diff options
author | Aldo Cortesi <aldo@nullcube.com> | 2016-02-18 09:19:05 +1300 |
---|---|---|
committer | Aldo Cortesi <aldo@nullcube.com> | 2016-02-18 09:27:08 +1300 |
commit | 92597f82ea8e4747ce1836ecd5eb2479486e8647 (patch) | |
tree | 2aa391b558d92c0122a16c155d3375d31221cde4 /mitmproxy/docs/features/upstreamcerts.rst | |
parent | 49464de1cb159361c16a232b3d8c267b36e95483 (diff) | |
download | mitmproxy-92597f82ea8e4747ce1836ecd5eb2479486e8647.tar.gz mitmproxy-92597f82ea8e4747ce1836ecd5eb2479486e8647.tar.bz2 mitmproxy-92597f82ea8e4747ce1836ecd5eb2479486e8647.zip |
Docs and examples to top level
Diffstat (limited to 'mitmproxy/docs/features/upstreamcerts.rst')
-rw-r--r-- | mitmproxy/docs/features/upstreamcerts.rst | 23 |
1 files changed, 0 insertions, 23 deletions
diff --git a/mitmproxy/docs/features/upstreamcerts.rst b/mitmproxy/docs/features/upstreamcerts.rst deleted file mode 100644 index af2e2226..00000000 --- a/mitmproxy/docs/features/upstreamcerts.rst +++ /dev/null @@ -1,23 +0,0 @@ -.. _upstreamcerts: - -Upstream Certificates -===================== - -When mitmproxy receives a connection destined for an SSL-protected service, it -freezes the connection before reading its request data, and makes a connection -to the upstream server to "sniff" the contents of its SSL certificate. The -information gained - the **Common Name** and **Subject Alternative Names** - is -then used to generate the interception certificate, which is sent to the client -so the connection can continue. - -This rather intricate little dance lets us seamlessly generate correct -certificates even if the client has specified only an IP address rather than the -hostname. It also means that we don't need to sniff additional data to generate -certs in transparent mode. - -Upstream cert sniffing is on by default, and can optionally be turned off. - -================== ============================= -command-line :option:`--no-upstream-cert` -mitmproxy shortcut :kbd:`o` then :kbd:`U` -================== ============================= |