search

omjadas / hudsucker

Intercepting HTTP/S proxy
https://crates.io/crates/hudsucker
Apache License 2.0
206 stars 35 forks source link

[Bug] Lack of appropriate CN in site's certificates signed with RCgen CA #39

Closed sinKettu closed 1 year ago

sinKettu commented 1 year ago

Hello! The issue is pretty simple. If certificate for a site created with OpensslAuthority, this authority sets CN to DNS name of site: https://github.com/omjadas/hudsucker/blob/main/src/certificate_authority/openssl_authority.rs#L74

But RcgenAuthority does not do that, it places DNS name only in Alt Names: https://github.com/omjadas/hudsucker/blob/main/src/certificate_authority/rcgen_authority.rs#L85

This issue leads to browsers reject certificates signed with RcgenAuthority, because there is no appropriate CN.

I would like to request a fix for this, please. Probably, I could do a pull-request, but I have not enough free time :(

omjadas commented 1 year ago

Sorry, I only just saw this issue. I have just released v0.19.0 which fixes this.

sinKettu commented 1 year ago

Nice! Thank you.