zcrypto icon indicating copy to clipboard operation
zcrypto copied to clipboard

Published 20 hours ago verified publisher icon zmap

the cert browser is trusted, but zcrypto Invalid display certificate?

Open chushuai opened this issue 3 years ago • 1 comments

https://new-proxy.shunwang.com/

the cert browser is trusted, but zcrypto Invalid display certificate

image

image

chushuai avatar Jul 25 '22 10:07 chushuai

does not load system default certificate The zcrypto code
https://github.com/zmap/zcrypto/blob/master/x509/verify.go#L283

	if opts.Roots == nil {
		err = SystemRootsError{}
		return
	}

the golang crypto/tls


if opts.Roots == nil {
		opts.Roots = systemRootsPool()
		if opts.Roots == nil {
			return nil, SystemRootsError{systemRootsErr}
		}
	}

chushuai avatar Jul 26 '22 11:07 chushuai

I believe this is by design, to provide flexibility

If you desire the same behavior as the upstream golang tls, you should set opt.roots = systemRootsPool() when calling that function

mzpqnxow avatar Sep 07 '23 01:09 mzpqnxow

Yes, this is intentional. You must provide your own roots when using ZCrypto.

dadrian avatar Dec 18 '23 19:12 dadrian