Open ajcypherint opened 3 years ago
delete this.
@ajcypherint can't you just change goproxy GoproxyCa
to your liking?
Yes. Close this issue. The problem was with our internal certificate.
On Mon, Sep 13, 2021, 2:35 AM Elazar Leibovich @.***> wrote:
@ajcypherint https://github.com/ajcypherint can't you just change goproxy GoproxyCa to your liking?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/elazarl/goproxy/issues/449#issuecomment-917884612, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMFSSNSRSCM7N3YB5BKWBY3UBWLU7ANCNFSM5C6OZFLQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Since the GoproxyCa is a global variable it adds it self to the tlsConfig.Certificates it will break a custom MITM CA. This part of the code loads the hard coded cert and breaks custom CA.
initial load of global
All new Custom CA are then Appended to the .Certificates instead of replacing .Certificate array element 0. append
If you want a custom CA to work define your own
TLSConfigFromCA
that removes the first certificate https://github.com/elazarl/goproxy/blob/8e322dfb79c43cc078201ade94238d8c7191dfe7/https.go#L447by adding after above line
thus removing the offending certificate so maybe: