neru/tinymitm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: neru/tinymitm:b7a0d494fb10af36c011a378ed66d74ccbf73317
Branches Tags
neru/tinymitm:main
...
compare: neru/tinymitm:cd1146d0d8566c1daf2c5827e4df8e14befe790b
Branches Tags
neru/tinymitm:main

5 Commits
b7a0d494fb ... cd1146d0d8

Author SHA1 Message Date
neru cd1146d0d8 style: run format-code 2026-06-19 07:55:20 -03:00
neru dad8cb55d7 feat: enable ALPN (http 1.1) 2026-06-19 07:54:58 -03:00
neru 6ad87ecc18 fix: dont force TLS 1.3 2026-06-19 07:54:45 -03:00
neru e0e0eb5f12 style: casting 2026-06-19 07:48:04 -03:00
neru c0adefeda1 fix: manually do SAN 2026-06-19 07:47:56 -03:00
3 changed files with 31 additions and 7 deletions
Expand all files Collapse all files
src/proxy/tinymitm/proxy.cpp
+7 -1
View File
@@ -194,7 +194,7 @@ bool TinyMITMProxy::init()
return false; return false;
} }
TINYMITM_WRITELOG(verbose, "wolfssl context creation"); TINYMITM_WRITELOG(verbose, "wolfssl context creation");
_clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); _clientCtx = wolfSSL_CTX_new(wolfTLS_client_method());
if (!_clientCtx) if (!_clientCtx)
{ {
TINYMITM_WRITELOG(error, "failed to create wolfssl context"); TINYMITM_WRITELOG(error, "failed to create wolfssl context");
@@ -435,6 +435,12 @@ void TinyMITMProxy::handleClient(SOCKET clientSocket)
wolfSSL_set_fd(clientSSL.get(), (int)clientGuard); wolfSSL_set_fd(clientSSL.get(), (int)clientGuard);
wolfSSL_set_fd(remoteSSL.get(), (int)remoteGuard); wolfSSL_set_fd(remoteSSL.get(), (int)remoteGuard);
char alpnList[] = "http/1.1";
wolfSSL_UseALPN(remoteSSL.get(), alpnList, static_cast<word32>(strlen(alpnList)),
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH);
wolfSSL_UseALPN(clientSSL.get(), alpnList, static_cast<word32>(strlen(alpnList)),
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH);
wolfSSL_UseSNI(remoteSSL.get(), WOLFSSL_SNI_HOST_NAME, host.c_str(), (unsigned short)host.size()); wolfSSL_UseSNI(remoteSSL.get(), WOLFSSL_SNI_HOST_NAME, host.c_str(), (unsigned short)host.size());
setNonBlocking(clientGuard, true); setNonBlocking(clientGuard, true);
src/proxy/tinymitm/ssl.cpp
+23 -5
View File
@@ -84,12 +84,28 @@ WOLFSSL_CTX* CertificateManager::createHostContext(const std::string& host)
cert->serial[2] = (hash >> 8) & 0xFF; cert->serial[2] = (hash >> 8) & 0xFF;
cert->serial[3] = hash & 0xFF; cert->serial[3] = hash & 0xFF;
// SAN /*
strncpy_s(reinterpret_cast<char*>(cert->altNames), sizeof(cert->altNames), hostTrimmed.c_str(), _TRUNCATE); SAN
cert->altNamesSz = static_cast<word16>(hostTrimmed.length()); */
memset(cert->altNames, 0, CTC_MAX_ALT_SIZE);
// sequence
cert->altNames[0] = 0x30;
cert->altNames[1] = static_cast<byte>(hostTrimmed.length() + 2);
//dNSName tag & len
cert->altNames[2] = 0x82;
cert->altNames[3] = static_cast<byte>(hostTrimmed.length());
// actual data
memcpy(&cert->altNames[4], hostTrimmed.c_str(), hostTrimmed.length());
// sz: seq hdr (2) + dNSName hdr (2) + hostName
cert->altNamesSz = 4 + static_cast<int>(hostTrimmed.length());
cert->altNamesCrit = 0;
wc_SetSubjectKeyIdFromPublicKey(cert.get(), _sessionKey.get(), nullptr); wc_SetSubjectKeyIdFromPublicKey(cert.get(), _sessionKey.get(), nullptr);
wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size()); wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), static_cast<int>(_caCertDer.size()));
/* /*
cert sign cert sign
@@ -185,8 +201,10 @@ bool CertificateManager::generateAndSaveCA(const char* caName, int days, const s
cert->serialSz = 1; cert->serialSz = 1;
cert->serial[0] = 1; cert->serial[0] = 1;
cert->selfSigned = 1;
wc_SetSubjectKeyIdFromPublicKey(cert.get(), _caKey.get(), 0); wc_SetSubjectKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size()); wc_SetAuthKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
/* /*
CA sign CA sign