Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add subjectAltName for valid certification in recent browser #4

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add subjectAltName for valid certification in recent browser #4

wants to merge 3 commits into from

Conversation

j31d0
Copy link

@j31d0 j31d0 commented Oct 4, 2018

from the recent browser, certificate with CN(Common Name) is not enough to verify. Chrome requires subjectAlternativeName for version 65 and later, so I added subjectAltName in certificate.

@Nibba2018
Copy link

hello @j31d0 could you help me out? i am having some issues regarding https websites

@j31d0
Copy link
Author

j31d0 commented Nov 3, 2019

I will try to solve issue when you give description of it (but this requests was made long ago, so I can't guarantee to solve it)

@Nibba2018
Copy link

The Issue is that when I am accessing HTTPS websites, the browser downloads a random named .bin file, for e.g WgehL.bin each time I visit the same website it downloads a .bin file of a different name. The HTTP sites work fine though.

I was wondering where I went wrong...

Thank You for your help.

@j31d0
Copy link
Author

j31d0 commented Nov 4, 2019

I couldn't reproduce the result, but I got ERR_CERT_WEAK_SIGNATURE_ALGORITHM message in latest chrome, so I changed to use sha512 hash. (After that patch, proxy works well in my iMac)

@j31d0
Copy link
Author

j31d0 commented Nov 4, 2019

If you have more question or going to give more concrete issue, It may be better to make issue in my forked repository (https://github.com/j31d0/proxy2)

@Nibba2018
Copy link

Btw I changed the code to work on python3 as well

Jaymes305
Jaymes305 suggested changes Sep 20, 2023
View reviewed changes
proxy2.py
epoch = "%d" % (time.time() * 1000)
p1 = Popen(["openssl", "req", "-new", "-key", self.certkey, "-subj", "/CN=%s" % hostname], stdout=PIPE)
p2 = Popen(["openssl", "x509", "-req", "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-out", certpath], stdin=p1.stdout, stderr=PIPE)
p2 = Popen(["openssl", "x509", "-req", "-extfile", confpath, "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-sha512", "-out", certpath], stdin=p1.stdout, stderr=PIPE)
p2.communicate()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@j31d0

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wyd

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@inaz2

proxy2.py
epoch = "%d" % (time.time() * 1000)
p1 = Popen(["openssl", "req", "-new", "-key", self.certkey, "-subj", "/CN=%s" % hostname], stdout=PIPE)
p2 = Popen(["openssl", "x509", "-req", "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-out", certpath], stdin=p1.stdout, stderr=PIPE)
p2 = Popen(["openssl", "x509", "-req", "-extfile", confpath, "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-sha512", "-out", certpath], stdin=p1.stdout, stderr=PIPE)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

H

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jaymes305 Jaymes305 Jaymes305 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@j31d0 @Nibba2018 @Jaymes305