Comments (17)
Hey Yannik,
That's odd - we definitely generate these certs with a far-future expiry date. I've just generated and regenerated using mitmproxy, and it works for me.
What version of OpenSSL are you using? Which platform are you on? Is there anything else odd about your configuration? Are you using a checkout from trunk?
Cheers,
Aldo
from mitmproxy.
Hey,
Platform: Debian GNU/Linux 6.01
OpenSSL: OpenSSL 0.9.8o 01 Jun 2010
Python: Python 2.6.6
Nothing odd about it, it's just a clean install of debian ;-)
I just used this release: http://mitmproxy.org/download/mitmproxy-0.4.tar.gz
My iOS version is 4.3.3
-----Ursprüngliche Nachricht-----
Von: cortesi [mailto:[email protected]]
Gesendet: Dienstag, 24. Mai 2011 05:00
An: [email protected]
Betreff: Re: [mitmproxy] mitmproxy ios certificate (#1)
Hey Yannik,
That's odd - we definitely generate these certs with a far-future expiry date. I've just generated and regenerated using mitmproxy, and it works for me.
What version of OpenSSL are you using? Which platform are you on? Is there anything else odd about your configuration? Are you using a checkout from trunk?
Cheers,
Aldo
Reply to this email directly or view it on GitHub:
cortesi#1 (comment)
from mitmproxy.
Yannik,
Could you please try this with a current checkout of the code? I'm totally unable to reproduce this - I even went so far as to do a Debian install to see if it acts differently!
Aldo
from mitmproxy.
Hi,
i installed it all over again, but the 'Valid until' date is still in 1902 :(
-----Ursprüngliche Nachricht-----
Von: cortesi [mailto:[email protected]]
Gesendet: Samstag, 11. Juni 2011 05:29
An: [email protected]
Betreff: Re: [mitmproxy] mitmproxy ios certificate (#1)
Yannik,
Could you please try this with a current checkout of the code? I'm totally unable to reproduce this - I even went so far as to do a Debian install to see if it acts differently!
Aldo
Reply to this email directly or view it on GitHub:
cortesi#1 (comment)
from mitmproxy.
It is valid from 19.06.2011 (today) until 28.09.1902.
Any ideas?
-----Ursprüngliche Nachricht-----
Von: cortesi [mailto:[email protected]]
Gesendet: Samstag, 11. Juni 2011 05:29
An: [email protected]
Betreff: Re: [mitmproxy] mitmproxy ios certificate (#1)
Yannik,
Could you please try this with a current checkout of the code? I'm totally unable to reproduce this - I even went so far as to do a Debian install to see if it acts differently!
Aldo
Reply to this email directly or view it on GitHub:
cortesi#1 (comment)
from mitmproxy.
Content of the certificate:
-----BEGIN CERTIFICATE-----
MIICfzCCAeigAwIBAgIJAOZ2xv4/Jg3/MA0GCSqGSIb3DQEBBQUAMCgxEjAQBgNV
BAoTCW1pdG1wcm94eTESMBAGA1UEAxMJbWl0bXByb3h5MCAXDTExMDYxOTE2Mjgy
MFoYDzE5MDIwOTI4MTAwMDA0WjAoMRIwEAYDVQQKEwltaXRtcHJveHkxEjAQBgNV
BAMTCW1pdG1wcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyNMkgJN5
aeAXjCBcOB1D6qqiRqC4Vk2y10mZxfg8MEou43HPx/evc4hxRTDAG/sSaUki1aie
wNcWxCzBn7B2a3kUWG9tV5jb3eAxIenPJdRzWQpdkSGNnD01jFSubzywgF0cZIN7
EsclX6xDsS/v90opPikJ3ZUiJg3kVe4J2l0CAwEAAaOBrjCBqzAPBgNVHRMBAf8E
BTADAQH/MAsGA1UdDwQEAwIBBjB4BgNVHSUEcTBvBggrBgEFBQcDAQYIKwYBBQUH
AwIGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYK
KwYBBAGCNwoDAQYKKwYBBAGCNwoDAwYKKwYBBAGCNwoDBAYJYIZIAYb4QgQBMBEG
CWCGSAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQUFAAOBgQClfjV1lNjPLmL5gkLC
y7Sep780aSq1Sn2OIFNg7mgvXd1I5seppz4tykCBPckES9KA8tAMiBDd/0BVAS9U
StchZYzO6HK3ugCIo38d7qF2XAmABB1lukomiAV3Bw6nUD9d+HsEAWBg7JJJoMs0
ZeqQP4tkXIyHmyhpbigAiyZAtA==
-----END CERTIFICATE-----
from mitmproxy.
