半岛的蒟蒻bddjr
半岛的蒟蒻bddjr
这个可能可以通过修改 TLSConfig 的 GetCertificate 实现,检查 tls.ClientHelloInfo 的 ServerName 如果不在自定义证书的“使用者可选名称”里,那么就返回localhost证书或者抛出错误结束连接。 但需要有个特殊条件,证书可选名称里如果有IP,而 ServerName 是空的,那也不能阻止
@wanghe-fit2cloud 我直接给个实现方法,可以直接让后端读取证书支持哪些地址,从而决定给未知servername返回localhost证书 (以下是我自己写go程序的时候弄的,只截了一部分,直接粘贴肯定跑不起来)   
Change this server_name ``` # If the domain name used cannot match in other servers {}, it will # match here. server_name _ mcsm.mc16.duckdns.org, *.mc16.duckdns.org; ``` to ``` # If...
ubuntu usually requires nginx to be compiled and installed, so /etc/nginx may not be the real directory
The nginx example you provided is incorrect, it should be like this: ```nginx # port 443 error_page 497 https://$host$request_uri; # other ports error_page 497 https://$host:$server_port$request_uri; ``` Then, attempting to access...
Maybe we can read the "Host" request header, then return 307 status code The following is a number of debugging screenshots, not yet implemented the above functions `src/crypto/tls/conn.go`  `src/net/http/server.go`...
I did it! Next, I will submit a pull request.   
A static string can be redirected in the browser using JavaScript, but it doesn't fit the 301 status code redirect that some people want ```go "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nConnection:...
I think it's possible to provide multiple interfaces for different use cases, like `TLSConfig`'s `NameToCertificate` and `GetCertificate` (I think the relevant configuration should be written in TLSConfig) ```go type Config...
> I am not sure how much utility is in inspecting `recordedBytes`? 307 redirect ```go var compiledRegExp_httpHost = regexp.MustCompile(`\r\nHost: \S+`) // "\r\nHost: local.q8p.cc:5678" var compiledRegExp_httpPath = regexp.MustCompile(`/\S*`) // "/index.html" func...