fix: manually do SAN

src/proxy/tinymitm/ssl.cpp

@@ -84,9 +84,25 @@ WOLFSSL_CTX* CertificateManager::createHostContext(const std::string& host)
     cert->serial[2] = (hash >> 8) & 0xFF;
     cert->serial[3] = hash & 0xFF;
 
-    // SAN
-    strncpy_s(reinterpret_cast<char*>(cert->altNames), sizeof(cert->altNames), hostTrimmed.c_str(), _TRUNCATE);
-    cert->altNamesSz = static_cast<word16>(hostTrimmed.length());
+    /*
+        SAN
+    */
+    memset(cert->altNames, 0, CTC_MAX_ALT_SIZE);
+
+    // sequence
+    cert->altNames[0] = 0x30;
+    cert->altNames[1] = static_cast<byte>(hostTrimmed.length() + 2);
+
+    //dNSName tag & len
+    cert->altNames[2] = 0x82;
+    cert->altNames[3] = static_cast<byte>(hostTrimmed.length());
+
+    // actual data
+    memcpy(&cert->altNames[4], hostTrimmed.c_str(), hostTrimmed.length());
+
+    // sz: seq hdr (2) + dNSName hdr (2) + hostName
+    cert->altNamesSz = 4 + static_cast<int>(hostTrimmed.length());
+    cert->altNamesCrit = 0;
 
     wc_SetSubjectKeyIdFromPublicKey(cert.get(), _sessionKey.get(), nullptr);
     wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size());
@@ -185,8 +201,10 @@ bool CertificateManager::generateAndSaveCA(const char* caName, int days, const s
     cert->serialSz = 1;
     cert->serial[0] = 1;
 
+    cert->selfSigned = 1;
+
     wc_SetSubjectKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
-    wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size());
+    wc_SetAuthKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
 
     /*
         CA sign