Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3274 from muffl0n/shorten_notAfter_to_90_days 

Add DEFAULT_EXP_DUMMY_CERT and set to two years
This commit is contained in:
Maximilian Hils 2018-07-31 13:34:02 +02:00 committed by GitHub
parent 5f3cbbb3cd 01e052be6a
commit ace0275b35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mitmproxy/certs.py
View File

@ -15,6 +15,7 @@ from mitmproxy.coretypes import serializable
# Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
DEFAULT_EXP = 94608000 # = 24 * 60 * 60 * 365 * 3
DEFAULT_EXP_DUMMY_CERT = 63072000 # = 2 years
# Generated with "openssl dhparam". It's too slow to generate this on startup.
DEFAULT_DHPARAM = b"""
@ -101,7 +102,7 @@ def dummy_cert(privkey, cacert, commonname, sans):
cert = OpenSSL.crypto.X509()
cert.gmtime_adj_notBefore(-3600 * 48)
cert.gmtime_adj_notAfter(DEFAULT_EXP)
cert.gmtime_adj_notAfter(DEFAULT_EXP_DUMMY_CERT)
cert.set_issuer(cacert.get_subject())
if commonname is not None and len(commonname) < 64:
cert.get_subject().CN = commonname