mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-27 02:24:18 +00:00
4fc807cedd
- Use templates for config files. We can re-introduce customization of the certificate attributes when we need them. - Split CA and cert generation into separate functions. - Generation methods provide an error return when generation fails. - When the user explicitly specifies a certificate, we don't generate it, but fail if it doesn't exist.
35 lines
825 B
INI
35 lines
825 B
INI
[ req ]
|
|
prompt = no
|
|
distinguished_name = req_distinguished_name
|
|
x509_extensions = v3_cert
|
|
req_extensions = v3_cert_req
|
|
|
|
[ req_distinguished_name ]
|
|
organizationName = mitmproxy
|
|
commonName = %(commonname)s
|
|
|
|
[ v3_ca ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer
|
|
basicConstraints = critical,CA:true
|
|
keyUsage = cRLSign, keyCertSign
|
|
nsCertType = sslCA
|
|
|
|
[ v3_ca_req ]
|
|
basicConstraints = critical,CA:true
|
|
keyUsage = cRLSign, keyCertSign
|
|
nsCertType = sslCA
|
|
|
|
[ v3_cert ]
|
|
basicConstraints = CA:false
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
nsCertType = server
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer
|
|
|
|
[ v3_cert_req ]
|
|
basicConstraints = CA:false
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
nsCertType = server
|
|
|