Error code: sec_error_unknown_critical_extension

[shitsecurity]

CA cert added with all permissions as described (http://mitmproxy.org/doc/certinstall/webapp.html) to iceweasel on debian wheezy w/ mitmdump 0.11.3.

$ mitmdump -w /tmp/dump -p 8080
127.0.0.1:38250: clientconnect
127.0.0.1:38250: NetLibSSLError([('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert bad certificate')],)
127.0.0.1:38250: clientdisconnect

HTTP mitm works as designated.

[mhils]

Did you use an old version of mitmproxy before? If so, please remove the CA&certs in ~/.mitmproxy and restart mitmproxy.

Cheers,
Max

[shitsecurity]

That seems to fix it, thanks!
Any plans on adding certificate (re)generation on updates or an explicit error message for these sort of scenarios? Or maybe improving the documentation, I don't believe this quirk is mentioned anywhere.

[mhils]

Any plans on adding certificate (re)generation on updates or an explicit error message for these sort of scenarios? Or maybe improving the documentation, I don't believe this quirk is mentioned anywhere.

This is not a general issue with upgrading mitmproxy. Old versions generated certs with a netscape extension, for which Iceweasel 31 removed support (see https://github.com/mitmproxy/netlib/issues/39).
Feel free to submit a pull request, I'd be happy to merge that in. If you google mitmproxy sec_error_unknown_critical_extension, it's the first hit, so that is our current workaround.

Cheers,
Max