我想使用go lang http请求拨打电话。我拥有带有密码的pfx证书,并且为私有,客户端证书和私有密钥创建了三个pem扩展文件,如下所示。
openssl pkcs12 -in XXXX.pfx -nocerts -nodes -out key.pem
openssl pkcs12 -in XXXX.pfx -cacerts -nokeys -out root.crt
openssl pkcs12 -in XXXX.pfx -clcerts -nokeys -out client.crt
然后,我正在执行下面的GO Lang文件,该文件导致 x509:未知授权机构签名的证书。
软件包主要
import (
"bytes"
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"log"
"net/http"
"time"
)
const (
DATA = `XML_TEMPLATE`
)
func createClientConfig(ca, crt, key string) (*tls.Config, error) {
caCertPEM, err := ioutil.ReadFile(ca)
if err != nil {
return nil, err
}
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM(caCertPEM)
if !ok {
panic("failed to parse root certificate")
}
cert, err := tls.LoadX509KeyPair(crt, key)
if err != nil {
return nil, err
}
return &tls.Config{
CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Certificates: []tls.Certificate{cert},
RootCAs: roots,
InsecureSkipVerify: false,
PreferServerCipherSuites: true,
}, nil
}
func main() {
var url = "/certificates/"
clientCert := url + "client.pem"
clientKey := url + "key.pem"
rootCert := url + "root.pem"
tlsConfig, err := createClientConfig(rootCert, clientCert, clientKey)
if err != nil {
fmt.Println("Inside the error:::::", err)
return
}
tlsConfig.BuildNameToCertificate()
tr := &http.Transport{TLSClientConfig: tlsConfig}
c := &http.Client{
Transport: tr,
Timeout: 15 * time.Second,
}
request_url := "URL"
resp, errPost := c.Post(request_url, "text/xml", bytes.NewBufferString(DATA))
if errPost != nil {
log.Fatalf("post error: %v", errPost)
}
body, errBody := ioutil.ReadAll(resp.Body)
resp.Body.Close()
if errBody != nil {
log.Fatalf("body error: %v", errBody)
}
fmt.Printf("done - body: %v", string(body))
}
如果将 InsecureSkipVerify 设置为 true ,则表示我正在获取数据而没有任何错误。如果要确保安全怎么办?可以直接在http调用中发送pfx文件和pass_phrase吗?