curl is able to GET from https; but from golang's http.get(), same https URL does not work

Question

When I do curl https://10.184.96.62:3000/status, server sends back json data. All good.

Using the below golang code, the application prints :

2019/05/21 18:29:15 Get https://10.184.96.62:3000/status: x509: cannot validate certificate for 10.184.96.62 because it doesn't contain any IP SANs

package main

import (
        "log"
        "net/http"
)

func main() {
        _, err := http.Get("https://10.184.96.62:3000/status")
        if err != nil {
                log.Fatal(err)
        }
}

What am I missing?

Answer 1

The problem was with the certificate I generated. I used openssl to create a self-signed certificate. As I shared, curl was able to use it to establish connection with the server. But not the go application.

In some forum I saw a comment that said that getting openssl to work in this scenario is tricky. So I used this go code to generate the certificate. Using this certificate, go app was also able to make the request with out making any change to the source code I shared in my question.

Hope this helps some one in need.

Answer 2

The problem that the error message indicates is specific to the combination of HTTPS with IP addresses: usually a SSL certificate uses the hostname to check the authenticity of the server. In your case there is no hostname, but a IP address instead. There are two possible solutions to your problem:

1. Use a hostname instead of the IP address and put that hostname into your certificate.
2. Put the IP address you want to use into the subjectAltNames ("Subject Alternative Names" - SAN) field of your certificate (see RFC 5280).