Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

Super User is a question and answer site for computer enthusiasts and power users. It only takes a minute to sign up.

Sign up to join this community

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

When I open chrome or chromium with the command line flag --host-rules=MAP * XX.XX.XX.XX , I get a failed SSL handshake:

[14865:14877:0908/163850.072936:ERROR:ssl_client_socket_impl.cc(963)] handshake failed; returned -1, SSL error code 1, net_error -200

Here's the background: there are some web servers which ordinarily operate behind a node balancer. In order to run a battery of tests, I want to bypass the node balancer and make requests to each of the servers individually, specifying the servers by IP address. (I need to deploy this setup to various other workstations, and I cannot use a solution that requires root user permissions.)

It seems that although I enter https:// mysite.com into the Chrome address bar, Chrome uses the ip address XX.XX.XX.XX during the SSL handshake, and of course, the SSL cert's CN doesn't match that.

Is there a way to:

Have Chrome resolve a given hostname to a given IP address

While supporting SSL

Without needing root (e.g. to edit /etc/hosts )

Had this problem myself, but according to https://datacadamia.com/web/browser/chrome#dns_resolver , the switch was renamed to --host-resolver-rules .

Using the current switch name resolved the SSL handshake errors.