Fix upstream proxy trust of configured CAs

Author: pimterry

package-lock.json

@@ -104,7 +104,7 @@
     "mobx-shallow-undo": "^1.0.0",
     "mobx-utils": "^5.1.0",
     "mockrtc": "^0.3.1",
-    "mockttp": "^3.13.0",
+    "mockttp": "^3.15.0",
     "monaco-editor": "^0.27.0",
     "node-forge": "^1.3.0",
     "openapi-directory": "^1.3.0",

package.json

@@ -293,7 +293,7 @@ export class RulesStore {
     get activePassthroughOptions(): requestHandlers.PassThroughHandlerOptions {
         const options: requestHandlers.PassThroughHandlerOptions = { // Check the type to catch changes
             ignoreHostHttpsErrors: this.whitelistedCertificateHosts,
-            trustAdditionalCAs: this.additionalCaCertificates.map((cert) => ({ cert: cert.rawPEM })),
+            additionalTrustedCAs: this.additionalCaCertificates.map((cert) => ({ cert: cert.rawPEM })),
             clientCertificateHostMap: _.mapValues(this.clientCertificateHostMap, (cert) => ({
                 pfx: Buffer.from(cert.pfx),
                 passphrase: cert.passphrase
@@ -332,7 +332,10 @@ export class RulesStore {
                 // Localhost proxy config is ignored
                 return 'ignored';
             } else {
-                return systemProxyConfig;
+                return {
+                    ...systemProxyConfig,
+                    additionalTrustedCAs: this.additionalCaCertificates.map((cert) => ({ cert: cert.rawPEM }))
+                };
             }
         } catch (e) {
             console.log("Could not parse proxy", proxyUrl);
@@ -353,7 +356,8 @@ export class RulesStore {
         } else {
             return {
                 proxyUrl: `${this.upstreamProxyType}://${this.upstreamProxyHost!}`,
-                noProxy: this.upstreamNoProxyHosts
+                noProxy: this.upstreamNoProxyHosts,
+                additionalTrustedCAs: this.additionalCaCertificates.map((cert) => ({ cert: cert.rawPEM }))
             };
         }
     }

src/model/rules/rules-store.ts

@@ -139,6 +139,8 @@ export interface RequestDefinition {
 
 export interface RequestOptions {
     ignoreHostHttpsErrors?: string[] | boolean;
+    additionalTrustedCAs?: Array<{ cert: string }>;
+    /** @deprecated alias for additionalTrustedCAs */
     trustAdditionalCAs?: Array<{ cert: string }>;
     clientCertificate?: { pfx: Buffer, passphrase?: string };
     proxyConfig?: ClientProxyConfig;

src/model/send/send-request-model.ts

@@ -160,11 +160,14 @@ export class SendStore {
                 passthroughOptions.clientCertificateHostMap?.[url.hostname!] ||
                 undefined;
 
+            const additionalCACerts = this.rulesStore.additionalCaCertificates.map((cert) =>
+                ({ cert: cert.rawPEM })
+            );
+
             const requestOptions = {
                 ignoreHostHttpsErrors: passthroughOptions.ignoreHostHttpsErrors,
-                trustAdditionalCAs: this.rulesStore.additionalCaCertificates.map((cert) =>
-                    ({ cert: cert.rawPEM })
-                ),
+                additionalCACerts: additionalCACerts,
+                trustAdditionalCAs: additionalCACerts, // Deprecated alias, here for backward compat
                 clientCertificate,
                 proxyConfig: getProxyConfig(this.rulesStore.proxyConfig),
                 lookupOptions: passthroughOptions.lookupOptions