From eb0b8469a9d4c73b13e73e58deb087c1884fc949 Mon Sep 17 00:00:00 2001
From: Barna Csorogi <barnacs@justletit.be>
Date: Mon, 5 Feb 2018 01:37:10 +0100
Subject: [PATCH] use the correct signature algorithm for mitm certs

Use the signature algorithm of the provided CA rather than the one from
the server cert.
---
 proxy/certfaker.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/proxy/certfaker.go b/proxy/certfaker.go
index be53ce0..2616103 100644
--- a/proxy/certfaker.go
+++ b/proxy/certfaker.go
@@ -27,9 +27,17 @@ func newCertFaker(caPath, keyPath string) (*certFaker, error) {
 }
 
 func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) {
-	fakeCertData, err := x509.CreateCertificate(nil, original, cf.ca, cf.ca.PublicKey, cf.key)
+	template := cf.createTemplate(original)
+	fakeCertData, err := x509.CreateCertificate(nil, template, cf.ca, cf.ca.PublicKey, cf.key)
 	return &tls.Certificate{
 		Certificate: [][]byte{fakeCertData},
 		PrivateKey:  cf.key,
 	}, err
 }
+
+func (cf *certFaker) createTemplate(cert *x509.Certificate) *x509.Certificate {
+	template := &x509.Certificate{}
+	*template = *cert
+	template.SignatureAlgorithm = cf.ca.SignatureAlgorithm
+	return template
+}