【问题标题】:mitmproxy and ec2-api-toolsmitmproxy 和 ec2-api-tools
【发布时间】:2013-08-04 04:07:36
【问题描述】:

我无法让 mitmproxy 使用 ec2-api-tools。

在一个终端中,我这样做了:

$ mitmproxy -p 8080

在另一个方面,我做到了:

$ export EC2_JVM_ARGS="-DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8080 -Dhttps.proxySet=true -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8080"
$ ec2-describe-instances

我收到以下错误:

Unexpected error:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:401)
    at org.apache.commons.httpclient.contrib.amazon.ssl.StrictSSLProtocolSocketFactory.verifyHostname(StrictSSLProtocolSocketFactory.java:369)
    at org.apache.commons.httpclient.contrib.amazon.ssl.StrictSSLProtocolSocketFactory.createSocket(StrictSSLProtocolSocketFactory.java:241)
    at org.apache.commons.httpclient.HttpConnection.tunnelCreated(HttpConnection.java:786)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.tunnelCreated(MultiThreadedHttpConnectionManager.java:1521)
    at org.apache.commons.httpclient.HttpMethodDirector.executeConnect(HttpMethodDirector.java:514)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:391)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.codehaus.xfire.transport.http.CommonsHttpMessageSender.send(CommonsHttpMessageSender.java:369)
    at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:123)
    at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
    at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
    at org.codehaus.xfire.client.Client.invoke(Client.java:336)
    at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
    at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
    at com.sun.proxy.$Proxy12.describeInstances(Unknown Source)
    at com.amazon.aes.webservices.client.Jec2Impl.describeInstances(Jec2Impl.java:1517)
    at com.amazon.aes.webservices.client.Jec2Impl.describeInstances(Jec2Impl.java:1492)
    at com.amazon.aes.webservices.client.cmd.DescribeInstances.invokeOnline(DescribeInstances.java:58)
    at com.amazon.aes.webservices.client.cmd.BaseCmd.invoke(BaseCmd.java:1040)
    at com.amazon.aes.webservices.client.cmd.DescribeInstances.main(DescribeInstances.java:67)

我在 OS X 上运行,并且我已将钥匙串配置为信任 mitmproxy-ca-cert.pem 证书。

【问题讨论】:

    标签: ssl amazon-ec2 mitmproxy


    【解决方案1】:

    感谢 Thomas Orozco 的回答和this mitmproxy issue

    sudo keytool -importcert -alias mitmproxy -storepass "changeit" \
      -keystore /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts \
      -trustcacerts -file ~/.mitmproxy/mitmproxy-ca-cert.pem
    

    【讨论】:

      【解决方案2】:

      您必须将 MITM 代理证书添加到 Java 正在使用的证书存储中,这可能不是 OS X 的钥匙串。

      您应该可以为此使用 keytool:http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html

      【讨论】:

      • 您能否详细介绍一下如何使用此工具导入证书?我做了keytool -importcert -file ~/.mitmproxy/mitmproxy-ca-cert.pem -alias mitmproxy,但我仍然遇到同样的错误。
      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2011-02-08
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-11-23
      • 1970-01-01
      • 2022-01-10
      相关资源
      最近更新 更多