localhost_frssoft/compy
1
0
Fork 0
mirror of https://git.phreedom.club/localhost_frssoft/compy.git synced 2024-11-23 16:41:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

use the correct signature algorithm for mitm certs

Browse source 
Use the signature algorithm of the provided CA rather than the one from
the server cert.
This commit is contained in:
Barna Csorogi 2018-02-05 01:37:10 +01:00
parent 47488248d2
commit eb0b8469a9
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
proxy/certfaker.go
View file

@ -27,9 +27,17 @@ func newCertFaker(caPath, keyPath string) (*certFaker, error) {
} }
func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) { func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) {
fakeCertData, err := x509.CreateCertificate(nil, original, cf.ca, cf.ca.PublicKey, cf.key) template := cf.createTemplate(original)
fakeCertData, err := x509.CreateCertificate(nil, template, cf.ca, cf.ca.PublicKey, cf.key)
return &tls.Certificate{ return &tls.Certificate{
Certificate: [][]byte{fakeCertData}, Certificate: [][]byte{fakeCertData},
PrivateKey: cf.key, PrivateKey: cf.key,
}, err }, err
} }
func (cf *certFaker) createTemplate(cert *x509.Certificate) *x509.Certificate {
template := &x509.Certificate{}
*template = *cert
template.SignatureAlgorithm = cf.ca.SignatureAlgorithm
return template
}