problem certificate ssl
Y-GM opened this issue · comments
#Describe the bug
I install certificate ssl, but some sites accept and others do not
[https://i.imgur.com/NrCoLJy.png]
#To Reproduce
Steps to reproduce the behavior:
python -m proxy.common.pki gen_private_key --private-key-path ca-key.der
python -m proxy.common.pki remove_passphrase --private-key-path ca-key.der
python -m proxy.common.pki gen_public_key --private-key-path ca-key.der --public-key-path ca-cert.der
python -m proxy.common.pki gen_private_key --private-key-path ca-signing-key.der
python -m proxy.common.pki remove_passphrase --private-key-path ca-signing-key.der
- Run "proxy --plugins proxy.plugin.CacheResponsesPlugin --ca-key-file ca-key.der --ca-cert-file ca-cert.der --ca-signing-key-file ca-signing-key.der"
- Do 'ssl.SSLError: [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:3895)' to trigger error
- https://i.imgur.com/2vFZt4s.png
#Version information
- OS: [e.g. Windows 10]
- Browser [e.g. Firefox]
- Device: [e.g. PC]
- proxy.py Version [e.g. 2.4.3]
#Screenshots
[https://i.imgur.com/NrCoLJy.png]
@Y-GM Certain clients will perform a server signature verification and reject the response if signature doesn't match.
Clients may even have these server signature hardcoded in clients or they may use out-of-band mechanism for server certificate verification. Irrespective, in such scenario you may end up seeing above errors.
Quoting from a SO thread https://stackoverflow.com/a/41658160
In our case, client is the browser and proxy.py
acting as a server (TLS interception). If client wishes, they can check for server signature and deduce that the received response from proxy.py
(server) doesn't match their expectations.