-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mitmproxy ios certificate #1
Comments
Hey Yannik, That's odd - we definitely generate these certs with a far-future expiry date. I've just generated and regenerated using mitmproxy, and it works for me. What version of OpenSSL are you using? Which platform are you on? Is there anything else odd about your configuration? Are you using a checkout from trunk? Cheers, Aldo |
Hey, Platform: Debian GNU/Linux 6.01 Nothing odd about it, it's just a clean install of debian ;-) I just used this release: http://mitmproxy.org/download/mitmproxy-0.4.tar.gz My iOS version is 4.3.3 -----Ursprüngliche Nachricht----- Hey Yannik, That's odd - we definitely generate these certs with a far-future expiry date. I've just generated and regenerated using mitmproxy, and it works for me. What version of OpenSSL are you using? Which platform are you on? Is there anything else odd about your configuration? Are you using a checkout from trunk? Cheers, Aldo Reply to this email directly or view it on GitHub: |
Yannik, Could you please try this with a current checkout of the code? I'm totally unable to reproduce this - I even went so far as to do a Debian install to see if it acts differently! Aldo |
Hi, i installed it all over again, but the 'Valid until' date is still in 1902 :( -----Ursprüngliche Nachricht----- Yannik, Could you please try this with a current checkout of the code? I'm totally unable to reproduce this - I even went so far as to do a Debian install to see if it acts differently! Aldo Reply to this email directly or view it on GitHub: |
It is valid from 19.06.2011 (today) until 28.09.1902. Any ideas? -----Ursprüngliche Nachricht----- Yannik, Could you please try this with a current checkout of the code? I'm totally unable to reproduce this - I even went so far as to do a Debian install to see if it acts differently! Aldo Reply to this email directly or view it on GitHub: |
Content of the certificate: -----BEGIN CERTIFICATE----- |
Hmm... Do you see the same notAfter date on the CA cert? If you do, I might send you some commands to manually generate a cert in the same way mitmproxy does, so we can try to get to the bottom of this. Thanks for helping me track this down! |
Yeah, the mitmproxy-ca.pem & mitmproxy-ca-cert.pem valid until date is completely the same. |
I do believe we've hit a 2038 overflow bug in your version of OpenSSL here. On Tue, Jun 21, 2011 at 3:49 AM, Yannik <
Aldo Cortesi |
Nope, this did not change anything. New utils.py: http://pastebin.com/A7DcCZSp |
@cortesi - thanks, I'm new to the product using cygwin on windows 7, openssl 0.9.8r. Initially only mitmproxy-ca.pem was created with an expired 1902 date. Tried running openssl by hand with 9999 and sure enough the new certificates have also expired! Assuming that the bug is in openssl 0.9.8r?? Following your advice, changed each 9999 to 365 in utils.py, ran setup.py clean, setup.py install, deleted contents of ~/.mitm-proxy then reran mitmproxy. This time mitmproxy-ca-cert.p12, mitmproxy-ca-cert.pem, mitmproxy-ca.pem were created each with valid expiry dates. I'm happy! |
Mark - that's good to hear. I'll drop the default certificate expiry time to something like 3 years to try to avoid this OpenSSL bug. Yannik - could you please re-try Mark's method and see if you still have the problem? Remember to clear the ~/.mitmproxy directory and then restart to re-create the certificates. |
Okay, I will try it again. I will inform you about the result later. |
Yep, that fixed it! I had to edit it before using setup.py. Thanks alot! Great project :-) |
Hey chaps, Just committed a change that drops the cert expiry date to 3 years. I'm re-opening this issue because I'd like to double-check that this doesn't trigger the OpenSSL bug. Could one of you please check for me? Thanks a lot, Aldo |
Yep, works like a charm :-) |
Thanks, Yannik. |
Merge pull request #371 from tekii/master
Fix cert generation if confdir is relative
* feat(cibuild): add buildx multi arch builds * chore: add changelog for arm64 * temporarily enable docker ci job for PRs * Update cibuild.py * Update cibuild.py * chore(cibuild): create docker-container xbuilder * chore(cibuild): fix lint * temporarily remove run check to see error message * Update cibuild.py * Update cibuild.py * Update cibuild.py * Update main.yml * Update main.yml * Update main.yml * Update cibuild.py * Update cibuild.py * Update Dockerfile * cleanup #1 * next test * move to test branch * fixup * now upload * enable armv6/7 * use multi-stage build to reduce image size * armv7? * drop armv6/armv7 Co-authored-by: Niels Hofmans <hello@ironpeak.be>
Cerifitcate expires in 1902 and is not working.
http://imageshack.us/m/405/2772/img0974.png
Download cert here:
http://www.mediafire.com/?gcosyenvi03m733
The text was updated successfully, but these errors were encountered: