Skip to content

add subjectAltName for valid certification in recent browser#4

Open
j31d0 wants to merge 3 commits intoinaz2:masterfrom
j31d0:master
Open

add subjectAltName for valid certification in recent browser#4
j31d0 wants to merge 3 commits intoinaz2:masterfrom
j31d0:master

Conversation

@j31d0
Copy link

@j31d0 j31d0 commented Oct 4, 2018

from the recent browser, certificate with CN(Common Name) is not enough to verify. Chrome requires subjectAlternativeName for version 65 and later, so I added subjectAltName in certificate.

@Nibba2018
Copy link

Nibba2018 commented Nov 3, 2019

hello @j31d0 could you help me out? i am having some issues regarding https websites

@j31d0
Copy link
Author

j31d0 commented Nov 3, 2019

I will try to solve issue when you give description of it (but this requests was made long ago, so I can't guarantee to solve it)

@Nibba2018
Copy link

Nibba2018 commented Nov 3, 2019

The Issue is that when I am accessing HTTPS websites, the browser downloads a random named .bin file, for e.g WgehL.bin each time I visit the same website it downloads a .bin file of a different name. The HTTP sites work fine though.

I was wondering where I went wrong...

Thank You for your help.

@j31d0
Copy link
Author

j31d0 commented Nov 4, 2019

I couldn't reproduce the result, but I got ERR_CERT_WEAK_SIGNATURE_ALGORITHM message in latest chrome, so I changed to use sha512 hash. (After that patch, proxy works well in my iMac)

@j31d0
Copy link
Author

j31d0 commented Nov 4, 2019

If you have more question or going to give more concrete issue, It may be better to make issue in my forked repository (https://github.com/j31d0/proxy2)

@Nibba2018
Copy link

Nibba2018 commented Nov 5, 2019

Btw I changed the code to work on python3 as well

Jaymes305
Jaymes305 suggested changes Sep 20, 2023
View reviewed changes
proxy2.py
p1 = Popen(["openssl", "req", "-new", "-key", self.certkey, "-subj", "/CN=%s" % hostname], stdout=PIPE)
p2 = Popen(["openssl", "x509", "-req", "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-out", certpath], stdin=p1.stdout, stderr=PIPE)
p2 = Popen(["openssl", "x509", "-req", "-extfile", confpath, "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-sha512", "-out", certpath], stdin=p1.stdout, stderr=PIPE)
p2.communicate()
Copy link

@Jaymes305 Jaymes305 Sep 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@j31d0

Copy link

@Jaymes305 Jaymes305 Sep 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wyd

Copy link

@Jaymes305 Jaymes305 Sep 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@inaz2

proxy2.py
epoch = "%d" % (time.time() * 1000)
p1 = Popen(["openssl", "req", "-new", "-key", self.certkey, "-subj", "/CN=%s" % hostname], stdout=PIPE)
p2 = Popen(["openssl", "x509", "-req", "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-out", certpath], stdin=p1.stdout, stderr=PIPE)
p2 = Popen(["openssl", "x509", "-req", "-extfile", confpath, "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-sha512", "-out", certpath], stdin=p1.stdout, stderr=PIPE)
Copy link

@Jaymes305 Jaymes305 Sep 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

H

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Jaymes305 Jaymes305 Jaymes305 requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@j31d0 @Nibba2018 @Jaymes305