diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2012-03-27 17:01:18 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2012-03-27 17:01:18 +1300 |
| commit | a6df72cfc8a61d43585a80a5b2b1f2de4282986d (patch) | |
| tree | 12b6b8a87a19cd3598f4c00239612a1d54174f54 | |
| parent | e9ac4bef2065abe545fbc7e8712c027f573082b3 (diff) | |
| download | mitmproxy-a6df72cfc8a61d43585a80a5b2b1f2de4282986d.tar.gz mitmproxy-a6df72cfc8a61d43585a80a5b2b1f2de4282986d.tar.bz2 mitmproxy-a6df72cfc8a61d43585a80a5b2b1f2de4282986d.zip | |
Generate better-formed CAs.
If you're having trouble with your certs in Firefox, you may want to delete
your .mitmproxy directory to re-generate the CA.
| -rw-r--r-- | libmproxy/certutils.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libmproxy/certutils.py b/libmproxy/certutils.py index b807e483..aae0d7ab 100644 --- a/libmproxy/certutils.py +++ b/libmproxy/certutils.py @@ -12,9 +12,10 @@ def create_ca(): key = OpenSSL.crypto.PKey() key.generate_key(OpenSSL.crypto.TYPE_RSA, 1024) ca = OpenSSL.crypto.X509() - ca.set_version(3) + ca.set_serial_number(int(time.time()*10000)) + ca.set_version(2) ca.get_subject().CN = "mitmproxy" - ca.get_subject().OU = "mitmproxy" + ca.get_subject().O = "mitmproxy" ca.gmtime_adj_notBefore(0) ca.gmtime_adj_notAfter(24 * 60 * 60 * 720) ca.set_issuer(ca.get_subject()) @@ -27,7 +28,7 @@ def create_ca(): OpenSSL.crypto.X509Extension("extendedKeyUsage", True, "serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC" ), - OpenSSL.crypto.X509Extension("keyUsage", True, + OpenSSL.crypto.X509Extension("keyUsage", False, "keyCertSign, cRLSign"), OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=ca), |