From 3fbf343985cd1a957514ebcc54fee067c18b99ea Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Fri, 18 Mar 2011 14:48:43 +1300 Subject: Tweak CA and cert setup to be nice to Windows. For some reason Satan's Operating System doesn't join up the certification path if the key identifiers are set to hash. This took a few hours of trial and error to figure out. --- libmproxy/resources/ca.cnf | 4 ---- libmproxy/resources/cert.cnf | 4 ---- 2 files changed, 8 deletions(-) (limited to 'libmproxy') diff --git a/libmproxy/resources/ca.cnf b/libmproxy/resources/ca.cnf index c65c66c8..b1f93f92 100644 --- a/libmproxy/resources/ca.cnf +++ b/libmproxy/resources/ca.cnf @@ -9,8 +9,6 @@ organizationName = mitmproxy commonName = mitmproxy [ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer basicConstraints = critical,CA:true keyUsage = cRLSign, keyCertSign extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC @@ -27,8 +25,6 @@ basicConstraints = CA:false keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC nsCertType = server -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer [ v3_cert_req ] basicConstraints = CA:false diff --git a/libmproxy/resources/cert.cnf b/libmproxy/resources/cert.cnf index 9afae09f..5f80c2d6 100644 --- a/libmproxy/resources/cert.cnf +++ b/libmproxy/resources/cert.cnf @@ -9,8 +9,6 @@ organizationName = mitmproxy commonName = %(commonname)s [ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer basicConstraints = critical,CA:true keyUsage = cRLSign, keyCertSign nsCertType = sslCA @@ -24,8 +22,6 @@ nsCertType = sslCA basicConstraints = CA:false keyUsage = nonRepudiation, digitalSignature, keyEncipherment nsCertType = server -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer [ v3_cert_req ] basicConstraints = CA:false -- cgit v1.2.3