Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: tls verify error message make confused. #42662

Closed
xiekeyi98 opened this issue Nov 17, 2020 · 4 comments
Closed

net/http: tls verify error message make confused. #42662

xiekeyi98 opened this issue Nov 17, 2020 · 4 comments

Comments

@xiekeyi98
Copy link

@xiekeyi98 xiekeyi98 commented Nov 17, 2020

What version of Go are you using (go version)?

$ go version
go version go1.15.5 linux/amd64

Does this issue reproduce with the latest release?

yep.

What operating system and processor architecture are you using (go env)?

ubuntu@VM-0-6-ubuntu:~$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/ubuntu/.cache/go-build"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/ubuntu/go"
GORACE=""
GOROOT="/usr/lib/go-1.10"
GOTMPDIR=""
GOTOOLDIR="/usr/lib/go-1.10/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build235759783=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Run this golang program:

package main

import (
        "bytes"
        "encoding/json"

        "fmt"
        "io/ioutil"
        "net/http"
//      "crypto/tls"

        "time"
)

func PostJSONWithTimeout(
        urlString string,
        req interface{},
        timeout time.Duration,
) (body []byte, err error) {

        buffer := new(bytes.Buffer)
        json.NewEncoder(buffer).Encode(req)



        client := http.Client{
                Timeout: timeout,
                Transport: &http.Transport{
                        //TLSClientConfig:   &tls.Config{InsecureSkipVerify: true},
                        DisableKeepAlives: true},
        }
        resp, err := client.Post(urlString, "application/json", buffer)

        if err != nil {
                fmt.Printf("err:%v", err)
                return nil, err
        }

        defer resp.Body.Close()

        body, err = ioutil.ReadAll(resp.Body)
        if err != nil {
                fmt.Printf("error:%s", err.Error())
        } else {
                fmt.Printf("suc %s\n", string(body))
        }
        return body, nil
}

func main() {

        req := map[string]string{
                "appkey":        "",
                "encryptsecret": "",
                "firmacctid":    "tt",
        }

        PostJSONWithTimeout("https://firmacct.html5.qq.com/oauth2/get_sig", req, time.Hour)

}

Get Error :

ubuntu@VM-0-6-ubuntu:~$ ~/go/bin/go version && ~/go/bin/go run ./main2.go 
go version go1.15.5 linux/amd64
err:Post "https://firmacct.html5.qq.com/oauth2/get_sig": dial tcp: lookup firmacct.html5.qq.com: too many open files
ubuntu@VM-0-6-ubuntu:~$ ^C

But when I use the go 1.10.4

ubuntu@VM-0-6-ubuntu:~$ go version && go run ./main2.go 
go version go1.10.4 linux/amd64
suc {"ErrCode":-1004,"ErrMsg":"http postbody param empty","Sig":""}

Question

I am confused that why the error message is so strange?

I think he may have something to do with site credentials, but why is the error message so confusing?

@xiekeyi98
Copy link
Author

@xiekeyi98 xiekeyi98 commented Nov 17, 2020

When I use the InsecureSkipVerify , it ok .

ubuntu@VM-0-6-ubuntu:~$ cat ./main2.go  && go run ./main2.go 

package main

import (
        "bytes"
        "encoding/json"

        "fmt"
        "io/ioutil"
        "net/http"
        "crypto/tls"

        "time"
)

func PostJSONWithTimeout(
        urlString string,
        req interface{},
        timeout time.Duration,
) (body []byte, err error) {

        buffer := new(bytes.Buffer)
        json.NewEncoder(buffer).Encode(req)



        client := http.Client{
                Timeout: timeout,
                Transport: &http.Transport{
                        TLSClientConfig:   &tls.Config{InsecureSkipVerify: true},
                        DisableKeepAlives: true},
        }
        resp, err := client.Post(urlString, "application/json", buffer)

        if err != nil {
                fmt.Printf("err:%v", err)
                return nil, err
        }

        defer resp.Body.Close()

        body, err = ioutil.ReadAll(resp.Body)
        if err != nil {
                fmt.Printf("error:%s", err.Error())
        } else {
                fmt.Printf("suc %s\n", string(body))
        }
        return body, nil
}

func main() {

        req := map[string]string{
                "appkey":        "",
                "encryptsecret": "",
                "firmacctid":    "tt",
        }

        PostJSONWithTimeout("https://firmacct.html5.qq.com/oauth2/get_sig", req, time.Hour)

}


suc {"ErrCode":-1004,"ErrMsg":"http postbody param empty","Sig":""}
@xiekeyi98
Copy link
Author

@xiekeyi98 xiekeyi98 commented Nov 17, 2020

When I switch to another better server, it works on go1.15.5

but it took too many handles.

image

image
image

I think it may sth happened about http2.

@xiekeyi98
Copy link
Author

@xiekeyi98 xiekeyi98 commented Nov 17, 2020

Close this issue because maybe the server has sth wrong.

@xiekeyi98
Copy link
Author

@xiekeyi98 xiekeyi98 commented Nov 21, 2020

Test with CURL

ubuntu@VM-0-6-ubuntu:~$ curl https://firmacct.html5.qq.com/oauth2/get_sig" -vvI -XPOST
> ^C
ubuntu@VM-0-6-ubuntu:~$ curl https://firmacct.html5.qq.com/oauth2/get_sig -vvI -XPOST
*   Trying 121.51.19.218...
* TCP_NODELAY set
* Connected to firmacct.html5.qq.com (121.51.19.218) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=CN; ST=guangdong; L=shenzhen; O=Tencent Technology (Shenzhen) Company Limited; CN=*.jun04.sparta.3g.qq.com
*  start date: Jun 16 02:40:45 2020 GMT
*  expire date: Jun 17 02:40:45 2021 GMT
*  subjectAltName: host "firmacct.html5.qq.com" matched cert's "*.html5.qq.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55de1529a580)
> POST /oauth2/get_sig HTTP/2
> Host: firmacct.html5.qq.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
HTTP/2 200 
< server: nginx
server: nginx
< date: Sat, 21 Nov 2020 19:37:10 GMT
date: Sat, 21 Nov 2020 19:37:10 GMT
< content-type: application/json
content-type: application/json
< content-length: 64
content-length: 64

< 
* Excess found in a non pipelined read: excess = 64 url = /oauth2/get_sig (zero-length body)
* Connection #0 to host firmacct.html5.qq.com left intact
ubuntu@VM-0-6-ubuntu:~$ 


**it should return some JSON string**

ubuntu@VM-0-6-ubuntu:~$ curl https://firmacct.html5.qq.com/oauth2/get_sig  -XPOST
{"ErrCode":-1004,"ErrMsg":"http postbody param empty","Sig":""}



ubuntu@VM-0-6-ubuntu:~$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL 
ubuntu@VM-0-6-ubuntu:~$ 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.