From b5ea374702a28ad24ef597b5990bb39d8f829775 Mon Sep 17 00:00:00 2001 From: neru Date: Wed, 13 May 2026 11:23:20 -0300 Subject: [PATCH] fix: misc changes on generateAndSaveCA --- src/proxy/tinymitm/ssl.cpp | 43 ++++++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/src/proxy/tinymitm/ssl.cpp b/src/proxy/tinymitm/ssl.cpp index 7904e3e..e6139f7 100644 --- a/src/proxy/tinymitm/ssl.cpp +++ b/src/proxy/tinymitm/ssl.cpp @@ -56,7 +56,7 @@ WOLFSSL_CTX* CertificateManager::createHostContext(const std::string& host) hostTrimmed.erase(hostTrimmed.find_last_not_of(" \t\r\n") + 1); /* - cert config + cert setup */ auto cert = std::make_unique(); memset(cert.get(), 0, sizeof(Cert)); @@ -150,49 +150,70 @@ bool CertificateManager::installCertificate() bool CertificateManager::generateAndSaveCA(const char* caName, int days, const std::string& certPath, const std::string& keyPath) { + /* + RSA + */ _caKey.reset(new RsaKey()); wc_InitRsaKey(_caKey.get(), nullptr); if (wc_MakeRsaKey(_caKey.get(), 2048, 65537, _rng.get()) != 0) return false; + /* + cert setup + */ auto cert = std::make_unique(); memset(cert.get(), 0, sizeof(Cert)); wc_InitCert(cert.get()); strncpy_s(cert->subject.commonName, sizeof(cert->subject.commonName), caName, _TRUNCATE); cert->isCA = 1; + cert->basicConstSet = 1; + cert->basicConstCrit = 1; cert->sigType = CTC_SHA256wRSA; cert->daysValid = days; + cert->keyUsage = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN; + cert->serialSz = 1; + cert->serial[0] = 1; + + /* + CA sign + */ _caCertDer.resize(4096); - int certLen = - wc_MakeCert(cert.get(), _caCertDer.data(), (word32)_caCertDer.size(), _caKey.get(), nullptr, _rng.get()); + int certLen = wc_MakeCert(cert.get(), _caCertDer.data(), static_cast(_caCertDer.size()), _caKey.get(), + nullptr, _rng.get()); if (certLen < 0) return false; - certLen = wc_SignCert(cert->bodySz, cert->sigType, _caCertDer.data(), (word32)_caCertDer.size(), _caKey.get(), - nullptr, _rng.get()); + certLen = wc_SignCert(cert->bodySz, cert->sigType, _caCertDer.data(), static_cast(_caCertDer.size()), + _caKey.get(), nullptr, _rng.get()); if (certLen < 0) return false; _caCertDer.resize(certLen); + /* + keys + */ std::vector keyDer(4096); - int keyDerLen = wc_RsaKeyToDer(_caKey.get(), keyDer.data(), (word32)keyDer.size()); + int keyDerLen = wc_RsaKeyToDer(_caKey.get(), keyDer.data(), static_cast(keyDer.size())); if (keyDerLen < 0) return false; std::vector keyPem(4096); - int keyPemLen = - wc_DerToPem(keyDer.data(), (word32)keyDerLen, keyPem.data(), (word32)keyPem.size(), PRIVATEKEY_TYPE); + int keyPemLen = wc_DerToPem(keyDer.data(), static_cast(keyDerLen), keyPem.data(), + static_cast(keyPem.size()), PRIVATEKEY_TYPE); std::ofstream kOut(keyPath, std::ios::binary); if (!kOut.is_open()) return false; kOut.write((char*)keyPem.data(), keyPemLen); std::vector certPem(4096); - int certPemLen = - wc_DerToPem(_caCertDer.data(), (word32)_caCertDer.size(), certPem.data(), (word32)certPem.size(), CERT_TYPE); + int certPemLen = wc_DerToPem(_caCertDer.data(), static_cast(_caCertDer.size()), certPem.data(), + static_cast(certPem.size()), CERT_TYPE); + /* + file out + */ std::ofstream cOut(certPath, std::ios::binary); if (!cOut.is_open()) return false; - cOut.write((char*)certPem.data(), certPemLen); + cOut.write(reinterpret_cast(certPem.data()), certPemLen); return true; }