Make the CA details and filename configurable #5386
Comments
|
Not providing these options has been an intentional strategic decision, we don't want to make it overly easy to hide that mitmproxy is intercepting a connection. It lowers the bar for not-so-skilled attackers, while providing no tangible benefit to our own users. |
|
I never looked at it this way, makes sense. I don't think this applies to
I don't want to hide it, I want to avoid confusion and improve the experience. If anything I want to make it more clear what is intercepting the connection. I'd be totally fine with if you set |
Agreed, basename is fine.
This is something I'd definitely be happy to support. Contributions welcome. :) |
|
Great, I'll reopen this and will look into it within the next weeks or years 😄 . Apart from the hardcoded |
Problem Description
I'm wrapping mitmproxy and I want to avoid confusion by not calling my root certs
mitmproxy-ca.pemetc. And also by not having my root cert be issued bymitmproxy. So that if you're also usingmitmproxyit's clear which is which.Proposal
CONF_BASENAMElooks like it's almost meant to be an option here:mitmproxy/mitmproxy/options.py
Line 7 in 8f23a26
and the
organizationandcnarguments are already there, but unused in our codebase:mitmproxy/mitmproxy/certs.py
Line 393 in 8f23a26
I think having these three things be configurable would already be amazing.
Would we want something like
ca_basename,ca_organizationandca_cnin core?Alternatives
I'm aware of https://docs.mitmproxy.org/stable/concepts-certificates/#using-a-custom-certificate-authority but I'd rather have mitmproxy manage the cert for me. It would also still look for the same filename.
The text was updated successfully, but these errors were encountered: