mirror of
https://git.phreedom.club/localhost_frssoft/compy.git
synced 2024-11-23 16:41:30 +00:00
use the correct signature algorithm for mitm certs
Use the signature algorithm of the provided CA rather than the one from the server cert.
This commit is contained in:
parent
47488248d2
commit
eb0b8469a9
|
@ -27,9 +27,17 @@ func newCertFaker(caPath, keyPath string) (*certFaker, error) {
|
|||
}
|
||||
|
||||
func (cf *certFaker) FakeCert(original *x509.Certificate) (*tls.Certificate, error) {
|
||||
fakeCertData, err := x509.CreateCertificate(nil, original, cf.ca, cf.ca.PublicKey, cf.key)
|
||||
template := cf.createTemplate(original)
|
||||
fakeCertData, err := x509.CreateCertificate(nil, template, cf.ca, cf.ca.PublicKey, cf.key)
|
||||
return &tls.Certificate{
|
||||
Certificate: [][]byte{fakeCertData},
|
||||
PrivateKey: cf.key,
|
||||
}, err
|
||||
}
|
||||
|
||||
func (cf *certFaker) createTemplate(cert *x509.Certificate) *x509.Certificate {
|
||||
template := &x509.Certificate{}
|
||||
*template = *cert
|
||||
template.SignatureAlgorithm = cf.ca.SignatureAlgorithm
|
||||
return template
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue