Add option to not run as system proxy and do not install self-signed cert #530
Conversation
|
Nice start! Let's see how the code changes after we rename options to be "positive". |
There was a problem hiding this comment.
It seems like we changed something that we shouldn't have...
After building the code from this PR, when I run proxy with the default options, I'm getting a cert issue, even though it's already trusted on my machine:
If I build the code from main, all is working as intended.
Let's see what's changed and why with these changes, previously trusted certificates no longer work.
|
That's odd maybe it's loading the wrong cert for the endpoint Unfortunately i only have a linux and windows environment to test. |
No worries, x-plat dev is hard with the different permutations and specifics. I'll dig into it and report back. |
This line seems indeed to be the culprit. When I remove it, all works as intended. I'll dig deeper as to what's special about it |
|
If I look at the code before this PR, then |
|
If I remove this line |
|
I added that line because otherwise public void Start(bool changeSystemProxySettings = true)
{
// ...
SetThreadPoolMinThread(ThreadPoolWorkerThread);
if (ProxyEndPoints.OfType<ExplicitProxyEndPoint>().Any((ExplicitProxyEndPoint x) => x.GenericCertificate == null))
{
CertificateManager.EnsureRootCertificate();
}
// ...
}Maybe we could change it to the following? if (_config.InstallCert)
{
_proxyServer.CertificateManager.EnsureRootCertificate();
}
else
{
_explicitEndPoint.GenericCertificate = _proxyServer.CertificateManager.LoadRootCertificate();
} |
Let's try. Could you please update your code and see if it works properly on Windows? I'll then verify it on mac. I appreciate your help 👏 |
|
Ok, i've tested it with the changes under windows:
I've restarted powershell and removed the installed cert after each test. PS: Thanks for testing it on mac, as you mentioned x-plat dev is really painful |
|
Thanks for the detailed tests! I'll run the same on mac to compare the results and will report back |
Adds the following two options:
--do-not-act-as-system-proxy-Do not set the proxy as system proxy--do-not-install-self-signed-cert-Do not install self-signed certificateThe option
--do-not-install-self-signed-certdepends on--do-not-act-as-system-proxyand will return the following error message when it's called without it:Requires option '--do-not-act-as-system-proxy' to be 'true'That's due to
_proxyServer.SetAsSystemHttpsProxy(_explicitEndPoint)which internally callsCertificateManager.EnsureRootCertificate()whenProxyProtocolType.Httpsis set.