[Privoxy-users] https inspection using intermediate CA
Fabian Keil
fk at fabiankeil.de
Mon Aug 8 10:02:45 UTC 2022
Chakib Benziane <contact at sp4ke.xyz> wrote on 2022-08-07 at 22:27:37:
> I am tring to use https inspection using a CA that is an intermediate
> not Root and the TLS handshake is failing between client and privoxy.
>
> I tracked down the problem to the generation of host certificates which
> sets the "Issuer" of the cert the same as the Issuer of the provided CA
> file. This works well when the provided CA the Root but in my case I
> want to use an Intermediate CA which is the only CA I deploy on my
> machines.
Thanks for tracking down the issue and letting us know.
> Is there a reason why you are copying the Issuer field from the CA to
> the host certificate ?
I haven't had time to look at the code yet, but often things are
done because they seem to work for the tested use cases.
> Why not set the Issuer of the generated certificate as the Subject of the CA
> file ? (see openssl.c L1984 - privoxy-3.0.33-stable)
Can you submit a patch so we can test if your proposed change
still works with other use cases?
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20220808/8c598e5a/attachment.bin>
More information about the Privoxy-users
mailing list