Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http: provide better error message when proxy is misconfigured #29809
What version of Go are you using (
With variables as below;
The error is;
With variables as;
The below succeeds
Not sure about your point on HTTP only. The
Works fine when variables are set to;
@jtfogarty, sorry for the delay here. I was actively ignoring cmd/go issues, the cmd/go owners deal with them, but since you asked me about this at GCP Next I'm taking a look.
There's a difference between:
The former proxies https requests (e.g. those from cmd/go get) using CONNECT requests to an https proxy server at the given ip:port.
The latter proxies those https requests still using CONNECT requests but to an http proxy server at the given ip:port.
The notable difference is that you almost certainly don't have a valid https certificate for your proxy server if you're connecting via an IP address and not via a hostname.
There are a few rare exceptions (like https://22.214.171.124/) but generally IP addresses don't get TLS certs, and only hostnames do.
Admittedly the error message above kinda sucks:
It looks like your proxy is immediately hanging up on you (cmd/go) when it's not presented any SNI value (a hostname) in the TLS ClientHello.
I get a slightly better error if I use a dummy IP address for a proxy:
There at least I see (
But perhaps we could detect this case (an https proxy without a hostname) and upgrade the error message to something more helpful with a hint ("you need a hostname probably") along with the original error.
Can you confirm that's your issue?
This is only an issue for apps written in go. I was installing a server with helm today. I was able to execute the following
Not sure what ip:port you want me to curl to but if I curl to github.com with the
Using the ip for github
So I bet the issue here is that Go just can't validate your
I'm afraid I can't really debug further by talking in the abstract. I'd need more verbose logs that you'd inevitably need to redact too much to be useful.
If you want to privately email me the full details, I'm bradfitz at golang.org.
This ended up being an environment configuration problem.
Go could perhaps provide a better error message than