Update Mockttp for wildcard client certs & SOCKS fixes

pimterry · pimterry · commit 49b180bb4518 · 2025-07-24T18:56:25.000+02:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -84,7 +84,7 @@
     "mime-types": "^2.1.27",
     "mobx": "^6.3.5",
     "mockrtc": "^0.5.0",
-    "mockttp": "^4.0.1",
+    "mockttp": "^4.1.0",
     "node-fetch": "^2.6.1",
     "node-forge": "^1.3.0",
     "node-gsettings-wrapper": "^0.5.0",
diff --git a/src/client/http-client.ts b/src/client/http-client.ts
@@ -10,7 +10,6 @@ import * as https from 'https';
 import type * as Mockttp from 'mockttp';
 import {
     getDnsLookupFunction,
-    shouldUseStrictHttps,
     getUpstreamTlsOptions as getUpstreamMockttpTlsOptions
 } from 'mockttp/dist/rules/passthrough-handling';
 import { getAgent } from 'mockttp/dist/rules/http-agents';
@@ -58,15 +57,6 @@ export class HttpClient {
         JSON.stringify(dnsServers)
     );
 
-    getCaConfig(additionalCAs?: Array<{ cert: string }>) {
-        if (!additionalCAs) return {};
-        else return {
-            ca: tls.rootCertificates.concat(
-                additionalCAs.map(({ cert }) => cert)
-            )
-        };
-    }
-
     async sendRequest(
         requestDefn: RequestDefinition,
         options: RequestOptions
@@ -78,16 +68,7 @@ export class HttpClient {
         // here, since the UI controls the passthrough options directly already.
 
         const effectivePort = getEffectivePort(url);
-
-        const strictHttpsChecks = shouldUseStrictHttps(
-            url.hostname!,
-            effectivePort,
-            options.ignoreHostHttpsErrors ?? []
-        );
-        const caConfig = this.getCaConfig(
-            options.additionalTrustedCAs ||
-            options.trustAdditionalCAs
-        );
+        const additionalCAs = options.additionalTrustedCAs || options.trustAdditionalCAs;
 
         const agent = await getAgent({
             protocol: url.protocol as 'http:' | 'https:',
@@ -107,9 +88,18 @@ export class HttpClient {
             lookup: this.getDns(options.lookupOptions?.servers),
 
             // TLS options (should be effectively identical to Mockttp's passthrough config)
-            ...getUpstreamMockttpTlsOptions(strictHttpsChecks),
-            ...caConfig,
-            ...options.clientCertificate
+            ...getUpstreamMockttpTlsOptions({
+                hostname: url.hostname!,
+                port: effectivePort,
+
+                ignoreHostHttpsErrors: options.ignoreHostHttpsErrors ?? [],
+                clientCertificateHostMap: options.clientCertificate
+                    ? { '*': options.clientCertificate }
+                    : {},
+                trustedCAs: additionalCAs
+                    ? tls.rootCertificates.concat(additionalCAs.map(({ cert }) => cert))
+                    : undefined
+            })
         });
 
         options.abortSignal?.addEventListener('abort', () => {
