New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make the CA details and filename configurable #5386
Comments
Not providing these options has been an intentional strategic decision, we don't want to make it overly easy to hide that mitmproxy is intercepting a connection. It lowers the bar for not-so-skilled attackers, while providing no tangible benefit to our own users. |
I never looked at it this way, makes sense. I don't think this applies to
I don't want to hide it, I want to avoid confusion and improve the experience. If anything I want to make it more clear what is intercepting the connection. I'd be totally fine with if you set |
Agreed, basename is fine.
This is something I'd definitely be happy to support. Contributions welcome. :) |
Great, I'll reopen this and will look into it within the next weeks or years 😄 . Apart from the hardcoded |
Problem Description
I'm wrapping mitmproxy and I want to avoid confusion by not calling my root certs
mitmproxy-ca.pem
etc. And also by not having my root cert be issued bymitmproxy
. So that if you're also usingmitmproxy
it's clear which is which.Proposal
CONF_BASENAME
looks like it's almost meant to be an option here:mitmproxy/mitmproxy/options.py
Line 7 in 8f23a26
and the
organization
andcn
arguments are already there, but unused in our codebase:mitmproxy/mitmproxy/certs.py
Line 393 in 8f23a26
I think having these three things be configurable would already be amazing.
Would we want something like
ca_basename
,ca_organization
andca_cn
in core?Alternatives
I'm aware of https://docs.mitmproxy.org/stable/concepts-certificates/#using-a-custom-certificate-authority but I'd rather have mitmproxy manage the cert for me. It would also still look for the same filename.
The text was updated successfully, but these errors were encountered: