Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-23 00:01:36 +00:00
Code Issues Projects Releases Wiki Activity

Fix SSL error

Browse Source 
This fixes an issue that occurs when a user supplies a custom SSL cert w/ intermediate certs that contradict the default certifi set of root certificates. In particular, this addressed an issue where the "COMODO RSA Certification Authority" cert in certifi is NOT trusted on OS X by default as of OS X 10.11.6. Even when the user manually supplied a different valid "COMODO RSA Certification Authority" cert in their custom SSL cert .pem file, that cert would be overridden by certifi's default cert.
This commit is contained in:
Ryan Laughlin 2016-09-30 16:39:44 -04:00
parent e0cd33b586
commit fbf8567a79
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
netlib/tcp.py
View File

@ -817,7 +817,7 @@ class BaseHandler(_Connection):
until then we're conservative.
"""
context = self._create_ssl_context(**sslctx_kwargs)
context = self._create_ssl_context(ca_pemfile=chain_file, **sslctx_kwargs)
context.use_privatekey(key)
if isinstance(cert, certutils.SSLCert):
@ -840,10 +840,6 @@ class BaseHandler(_Connection):
return True
context.set_verify(SSL.VERIFY_PEER, save_cert)
# Cert Verify
if chain_file:
context.load_verify_locations(chain_file)
if dhparams:
SSL._lib.SSL_CTX_set_tmp_dh(context._context, dhparams)