Set Client Cert as a cert bundle


#1

For testing purposes, I am attempting to set up a transparent TLS proxy for raw TCP between two devices that both have their own CAs. I am unable to load the opposing CA’s onto the devices for cert chain validation purposes. During every TLS handshake the devices send over both their leaf cert and CA so that the other can validate the whole chain. I have manually configure the mitmproxy-ca.pem to be the server’s CA and am using the option --certs *=cert.pem to manually configure the server’s leaf cert for the proxy. I’m also using the client_certs option so that the proxy sends over the client’s cert chain to the server. The problem is that despite setting the client cert to be a cert bundle including the leaf cert and CA the proxy only ever sends over the leaf cert to the server. Are pem files containing a vert chain not supported for the client_certs option. If they are not supported I am unable to use mitmproxy for these devices as the server will not receive the CA to validate the chain.