search

NSX-Threat-Analysis-Unit / CVEX

CVEX is a framework for the reproducible exploitation of CVE vulnerabilities
0 stars 0 forks source link

mitmproxy's certificates are missing revocation URLs #16

Closed olegbck closed 1 month ago

olegbck commented 2 months ago

curl throws "The revocation function was unable to check revocation for the certificate":

vagrant@DESKTOP-SDENL4F C:\Users\vagrant>curl https://192.168.56.2 -v
*   Trying 192.168.56.2:443...
* Connected to 192.168.56.2 (192.168.56.2) port 443      
* schannel: disabled automatic use of client certificate 
* schannel: using IP address, SNI is not supported by OS.
* ALPN: curl offers http/1.1
* schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
* Closing connection
* schannel: shutting down SSL/TLS connection with 192.168.56.2 port 443
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

A browser, however, doesn't seem to care: image

The issue is described here and it is still not fixed: https://github.com/mitmproxy/mitmproxy/issues/3140

olegbck commented 2 months ago

Fixed here for Windows: https://github.com/NSX-Threat-Analysis-Unit/CVEX/commit/f8ce04008bc232b5da1c881361d05ab410e27af4