Go1.10以上版本客户端使用https代理遇到proxyconnect tcp: tls: oversized record received with length 2052解决办法
最近在项目开发过程中需要做http回调,由于内网防火墙限制机器的外网访问权限,因此只能使用代理出口的方式进行访问第三方的回调接口,由于公司内部有一台https的代理服务器因此打算用此代理服务。在使用 Go1.10以上版本的时候,Go客户端遇到下问题proxyconnect tcp: tls: oversized record received with length 20527 ,各大搜索引擎都没有找到解决办法,经过几个小时的试错后,居然发现Go1.8版本居然没有这个问题,因此果断对比Go1.8和Go1.10的源码,并在源码中加Debug信息,后面找了出现问题的代码,具体解决办法见如下博文。
具体部署如下
httpclient ----> https-proxy ----> 第三方http接口
httpclient代码如下
package main
import (
"crypto/tls"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"os"
"strings"
"time"
"github.com/cihub/seelog"
)
func PostHttpRequest(address, data string, hdrs map[string]string) (string, error) {
code, body, err := RawPostHttpRequest(address, data, hdrs, map[string]string{})
if code != 200 {
seelog.Errorf("post request error %d %s %s %s\n", code, data, body, err)
return "", err
}
return body, nil
}
func PostHttpRequestEx(address, data string, hdrs, config map[string]string) (string, error) {
code, body, err := RawPostHttpRequest(address, data, hdrs, config)
if code != 200 {
seelog.Errorf("post request error %d %s %s %s\n", code, data, body, err)
return "", err
}
return body, nil
}
func RawPostHttpRequest(address, data string, hdrs, configs map[string]string) (int, string, error) {
var proxy func(*http.Request) (*url.URL, error) = nil
if v := configs["proxy"]; v != "" {
proxy = func(req *http.Request) (*url.URL, error) {
return url.Parse(v)
}
}
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
Proxy: proxy,
},
Timeout: time.Duration(6) * time.Second,
}
req, err := http.NewRequest(
"POST",
address,
strings.NewReader(data),
)
if err != nil {
// handle error
seelog.Error("new post request error ", err, data)
return -1, "", err
}
if hdrs != nil {
for k, v := range hdrs {
if k == "Host" {
req.Host = v
continue
}
req.Header[k] = []string{v}
}
}
if hdrs == nil || hdrs["Content-Type"] == "" {
req.Header.Set("Content-Type", "application/json")
}
resp, err := client.Do(req)
if err != nil {
seelog.Error("post request error ", err, data)
return -1, "", err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
// handle error
seelog.Error("post request error ", err, data)
return -1, "", err
}
if resp.StatusCode != 200 {
err = fmt.Errorf(resp.Status)
}
return resp.StatusCode, string(body), err
}
func main() {
defer seelog.Flush()
curl := ""
if len(os.Args) >= 2 {
curl = os.Args[1]
}
cfg := map[string]string{}
if len(os.Args) >= 3 {
cfg["proxy"] = os.Args[2]
}
data := "{}"
seelog.Debugf("callback cfg %v", cfg)
body, err := PostHttpRequestEx(curl, data, nil, cfg)
if err != nil {
seelog.Errorf("callback request error %s", err)
return
}
seelog.Infof("callback %s post %s => %s", curl, data, body)
}
编译运行出现如下错误
taxue@linux:~$ go build HttpClient.go
taxue@linux:~$ ./HttpClient https://www.baidu.com https://proxy.server.com:1101
1550890998458292103 [Debug] callback cfg map[proxy:https://proxy.server.com:1101]
1550890998467744401 [Error] post request error Post https://www.baidu.com: proxyconnect tcp: tls: oversized record received with length 20527{}
1550890998467789535 [Error] callback request error Post https://www.baidu.com: proxyconnect tcp: tls: oversized record received with length 20527
问题原因
在/usr/local/go/src/net/http/transport.go文件中dialConn函数,Go1.10版本以后加了if cm.scheme() == "https" { 这个条件判断,错误就是在这个条件块里面出现的,而Go1.8是没有这段代码的,因此猜想可能是某些原因导致加入了这8行代码导致https代理失效。
func (t *Transport) dialConn(ctx context.Context, cm connectMethod) (*persistConn, error) {
if cm.scheme() == "https" && t.DialTLS != nil {
...
} else {
conn, err := t.dial(ctx, "tcp", cm.addr())
if err != nil {
return nil, wrapErr(err)
}
pconn.conn = conn
if cm.scheme() == "https" {
var firstTLSHost string
if firstTLSHost, _, err = net.SplitHostPort(cm.addr()); err != nil {
return nil, wrapErr(err)
}
if err = pconn.addTLS(firstTLSHost, trace); err != nil {
return nil, wrapErr(err)
}
}
}
解决办法
改进办法就是添加条件,当为代理模式的时候不进入这个条件。
if cm.scheme() == "https" && cm.proxyURL == nil {
var firstTLSHost string
if firstTLSHost, _, err = net.SplitHostPort(cm.addr()); err != nil {
return nil, wrapErr(err)
}
if err = pconn.addTLS(firstTLSHost, trace); err != nil {
return nil, wrapErr(err)
}
}
taxue@linux:~$ go build HttpClient.go
taxue@linux:~$ ./HttpClient https://www.baidu.com https://zmcc.corp.cootek.com:1101
1550895140686682645 [Debug] callback cfg map[proxy:https://zmcc.corp.cootek.com:1101]
1550895140899872758 [Info] callback https://www.baidu.com post {} => <!DOCTYPE html>
<!--STATUS OK-->
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<meta content="always" name="referrer">
<script src="https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/nocache/imgdata/seErrorRec.js"></script>
<title>页面不存在_百度搜索</title>
......
总结
至此测试了 http、https直接访问,https代理访问http、https都正常了。是不是golang官方的bug不得而知,欢迎各路大神拍砖过来。
有疑问加站长微信联系(非本文作者))
