support for mitm ca chain

elazarl · Apr 5, 2024 · 3d7cc42 · 3d7cc42
1 parent f0e6940
commit 3d7cc42
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/https.go b/https.go
@@ -483,6 +483,11 @@ func (proxy *ProxyHttpServer) NewConnectDialToProxyWithMoreHandlers(https_proxy
 }
 
 func TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *ProxyCtx) (*tls.Config, error) {
+	ca.Certificate = [][]byte{ca.Certificate[0]}
+	return TLSConfigFromCANative(ca)
+}
+
+func TLSConfigFromCANative(ca *tls.Certificate) func(host string, ctx *ProxyCtx) (*tls.Config, error) {
 	return func(host string, ctx *ProxyCtx) (*tls.Config, error) {
 		var err error
 		var cert *tls.Certificate

diff --git a/signer.go b/signer.go
@@ -96,8 +96,10 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er
 	if derBytes, err = x509.CreateCertificate(&csprng, &template, x509ca, certpriv.Public(), ca.PrivateKey); err != nil {
 		return
 	}
+	certBytes := [][]byte{derBytes}
+	certBytes = append(certBytes, ca.Certificate...)
 	return &tls.Certificate{
-		Certificate: [][]byte{derBytes, ca.Certificate[0]},
+		Certificate: certBytes,
 		PrivateKey:  certpriv,
 	}, nil
 }