delthas · January 4, 2023 12:43
diff --git a/sni.go b/sni.go
 url := "https://perdu.com"
 hostname := "perdu.com"

 sni := false

 var serverName string
 if sni {
  serverName = hostname
 } else {
  // disable sending the ServerName by using an IP
  // see tls.Config.ServerName
  serverName = "127.0.0.1"
 }

 client := &http.Client{
  // adapted from http.DefaultTransport
  Transport: &http.Transport{
    Proxy: http.ProxyFromEnvironment,
    DialContext: (&net.Dialer{
      Timeout:   30 * time.Second,
      KeepAlive: 30 * time.Second,
      DualStack: true,
    }).DialContext,
    ForceAttemptHTTP2:     true,
    MaxIdleConns:          100,
    IdleConnTimeout:       90 * time.Second,
    TLSHandshakeTimeout:   10 * time.Second,
    ExpectContinueTimeout: 1 * time.Second,
    TLSClientConfig: &tls.Config{
      ServerName: serverName,
      // bypass Go standard verification to use our own below (VerifyConnection)
      InsecureSkipVerify: true,
      VerifyConnection: func(cs tls.ConnectionState) error {
        // adapted from the tls.Config.VerifyConnection example
        // behaves just like the default verification,
        // except for the overriden DNSName below
        opts := x509.VerifyOptions{
          // override the requested hostname with the server hostname
          DNSName:       hostname,
          Intermediates: x509.NewCertPool(),
        }
        for _, cert := range cs.PeerCertificates[1:] {
          opts.Intermediates.AddCert(cert)
        }
        _, err := cs.PeerCertificates[0].Verify(opts)
        return err
      },
    },
  },
 }

 res, err := client.Get(url)
	url := "https://perdu.com"
	hostname := "perdu.com"

	sni := false

	var serverName string
	if sni {
	serverName = hostname
	} else {
	// disable sending the ServerName by using an IP
	// see tls.Config.ServerName
	serverName = "127.0.0.1"
	}

	client := &http.Client{
	// adapted from http.DefaultTransport
	Transport: &http.Transport{
	Proxy: http.ProxyFromEnvironment,
	DialContext: (&net.Dialer{
	Timeout: 30 * time.Second,
	KeepAlive: 30 * time.Second,
	DualStack: true,
	}).DialContext,
	ForceAttemptHTTP2: true,
	MaxIdleConns: 100,
	IdleConnTimeout: 90 * time.Second,
	TLSHandshakeTimeout: 10 * time.Second,
	ExpectContinueTimeout: 1 * time.Second,
	TLSClientConfig: &tls.Config{
	ServerName: serverName,
	// bypass Go standard verification to use our own below (VerifyConnection)
	InsecureSkipVerify: true,
	VerifyConnection: func(cs tls.ConnectionState) error {
	// adapted from the tls.Config.VerifyConnection example
	// behaves just like the default verification,
	// except for the overriden DNSName below
	opts := x509.VerifyOptions{
	// override the requested hostname with the server hostname
	DNSName: hostname,
	Intermediates: x509.NewCertPool(),
	}
	for _, cert := range cs.PeerCertificates[1:] {
	opts.Intermediates.AddCert(cert)
	}
	_, err := cs.PeerCertificates[0].Verify(opts)
	return err
	},
	},
	},
	}

	res, err := client.Get(url)