,可以根据报错提示,安装需要的依赖. 1 安装alien工具,下载地址http://ftp.de.debian.org/debian/pool/main/a/alien/ ...
- C#、Java之比较
很多人说C#是微软用来和Java抗衡的武器,因为二者在很大程度上有着惊人的相似,尽管如此,两者不同的地方也很多,所谓"于细微处见差异".那么两者的相似和区别都在什么地方呢?我们从今 ...
- JDK自带的Timer类
Timer类负责设定TimerTask的起始和间隔执行时间.具体的执行任务,由用户创建一个TimerTask的继承类,并实现其run()方法 timer.schedule()
- PHP date函数详解
在页面的最前页加上date_default_timezone_set(PRC); /*把时间调到北京时间,php5默认为格林威治标准时间*/date ()a: "am"或是 ...