https request with client.crt and client.key

Question

I want to send a POST request to https server and get the response. Here is what I am doing in curl and it works well.

curl --key ./client.key --cert ./client.crt https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report -H 'Content-Type: application/json' --data '{"key": "value"}'

This is the code snippet I tried in Go.

    url := "https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/report"
    pair, e := tls.LoadX509KeyPair("client.crt", "client.key")
    if e != nil {
        log.Fatal("LoadX509KeyPair:", e)
    }

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                InsecureSkipVerify: true,
                Certificates: []tls.Certificate{pair},
            },
        }}

    resp, e := client.Post(url, "application/json", bytes.NewBufferString(payload))

The program is hanging at the last line, error message is

Post: dial tcp connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

I feel there is problem in my connection establish code, instead of the server's problem since server works perfectly with curl.

Answer 1

Firstly, never ever ever use InsecureSkipVerify: true no matter how convenient it may seem. Instead set something like:

tls.Config {
    ServerName: "test-as.sgx.trustedservices.intel.com",
    Certificates: []tls.Certificate{pair}
}

Second, initializing http.Transport - to pass your custom tls.Config - also zeros out all the other default http.Transport settings that come with the default http.Client.

Some of those zero defaults may force behavior you might not expect. See here on how to restore some of those original defaults.