Hmm... Do you see the same notAfter date on the CA cert? If you do, I might send you some commands to manually generate a cert in the same way mitmproxy does, so we can try to get to the bottom of this. Thanks for helping me track this down!
from mitmproxy.
Yeah, the mitmproxy-ca.pem & mitmproxy-ca-cert.pem valid until date is completely the same.
from mitmproxy.
I do believe we've hit a 2038 overflow bug in your version of OpenSSL here.
Could you try an experiment for me? In utils.py, change all the occurances
of 9999 to something lower, say, 100, and see if that fixes things. If so,
we've hit an interesting overflow problem...
On Tue, Jun 21, 2011 at 3:49 AM, Yannik <
[email protected]>wrote:
Yeah, the mitmproxy-ca.pem & mitmproxy-ca-cert.pem valid until date is
completely the same.Reply to this email directly or view it on GitHub:
cortesi#1 (comment)
Aldo Cortesi
www.nullcube.com
+64 210 718 900
from mitmproxy.
Nope, this did not change anything.
New utils.py: http://pastebin.com/A7DcCZSp
from mitmproxy.
@cortesi - thanks, I'm new to the product using cygwin on windows 7, openssl 0.9.8r. Initially only mitmproxy-ca.pem was created with an expired 1902 date. Tried running openssl by hand with 9999 and sure enough the new certificates have also expired! Assuming that the bug is in openssl 0.9.8r??
Following your advice, changed each 9999 to 365 in utils.py, ran setup.py clean, setup.py install, deleted contents of ~/.mitm-proxy then reran mitmproxy. This time mitmproxy-ca-cert.p12, mitmproxy-ca-cert.pem, mitmproxy-ca.pem were created each with valid expiry dates. I'm happy!
from mitmproxy.
Mark - that's good to hear. I'll drop the default certificate expiry time to something like 3 years to try to avoid this OpenSSL bug.
Yannik - could you please re-try Mark's method and see if you still have the problem? Remember to clear the ~/.mitmproxy directory and then restart to re-create the certificates.
from mitmproxy.
Okay, I will try it again. I will inform you about the result later.
from mitmproxy.
Yep, that fixed it! I had to edit it before using setup.py. Thanks alot! Great project :-)
from mitmproxy.
Hey chaps,
Just committed a change that drops the cert expiry date to 3 years. I'm re-opening this issue because I'd like to double-check that this doesn't trigger the OpenSSL bug. Could one of you please check for me?
Thanks a lot,
Aldo
from mitmproxy.
Yep, works like a charm :-)
from mitmproxy.
Thanks, Yannik.
from mitmproxy.
Related Issues (20)
- Mitmproxy unusably slow with large responses in reverse mode HOT 10
- Transparent mode on Windows Server 2022 (AWS) HOT 4
- mac m1 | protobuf<3.19,>=3.14| only 3 can be used at least 20 HOT 3
- Wireguard mode with MITM with docker container doesn't work HOT 8
- mitmdump crashes on dns requests in reverse proxy mode HOT 2
- Windows MSI installer does not clear old ARP entries on version upgrade
- allow_hosts doesnt work HOT 1
- upstream:https failed HOT 10
- DHCP failure in Local Redirect mode (Windows) HOT 2
- MacOS reduce disk space HOT 4
- support view zstd content on mitmweb HOT 1
- Exiting mitmdump via ctrl+c can "crash" it HOT 3
- Export tab not working on Safari HOT 6
- zstd decompression failure HOT 3
- The CPU of mitmproxy deployed by docker is too high, reaching 100%! HOT 3
- DOC: certificate for IOS emulator entry is useless HOT 1
- log only a part of a request
- mitmproxy works for any known url but not for one and says 502 Bad Gateway Certificate verify failed: unable to get local issuer certificate HOT 2
- BYPASS IDEA FOR REQUESTS FOR PINNED CERTS | [ Android | Iphone ]
- DNS message parsing issue
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mitmproxy.