fix(mitm): bound generated leaf certificate cache#1371
Open
maybeknott wants to merge 1 commit into
Open
Conversation
The MITM certificate manager caches generated rustls ServerConfig instances by domain so repeated HTTPS interception does not regenerate a leaf certificate for every connection. That cache was an unbounded HashMap, so long-running sessions that touched many hostnames could retain every generated leaf configuration until process exit. Add an explicit leaf-cache capacity and maintain a small LRU order alongside the existing domain map. Cache hits refresh their eviction position, replacements remove stale order entries, and inserts evict the oldest cached domain once the configured capacity is reached. The default limit keeps hot domains reusable while preventing unbounded growth in generated certificate chains, private-key material wrapped in rustls configs, and per-domain server state. Add focused tests for capacity eviction and hit-refresh behavior using a reduced test capacity. The public MITM API, CA storage layout, generated leaf contents, ALPN settings, and certificate validity rules remain unchanged; only cache retention policy changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The MITM certificate manager caches generated rustls ServerConfig instances by domain so repeated HTTPS interception does not regenerate a leaf certificate for every connection. That cache was an unbounded HashMap, so long-running sessions that touched many hostnames could retain every generated leaf configuration until process exit.
Add an explicit leaf-cache capacity and maintain a small LRU order alongside the existing domain map. Cache hits refresh their eviction position, replacements remove stale order entries, and inserts evict the oldest cached domain once the configured capacity is reached. The default limit keeps hot domains reusable while preventing unbounded growth in generated certificate chains, private-key material wrapped in rustls configs, and per-domain server state.
Add focused tests for capacity eviction and hit-refresh behavior using a reduced test capacity. The public MITM API, CA storage layout, generated leaf contents, ALPN settings, and certificate validity rules remain unchanged; only cache retention policy changes.