Comments (8)
It looks like like the certificate generation has some issues. The certificates it is generating are using the same fingerprints/public keys for multiple websites. For example google and githubs certificates are the same. I am attaching the certificates that are output from the proxy. This issue is causing Firefox to fail on all sites with "SEC_ERROR_REUSED_ISSUER _AND_SERIAL". I have tested with base build and boringssl.
www.google.com.pem.txt
github.com.pem.txt
from g3.
yes, currently g3fcgen use a single private key for all cert generation.
I will fix this after back to work.
For production usage you may want to use a custom cert generator, as long as it follows the protocol described here https://github.com/bytedance/g3/blob/master/g3proxy/doc/protocol/helper/cert_generator.rst.
from g3.
I have updated g3fcgen to use different serial for each cert generation.
Firefox now can work with http1. I have to spend more time to investigate why h2 streams get timed out.
from g3.
I have removed the h2 server push feature and firefox can work now with h2 enabled.
Also note that the replacement feature - 103 Early Hints, is currently not supported by the h2 crate (ignored silently).
from g3.
Thanks! Being able to use g3fcgen would be ideal as for the long term use of the project (in production). If we compare to something like squid etc they all have the functionality built in. Being able to leverage the same code/libraries is very useful to make sure there is no conflicts on functionality/support of encryption methods etc.
Is there a different cert generator that you have been using?
from g3.
Being able to use g3fcgen would be ideal as for the long term use of the project (in production). If we compare to something like squid etc they all have the functionality built in. Being able to leverage the same code/libraries is very useful to make sure there is no conflicts on functionality/support of encryption methods etc.
The current way is just the same as squid's helper program by providing a default implementation while still make it possible to use another one if you want cert cache, or hardware acceleration or any other features.
Is there a different cert generator that you have been using?
Yes we use another one in the initial test which bind more tightly to our infrastructure.
from g3.
That makes sense. I wasnt sure if there was a a better one I should be using. The fixes you made though have been working great! Thanks!
from g3.
Following up on this. The changes made have been working perfectly. This can be closed.
Thank you again my friend.
from g3.
Related Issues (20)
- 请教完整的tlcp代理示例 HOT 3
- g3proxy: Ability to change ClientHello sent to upstream server HOT 18
- Track upstream features that we want to use
- Docker container support HOT 2
- 配置文件存放路径文档不对 HOT 2
- Documentation Improvements HOT 3
- ICAP issues HOT 3
- Bump g3fcgen version to v0.6.3 release HOT 1
- Feature Request: Full remote certificate inspection and duplication for TLS MITM HOT 2
- Allow hostnames in the config HOT 5
- Issues with TLS Stream Dump HOT 3
- g3-io-ext 编译出错 HOT 2
- Ability to disable HTTP2 connections? HOT 3
- How do I add an upstream certificate for proxy chaining? HOT 2
- G3 panics in src/g3proxy/src/inspect/stream/object.rs HOT 1
- Certain sites fail to load if browser is using HTTP1 via G3proxy HOT 4
- G3proxy is unable to connect to g3fcgen on MacOS
- 希望能在socks5认证时动态设置上级代理 HOT 1
- steal_forwarded_for is not respected/working for http_proxy HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from g3.