#920 Disable wild card certificate option

justcoding121 · justcoding121 · commit 1e9d602af954 · 2022-07-22T10:43:54.000-06:00
diff --git a/src/Titanium.Web.Proxy/Certificates/CertificateManager.cs b/src/Titanium.Web.Proxy/Certificates/CertificateManager.cs
@@ -283,6 +283,11 @@ public ICertificateCache CertificateStorage
         /// </summary>
         public X509KeyStorageFlags StorageFlag { get; set; } = X509KeyStorageFlags.Exportable;
 
+        /// <summary>
+        /// Disable wild card certificates. Disabled by default.
+        /// </summary>
+        public bool DisableWildCardCertificates { get; set; } = false;
+
         /// <summary>
         ///     For CertificateEngine.DefaultWindows to work we need to also check in personal store
         /// </summary>
diff --git a/src/Titanium.Web.Proxy/ExplicitClientHandler.cs b/src/Titanium.Web.Proxy/ExplicitClientHandler.cs
@@ -185,7 +185,7 @@ private async Task handleClient(ExplicitProxyEndPoint endPoint, TcpClientConnect
                         {
                             sslStream = new SslStream(clientStream, false);
 
-                            string certName = HttpHelper.GetWildCardDomainName(connectHostname);
+                            string certName = HttpHelper.GetWildCardDomainName(connectHostname, CertificateManager.DisableWildCardCertificates);
                             certificate = endPoint.GenericCertificate ??
                                               await CertificateManager.CreateServerCertificate(certName);
 
diff --git a/src/Titanium.Web.Proxy/Helpers/HttpHelper.cs b/src/Titanium.Web.Proxy/Helpers/HttpHelper.cs
@@ -137,7 +137,7 @@ internal static ReadOnlyMemory<char> GetBoundaryFromContentType(string? contentT
         /// </summary>
         /// <param name="hostname"></param>
         /// <returns></returns>
-        internal static string GetWildCardDomainName(string hostname)
+        internal static string GetWildCardDomainName(string hostname, bool disableWildCardCertificates)
         {
             // only for subdomains we need wild card
             // example www.google.com or gstatic.google.com
@@ -148,6 +148,11 @@ internal static string GetWildCardDomainName(string hostname)
                 return hostname;
             }
 
+            if (disableWildCardCertificates)
+            {
+                return hostname;
+            }
+
             var split = hostname.Split(ProxyConstants.DotSplit);
 
             if (split.Length > 2)
diff --git a/src/Titanium.Web.Proxy/TransparentClientHandler.cs b/src/Titanium.Web.Proxy/TransparentClientHandler.cs
@@ -66,7 +66,7 @@ private async Task handleClient(TransparentBaseProxyEndPoint endPoint, TcpClient
                         {
                             sslStream = new SslStream(clientStream, false);
 
-                            string certName = HttpHelper.GetWildCardDomainName(httpsHostName);
+                            string certName = HttpHelper.GetWildCardDomainName(httpsHostName, CertificateManager.DisableWildCardCertificates);
                             certificate = endPoint.GenericCertificate ??
                                                     await CertificateManager.CreateServerCertificate(certName);
 

Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,7 @@ private async Task handleClient(ExplicitProxyEndPoint endPoint, TcpClientConnect`
`185`	`185`	`{`
`186`	`186`	`sslStream = new SslStream(clientStream, false);`
`187`	`187`
`188`		`- string certName = HttpHelper.GetWildCardDomainName(connectHostname);`
	`188`	`+ string certName = HttpHelper.GetWildCardDomainName(connectHostname, CertificateManager.DisableWildCardCertificates);`
`189`	`189`	`certificate = endPoint.GenericCertificate ??`
`190`	`190`	`await CertificateManager.CreateServerCertificate(certName);`
`191`	`191`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ private async Task handleClient(TransparentBaseProxyEndPoint endPoint, TcpClient`
`66`	`66`	`{`
`67`	`67`	`sslStream = new SslStream(clientStream, false);`
`68`	`68`
`69`		`- string certName = HttpHelper.GetWildCardDomainName(httpsHostName);`
	`69`	`+ string certName = HttpHelper.GetWildCardDomainName(httpsHostName, CertificateManager.DisableWildCardCertificates);`
`70`	`70`	`certificate = endPoint.GenericCertificate ??`
`71`	`71`	`await CertificateManager.CreateServerCertificate(certName);`
`72`	`72`