From c0adefeda1bae61f54e63a411d88a3ea9caa306f Mon Sep 17 00:00:00 2001 From: neru Date: Fri, 19 Jun 2026 07:47:38 -0300 Subject: [PATCH] fix: manually do SAN --- src/proxy/tinymitm/ssl.cpp | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/src/proxy/tinymitm/ssl.cpp b/src/proxy/tinymitm/ssl.cpp index f3c3d80..2c1cecf 100644 --- a/src/proxy/tinymitm/ssl.cpp +++ b/src/proxy/tinymitm/ssl.cpp @@ -84,9 +84,25 @@ WOLFSSL_CTX* CertificateManager::createHostContext(const std::string& host) cert->serial[2] = (hash >> 8) & 0xFF; cert->serial[3] = hash & 0xFF; - // SAN - strncpy_s(reinterpret_cast(cert->altNames), sizeof(cert->altNames), hostTrimmed.c_str(), _TRUNCATE); - cert->altNamesSz = static_cast(hostTrimmed.length()); + /* + SAN + */ + memset(cert->altNames, 0, CTC_MAX_ALT_SIZE); + + // sequence + cert->altNames[0] = 0x30; + cert->altNames[1] = static_cast(hostTrimmed.length() + 2); + + //dNSName tag & len + cert->altNames[2] = 0x82; + cert->altNames[3] = static_cast(hostTrimmed.length()); + + // actual data + memcpy(&cert->altNames[4], hostTrimmed.c_str(), hostTrimmed.length()); + + // sz: seq hdr (2) + dNSName hdr (2) + hostName + cert->altNamesSz = 4 + static_cast(hostTrimmed.length()); + cert->altNamesCrit = 0; wc_SetSubjectKeyIdFromPublicKey(cert.get(), _sessionKey.get(), nullptr); wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size()); @@ -185,8 +201,10 @@ bool CertificateManager::generateAndSaveCA(const char* caName, int days, const s cert->serialSz = 1; cert->serial[0] = 1; + cert->selfSigned = 1; + wc_SetSubjectKeyIdFromPublicKey(cert.get(), _caKey.get(), 0); - wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size()); + wc_SetAuthKeyIdFromPublicKey(cert.get(), _caKey.get(), 0); /* CA sign