mirror of
https://git.phreedom.club/localhost_frssoft/compy.git
synced 2024-11-27 10:31:31 +00:00
use the correct signature algorithm for mitm certs
Use the signature algorithm of the provided CA rather than the one from the server cert.
This commit is contained in:
parent
47488248d2
commit
eb0b8469a9
|
@ -27,9 +27,17 @@ func newCertFaker(caPath, keyPath string) (*certFaker, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) {
|
func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) {
|
||||||
fakeCertData, err := x509.CreateCertificate(nil, original, cf.ca, cf.ca.PublicKey, cf.key)
|
template := cf.createTemplate(original)
|
||||||
|
fakeCertData, err := x509.CreateCertificate(nil, template, cf.ca, cf.ca.PublicKey, cf.key)
|
||||||
return &tls.Certificate{
|
return &tls.Certificate{
|
||||||
Certificate: [][]byte{fakeCertData},
|
Certificate: [][]byte{fakeCertData},
|
||||||
PrivateKey: cf.key,
|
PrivateKey: cf.key,
|
||||||
}, err
|
}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (cf *certFaker) createTemplate(cert *x509.Certificate) *x509.Certificate {
|
||||||
|
template := &x509.Certificate{}
|
||||||
|
*template = *cert
|
||||||
|
template.SignatureAlgorithm = cf.ca.SignatureAlgorithm
|
||||||
|
return template
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue