Several clients throw TLSV1_ALERT_UNKNOWN_CA alert. Example:
cloudresourcemanager.googleapis.com
Several clients throw ssl.SSLEOFError EOF occurred in violation of protocol (_ssl.c:997) alert. Example:
gateway.icloud.com
gs-loc.apple.com
p25-content.icloud.com
p57-content.icloud.com
Proxy should be able to auto-detect (which it already does when handling exceptions) such scenarios and bypass interception for such upstream endpoints.
We must also inspect the diff between upstream vs generated certificate. We must try to copy as much information as possible in generated certificates. E.g. list of all common names.
Several clients throw
TLSV1_ALERT_UNKNOWN_CA
alert. Example:Several clients throw
ssl.SSLEOFError EOF occurred in violation of protocol (_ssl.c:997)
alert. Example:Proxy should be able to auto-detect (which it already does when handling exceptions) such scenarios and bypass interception for such upstream endpoints.