Shows valid fake TLS certificate when the actual site has invalid certificates

[kliu128]

When a site being proxied has an invalid cert (e.g. https://wrong.host.badssl.com/ or any of the others on https://badssl.com), warcproxy still shows the nice valid green "Warcproxy CA on " certificate.

It would be nice (and much safer) if it checked for revoked/invalid certificates and showed a proxied invalid certificate.

The reason I'm asking is because I'm setting up a general-purpose proxy to archive all my web browsing, and I feel kind of unsafe without any protection against invalid certificates.

[nlevitt]

This is a problem I've been concerned about for a long time but hadn't considered the fact that it's solvable, so thanks for the idea! It will be a bit of work to implement because at the moment warcprox presents the certificate to the proxy client before opening a connection to the remote server. That's not the right way to do it anyway because we miss the chance to respond with a 502 to the CONNECT request, in case of an error connecting to the remote server. So this issue is good extra motivation for fixing.

I'm not sure when I'll have time to work on it. A pull request would accelerate the process. :)

[kliu128]

Cool! I too am pretty busy, but I'll see if I can try to get some working code for it ;)