mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 18:18:25 +00:00
Fix SSL error
This fixes an issue that occurs when a user supplies a custom SSL cert w/ intermediate certs that contradict the default certifi set of root certificates. In particular, this addressed an issue where the "COMODO RSA Certification Authority" cert in certifi is NOT trusted on OS X by default as of OS X 10.11.6. Even when the user manually supplied a different valid "COMODO RSA Certification Authority" cert in their custom SSL cert .pem file, that cert would be overridden by certifi's default cert.
This commit is contained in:
parent
e0cd33b586
commit
fbf8567a79
@ -817,7 +817,7 @@ class BaseHandler(_Connection):
|
||||
until then we're conservative.
|
||||
"""
|
||||
|
||||
context = self._create_ssl_context(**sslctx_kwargs)
|
||||
context = self._create_ssl_context(ca_pemfile=chain_file, **sslctx_kwargs)
|
||||
|
||||
context.use_privatekey(key)
|
||||
if isinstance(cert, certutils.SSLCert):
|
||||
@ -840,10 +840,6 @@ class BaseHandler(_Connection):
|
||||
return True
|
||||
context.set_verify(SSL.VERIFY_PEER, save_cert)
|
||||
|
||||
# Cert Verify
|
||||
if chain_file:
|
||||
context.load_verify_locations(chain_file)
|
||||
|
||||
if dhparams:
|
||||
SSL._lib.SSL_CTX_set_tmp_dh(context._context, dhparams)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user