向 mitmproxy 添加其他受信任的根 CA 证书
[英]Adding additional trusted root CA certificates to mitmproxy
问题描述
I am trying to configure mitmproxy so that it accepts certain upstream server certificates that are not trusted by default.
我正在尝试配置 mitmproxy 以便它接受某些默认情况下不受信任的上游服务器证书。
I don't want to use the --ssl-insecure option as it totally disables all certificate checking for upstream connections.我不想使用--ssl-insecure选项,因为它完全禁用了上游连接的所有证书检查。
I tried the option ssl_verify_upstream_trusted_ca which allows me to specify one PEM file where certificates are stored in, the problem is that using this option does not add those certificates as additionally trusted certificates, instead it replaces the list of trusted CA certificates.我尝试了ssl_verify_upstream_trusted_ca选项,它允许我指定一个存储证书的 PEM 文件,问题是使用此选项不会将这些证书添加为额外的受信任证书,而是替换受信任的 CA 证书列表。 Therefore using this option mitmproxy does no longer trust the default CA certificates, only those I specify.因此使用此选项 mitmproxy 不再信任默认 CA 证书,只信任我指定的那些。 As the default trusted CA certificates are specified by the OS and updated regularly I don't want to exclude them.由于默认受信任的 CA 证书由操作系统指定并定期更新,因此我不想排除它们。
How can I specify a set of trusted root CA certificates for mitmproxy that are additionally trusted?如何为 mitmproxy 指定一组额外受信任的受信任根 CA 证书?
1 个解决方案
解决方案1
2 2020-04-27 16:29:41
mitmproxy uses certifi as its root of trust by default, not your OS certificates. mitmproxy 默认使用certifi作为其信任根,而不是您的操作系统证书。 We would like to do that, but it's incredibly painful with OpenSSL.我们想这样做,但是 OpenSSL 非常痛苦。
Anyhow, take that and concatenate it with your custom certificates.无论如何,将其与您的自定义证书连接起来。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.