I am trying to configure mitmproxy so that it accepts certain upstream server certificates that are not trusted by default.
I don't want to use the --ssl-insecure option as it totally disables all certificate checking for upstream connections.
I tried the option ssl_verify_upstream_trusted_ca which allows me to specify one PEM file where certificates are stored in, the problem is that using this option does not add those certificates as additionally trusted certificates, instead it replaces the list of trusted CA certificates. Therefore using this option mitmproxy does no longer trust the default CA certificates, only those I specify. As the default trusted CA certificates are specified by the OS and updated regularly I don't want to exclude them.
How can I specify a set of trusted root CA certificates for mitmproxy that are additionally trusted?
