mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 18:18:25 +00:00
Add DEFAULT_EXP_DUMMY_CERT and set to 90 days
Helps with Chrome's "certificates can not be valid longer than 27,5 month" Fixes #3273
This commit is contained in:
parent
5f3cbbb3cd
commit
a081ba6430
@ -15,6 +15,7 @@ from mitmproxy.coretypes import serializable
|
|||||||
|
|
||||||
# Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
|
# Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
|
||||||
DEFAULT_EXP = 94608000 # = 24 * 60 * 60 * 365 * 3
|
DEFAULT_EXP = 94608000 # = 24 * 60 * 60 * 365 * 3
|
||||||
|
DEFAULT_EXP_DUMMY_CERT = 7776000 # = 90 days
|
||||||
|
|
||||||
# Generated with "openssl dhparam". It's too slow to generate this on startup.
|
# Generated with "openssl dhparam". It's too slow to generate this on startup.
|
||||||
DEFAULT_DHPARAM = b"""
|
DEFAULT_DHPARAM = b"""
|
||||||
@ -101,7 +102,7 @@ def dummy_cert(privkey, cacert, commonname, sans):
|
|||||||
|
|
||||||
cert = OpenSSL.crypto.X509()
|
cert = OpenSSL.crypto.X509()
|
||||||
cert.gmtime_adj_notBefore(-3600 * 48)
|
cert.gmtime_adj_notBefore(-3600 * 48)
|
||||||
cert.gmtime_adj_notAfter(DEFAULT_EXP)
|
cert.gmtime_adj_notAfter(DEFAULT_EXP_DUMMY_CERT)
|
||||||
cert.set_issuer(cacert.get_subject())
|
cert.set_issuer(cacert.get_subject())
|
||||||
if commonname is not None and len(commonname) < 64:
|
if commonname is not None and len(commonname) < 64:
|
||||||
cert.get_subject().CN = commonname
|
cert.get_subject().CN = commonname
|
||||||
|
Loading…
Reference in New Issue
Block a user