diff options
| author | [OSC] Sven Schliesing <s.schliesing@ndr.de> | 2018-07-31 10:19:43 +0200 |
|---|---|---|
| committer | [OSC] Sven Schliesing <s.schliesing@ndr.de> | 2018-07-31 11:38:11 +0200 |
| commit | a081ba64306bf7f8e03aa9644facbbc027a2e37c (patch) | |
| tree | a6be2399c8a5019b3fe3fef9d1f3a8785c5ce31f /mitmproxy/certs.py | |
| parent | 5f3cbbb3cd1a8930ec6f9df26cb0d4204391edd7 (diff) | |
| download | mitmproxy-a081ba64306bf7f8e03aa9644facbbc027a2e37c.tar.gz mitmproxy-a081ba64306bf7f8e03aa9644facbbc027a2e37c.tar.bz2 mitmproxy-a081ba64306bf7f8e03aa9644facbbc027a2e37c.zip | |
Add DEFAULT_EXP_DUMMY_CERT and set to 90 days
Helps with Chrome's "certificates can not be valid longer than 27,5 month"
Fixes #3273
Diffstat (limited to 'mitmproxy/certs.py')
| -rw-r--r-- | mitmproxy/certs.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py index 9a864cbc..a5c64a39 100644 --- a/mitmproxy/certs.py +++ b/mitmproxy/certs.py @@ -15,6 +15,7 @@ from mitmproxy.coretypes import serializable # Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815 DEFAULT_EXP = 94608000 # = 24 * 60 * 60 * 365 * 3 +DEFAULT_EXP_DUMMY_CERT = 7776000 # = 90 days # Generated with "openssl dhparam". It's too slow to generate this on startup. DEFAULT_DHPARAM = b""" @@ -101,7 +102,7 @@ def dummy_cert(privkey, cacert, commonname, sans): cert = OpenSSL.crypto.X509() cert.gmtime_adj_notBefore(-3600 * 48) - cert.gmtime_adj_notAfter(DEFAULT_EXP) + cert.gmtime_adj_notAfter(DEFAULT_EXP_DUMMY_CERT) cert.set_issuer(cacert.get_subject()) if commonname is not None and len(commonname) < 64: cert.get_subject().CN = commonname |