fix: prevent windows from breaking min and max

CMakeLists.txt

@@ -45,6 +45,7 @@ set(WOLFSSL_ALPN ON CACHE BOOL "" FORCE)
 set(WOLFSSL_CERTGEN ON CACHE BOOL "" FORCE)
 set(WOLFSSL_CERTEXT ON CACHE BOOL "" FORCE)
 set(WOLFSSL_KEYGEN ON CACHE BOOL "" FORCE)
+set(WOLFSSL_SNI ON CACHE BOOL "" FORCE)
 set(WOLFSSL_EXAMPLES OFF CACHE BOOL "" FORCE)
 set(WOLFSSL_CRYPT_TESTS OFF CACHE BOOL "" FORCE)
 set(BUILD_SHARED_LIBS OFF CACHE BOOL "" FORCE)
@@ -54,6 +55,8 @@ FetchContent_MakeAvailable(wolfssl)
 target_compile_definitions(wolfssl PUBLIC
     -DWOLFSSL_ALT_NAMES
     -DWOLFSSL_ALPN
+    -DWOLFSSL_HAVE_MIN
+    -DWOLFSSL_HAVE_MAX
 )
 
 # ---------------------
@@ -81,6 +84,10 @@ if (TINYMITM_LOGS OR $CACHE{TINYMITM_LOGS})
     target_compile_definitions(tinymitm PUBLIC TINYMITM_LOGS)
 endif()
 
+if (WIN32)
+    target_link_libraries(tinymitm PRIVATE crypt32)
+endif()
+
 # ------------------------------
 # test
 # ------------------------------

src/proxy/tinymitm/proxy.cpp

@@ -6,7 +6,10 @@
 
 #if defined(_WIN64) || defined(_WIN32)
     #define FD_SETSIZE 1024
+    
+    #ifndef NOMINMAX
         #define NOMINMAX
+    #endif
 
     #include <winsock2.h>
     #include <ws2tcpip.h>
@@ -14,7 +17,6 @@
     #define CLOSE_SOCKET closesocket
     #define SHUT_RDWR SD_BOTH
 #endif
-
 #include <wolfssl/options.h>
 #include <wolfssl/ssl.h>
 #include "ssl.h"
@@ -194,7 +196,7 @@ bool TinyMITMProxy::init()
         return false;
     }
     TINYMITM_WRITELOG(verbose, "wolfssl context creation");
-    _clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+    _clientCtx = wolfSSL_CTX_new(wolfTLS_client_method());
     if (!_clientCtx)
     {
         TINYMITM_WRITELOG(error, "failed to create wolfssl context");
@@ -435,6 +437,12 @@ void TinyMITMProxy::handleClient(SOCKET clientSocket)
         wolfSSL_set_fd(clientSSL.get(), (int)clientGuard);
         wolfSSL_set_fd(remoteSSL.get(), (int)remoteGuard);
 
+        char alpnList[] = "http/1.1";
+        wolfSSL_UseALPN(remoteSSL.get(), alpnList, static_cast<word32>(strlen(alpnList)),
+                        WOLFSSL_ALPN_CONTINUE_ON_MISMATCH);
+        wolfSSL_UseALPN(clientSSL.get(), alpnList, static_cast<word32>(strlen(alpnList)),
+                        WOLFSSL_ALPN_CONTINUE_ON_MISMATCH);
+
         wolfSSL_UseSNI(remoteSSL.get(), WOLFSSL_SNI_HOST_NAME, host.c_str(), (unsigned short)host.size());
 
         setNonBlocking(clientGuard, true);
@@ -457,10 +465,10 @@ void TinyMITMProxy::handleClient(SOCKET clientSocket)
         if (isConnect) return wolfSSL_read(ssl, b, sz);
         return ::recv(s, b, sz, 0);
     };
-    auto sslWrite = [&](WOLFSSL* ssl, SOCKET s, const char* b, int sz) -> int {
-        if (isConnect) return wolfSSL_write(ssl, b, sz);
-        return ::send(s, b, sz, 0);
-    };
+    // auto sslWrite = [&](WOLFSSL* ssl, SOCKET s, const char* b, int sz) -> int {
+        // if (isConnect) return wolfSSL_write(ssl, b, sz);
+        // return ::send(s, b, sz, 0);
+    // };
     auto sslPending = [&](WOLFSSL* ssl) -> int {
         if (isConnect) return wolfSSL_pending(ssl);
         return 0;

src/proxy/tinymitm/proxy.h

@@ -6,6 +6,8 @@
     #include <seallib/log.h>
 #endif
 
+#include <condition_variable>
+#include <mutex>
 #include <thread>
 #include <atomic>
 #include <queue>

src/proxy/tinymitm/ssl.cpp

@@ -13,13 +13,12 @@
 #ifdef _WIN32
     #include <windows.h>
     #include <wincrypt.h>
-    #pragma comment(lib, "crypt32.lib")
 #endif
 
 /*
     CertificateManager implementation
 */
-CertificateManager::CertificateManager() : _rng(new WC_RNG()), _caKey(nullptr), _sessionKey(nullptr) {}
+CertificateManager::CertificateManager() : _caKey(nullptr), _sessionKey(nullptr), _rng(new WC_RNG()) {}
 
 CertificateManager::~CertificateManager()
 {
@@ -84,12 +83,28 @@ WOLFSSL_CTX* CertificateManager::createHostContext(const std::string& host)
     cert->serial[2] = (hash >> 8) & 0xFF;
     cert->serial[3] = hash & 0xFF;
 
-    // SAN
-    strncpy_s(reinterpret_cast<char*>(cert->altNames), sizeof(cert->altNames), hostTrimmed.c_str(), _TRUNCATE);
-    cert->altNamesSz = static_cast<word16>(hostTrimmed.length());
+    /*
+        SAN
+    */
+    memset(cert->altNames, 0, CTC_MAX_ALT_SIZE);
+
+    // sequence
+    cert->altNames[0] = 0x30;
+    cert->altNames[1] = static_cast<byte>(hostTrimmed.length() + 2);
+
+    //dNSName tag & len
+    cert->altNames[2] = 0x82;
+    cert->altNames[3] = static_cast<byte>(hostTrimmed.length());
+
+    // actual data
+    memcpy(&cert->altNames[4], hostTrimmed.c_str(), hostTrimmed.length());
+
+    // sz: seq hdr (2) + dNSName hdr (2) + hostName
+    cert->altNamesSz = 4 + static_cast<int>(hostTrimmed.length());
+    cert->altNamesCrit = 0;
 
     wc_SetSubjectKeyIdFromPublicKey(cert.get(), _sessionKey.get(), nullptr);
-    wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size());
+    wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), static_cast<int>(_caCertDer.size()));
 
     /*
         cert sign
@@ -132,7 +147,7 @@ bool CertificateManager::installCertificate()
                                                           (DWORD)_caCertDer.size());
 
     if (!certCtx) return false;
-    HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
+    HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
     bool success = false;
     if (rootStore)
     {
@@ -185,8 +200,10 @@ bool CertificateManager::generateAndSaveCA(const char* caName, int days, const s
     cert->serialSz = 1;
     cert->serial[0] = 1;
 
+    cert->selfSigned = 1;
+
     wc_SetSubjectKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
-    wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size());
+    wc_SetAuthKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
 
     /*
         CA sign