use the correct signature algorithm for mitm certs

Use the signature algorithm of the provided CA rather than the one from
the server cert.
This commit is contained in:
Barna Csorogi 2018-02-05 01:37:10 +01:00
parent 47488248d2
commit eb0b8469a9

View file

@ -27,9 +27,17 @@ func newCertFaker(caPath, keyPath string) (*certFaker, error) {
} }
func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) { func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) {
fakeCertData, err := x509.CreateCertificate(nil, original, cf.ca, cf.ca.PublicKey, cf.key) template := cf.createTemplate(original)
fakeCertData, err := x509.CreateCertificate(nil, template, cf.ca, cf.ca.PublicKey, cf.key)
return &tls.Certificate{ return &tls.Certificate{
Certificate: [][]byte{fakeCertData}, Certificate: [][]byte{fakeCertData},
PrivateKey: cf.key, PrivateKey: cf.key,
}, err }, err
} }
func (cf *certFaker) createTemplate(cert *x509.Certificate) *x509.Certificate {
template := &x509.Certificate{}
*template = *cert
template.SignatureAlgorithm = cf.ca.SignatureAlgorithm
return template
}