Fetch an HTTPS Asset from Specific IP and Skipping DNS lookup

Question

I am working on some code for a device that will not be able to query a DNS. I will only have ports 80 and 443 available.

The following works, but of course hits the DNS. The domain used is my personal domain, not the real domain the problem is for - it’s work related and redacted. This is simply used to illustrate the issue.

package main

import (
    “log”
    “net/http”
)

func main() {
    client := &http.Client{}
    req, err := http.NewRequest(“GET”, “https://donatstudios.com/images/Spacecat/spacecat.svg”, nil)
    if err != nil {
        log.Fatal(err)
    }

    _, err = client.Do(req)
    if err != nil {
        log.Fatal(err)
    }

    log.Fatal(“no errors”)
}

I change the code to hit the specific IP address ala:

package main

import (
    “log”
    “net/http”
)

func main() {
    client := &http.Client{}
    req, err := http.NewRequest(“GET”, “https://162.243.23.224/images/Spacecat/spacecat.svg”, nil)
    if err != nil {
        log.Fatal(err)
    }
    req.Host = “donatstudios.com”

    _, err = client.Do(req)
    if err != nil {
        log.Fatal(err)
    }

    log.Fatal(“no errors”)
}

And now receive “cannot validate certificate for 162.243.23.224 because it doesn't contain any IP SANs”

When not using an https domain the above code works.

Presumably this is something to do with SSL. #go-nuts told me they believe this to happen before it ever hit the HTTP layer? I’ve been poking this for hours and cannot figure out how to make it work.

Is your server using SNI (https://en.wikipedia.org/wiki/Server_Name_Indication)? — Sean, May 16 '16 at 21:28

score 2 · Accepted Answer · answered May 16 '16 at 21:34

I'm assuming your server is using SNI like the one used in the example. Give this a try and see if it works for you.

package main

import (

    "crypto/tls"
    "log"
    "net/http"

)

func main() {

    tlsConfig := &tls.Config{
        ServerName: "moupon.co",
    }
    tlsConfig.BuildNameToCertificate()
    transport := &http.Transport{TLSClientConfig: tlsConfig}

    client := &http.Client{Transport: transport}
    req, err := http.NewRequest("GET", "https://216.239.32.21/s/img/logo.png", nil)
    if err != nil {
        log.Fatal(err)
    }
    req.Host = "moupon.co"

    _, err = client.Do(req)
    if err != nil {
        log.Fatal(err)
    }

    log.Fatal("no errors")
}

That worked **perfectly** on both the test domain and the real domain. Thank you! — donatJ, May 16 '16 at 21:40

Fetch an HTTPS Asset from Specific IP and Skipping DNS lookup

1 Answers1