style: run format-code

feat: enable ALPN (http 1.1)
fix: dont force TLS 1.3
2026-06-19 07:55:20 -03:00 · 2026-06-19 07:54:58 -03:00 · 2026-06-19 07:54:45 -03:00 · 2026-06-19 07:48:04 -03:00 · 2026-06-19 07:47:56 -03:00
3 changed files with 31 additions and 7 deletions
@@ -194,7 +194,7 @@ bool TinyMITMProxy::init()
        return false;
    }
    TINYMITM_WRITELOG(verbose, "wolfssl context creation");
-    _clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+    _clientCtx = wolfSSL_CTX_new(wolfTLS_client_method());
    if (!_clientCtx)
    {
        TINYMITM_WRITELOG(error, "failed to create wolfssl context");
@@ -435,6 +435,12 @@ void TinyMITMProxy::handleClient(SOCKET clientSocket)
        wolfSSL_set_fd(clientSSL.get(), (int)clientGuard);
        wolfSSL_set_fd(remoteSSL.get(), (int)remoteGuard);
        char alpnList[] = "http/1.1";
        wolfSSL_UseALPN(remoteSSL.get(), alpnList, static_cast<word32>(strlen(alpnList)),
                        WOLFSSL_ALPN_CONTINUE_ON_MISMATCH);
        wolfSSL_UseALPN(clientSSL.get(), alpnList, static_cast<word32>(strlen(alpnList)),
                        WOLFSSL_ALPN_CONTINUE_ON_MISMATCH);
        wolfSSL_UseSNI(remoteSSL.get(), WOLFSSL_SNI_HOST_NAME, host.c_str(), (unsigned short)host.size());
        setNonBlocking(clientGuard, true);
@@ -84,12 +84,28 @@ WOLFSSL_CTX* CertificateManager::createHostContext(const std::string& host)
    cert->serial[2] = (hash >> 8) & 0xFF;
    cert->serial[3] = hash & 0xFF;
-    // SAN
+    /*
-    strncpy_s(reinterpret_cast<char*>(cert->altNames), sizeof(cert->altNames), hostTrimmed.c_str(), _TRUNCATE);
+        SAN
-    cert->altNamesSz = static_cast<word16>(hostTrimmed.length());
+    */
    memset(cert->altNames, 0, CTC_MAX_ALT_SIZE);
    // sequence
    cert->altNames[0] = 0x30;
    cert->altNames[1] = static_cast<byte>(hostTrimmed.length() + 2);
    //dNSName tag & len
    cert->altNames[2] = 0x82;
    cert->altNames[3] = static_cast<byte>(hostTrimmed.length());
    // actual data
    memcpy(&cert->altNames[4], hostTrimmed.c_str(), hostTrimmed.length());
    // sz: seq hdr (2) + dNSName hdr (2) + hostName
    cert->altNamesSz = 4 + static_cast<int>(hostTrimmed.length());
    cert->altNamesCrit = 0;
    wc_SetSubjectKeyIdFromPublicKey(cert.get(), _sessionKey.get(), nullptr);
-    wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size());
+    wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), static_cast<int>(_caCertDer.size()));
    /*
        cert sign
@@ -185,8 +201,10 @@ bool CertificateManager::generateAndSaveCA(const char* caName, int days, const s
    cert->serialSz = 1;
    cert->serial[0] = 1;
    cert->selfSigned = 1;
    wc_SetSubjectKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
-    wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size());
+    wc_SetAuthKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
    /*
        CA sign
@@ -11,7 +11,7 @@ class ConOutSink : public ILogSink
    public:
        virtual void receiveLog(LogType type, std::string_view loggerName, std::string_view msg) override
        {
-            std::cout << "[" << loggerName << "] " << seallib::getLogTypeColor(type)  << "["
+            std::cout << "[" << loggerName << "] " << seallib::getLogTypeColor(type) << "["
                      << seallib::getLogTypeName(type) << "]"
                      << "\x1b[0m " << msg << std::endl;
        }
Author	SHA1	Message	Date
neru	cd1146d0d8	style: run format-code	2026-06-19 07:55:20 -03:00
neru	dad8cb55d7	feat: enable ALPN (http 1.1)	2026-06-19 07:54:58 -03:00
neru	6ad87ecc18	fix: dont force TLS 1.3	2026-06-19 07:54:45 -03:00
neru	e0e0eb5f12	style: casting	2026-06-19 07:48:04 -03:00
neru	c0adefeda1	fix: manually do SAN	2026-06-19 07:47:56 -03:00