Tweak CA and cert setup to be nice to Windows.

For some reason Satan's Operating System doesn't join up the certification path
if the key identifiers are set to hash. This took a few hours of trial and
error to figure out.

2 files changed, 0 insertions, 8 deletions

diff --git a/libmproxy/resources/ca.cnf b/libmproxy/resources/ca.cnf
index c65c66c8..b1f93f92 100644
--- a/libmproxy/resources/ca.cnf
+++ b/libmproxy/resources/ca.cnf
@@ -9,8 +9,6 @@ organizationName                = mitmproxy
 commonName                      = mitmproxy
 
 [ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
 basicConstraints = critical,CA:true
 keyUsage = cRLSign, keyCertSign
 extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
@@ -27,8 +25,6 @@ basicConstraints = CA:false
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage=serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC
 nsCertType = server
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
 
 [ v3_cert_req ]
 basicConstraints = CA:false
diff --git a/libmproxy/resources/cert.cnf b/libmproxy/resources/cert.cnf
index 9afae09f..5f80c2d6 100644
--- a/libmproxy/resources/cert.cnf
+++ b/libmproxy/resources/cert.cnf
@@ -9,8 +9,6 @@ organizationName               = mitmproxy
 commonName                     = %(commonname)s
 
 [ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
 basicConstraints = critical,CA:true
 keyUsage = cRLSign, keyCertSign
 nsCertType = sslCA
@@ -24,8 +22,6 @@ nsCertType = sslCA
 basicConstraints = CA:false
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 nsCertType = server
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
 
 [ v3_cert_req ]
 basicConstraints = CA:false