1.修改解析URL中源证书越界,段错误
2.修改LOG文件命名 3.修改非授信证书从本地签发
This commit is contained in:
fengweihao
@@ -1,15 +1,21 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICUzCCAbwCCQC5LmMkSxbKczANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJD
|
||||
TjETMBEGA1UECAwKbXlwcm92aW5jZTEPMA0GA1UEBwwGbXljaXR5MRcwFQYDVQQK
|
||||
DA5teW9yZ2FuaXphdGlvbjEQMA4GA1UECwwHbXlncm91cDEOMAwGA1UEAwwFaW5z
|
||||
ZWMwHhcNMTgwOTA3MDcxMjQwWhcNMTkwOTA3MDcxMjQwWjBuMQswCQYDVQQGEwJD
|
||||
TjETMBEGA1UECAwKbXlwcm92aW5jZTEPMA0GA1UEBwwGbXljaXR5MRcwFQYDVQQK
|
||||
DA5teW9yZ2FuaXphdGlvbjEQMA4GA1UECwwHbXlncm91cDEOMAwGA1UEAwwFaW5z
|
||||
ZWMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANbDfP8abLGN7MX7bsBkYX2l
|
||||
rNRIxejl2GcX9Dzq7QR0fMj73chwU79dPIH30fdgmhwVTg+v2bxNMnbX51vd6oKL
|
||||
2JvhGoNjZ1vNE4oBaW0G4hyidNKXclYlBCt/KcDAZIle0pZzMhzU1XdIujsYJXNI
|
||||
tQ/J1B++d8wtzEKfHZL/AgMBAAEwDQYJKoZIhvcNAQELBQADgYEAqI612hQY3tX8
|
||||
eCKaIbsSyofb/hkZG+rQ6zQ3Y8pUNm0xQrCCWPaP2+c/MGn02R8foryaSa9q0kKf
|
||||
b4LeaERq5bbvgCGIoQ7gKo/kKKTOiXbJJi/7tJARhdrUDvbnVew2/N66A4Xk62PP
|
||||
vFLj6H6oDlQo0DqA865N2ZDm0XRt+F0=
|
||||
MIIDdzCCAl+gAwIBAgIJAM3sdp+ssKYAMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV
|
||||
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
|
||||
Q29tcGFueSBMdGQxDjAMBgNVBAMMBWluc2VjMB4XDTE4MTAyMzAzMjA1MloXDTE5
|
||||
MTAyMzAzMjA1MlowUjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0
|
||||
eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEOMAwGA1UEAwwFaW5zZWMw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9uRq4tMCqA4wNWk4nIogY
|
||||
yxFiJqQyl1dWuCGIK0QDuXcN2BeSfx1dCTW9Ul6JzojUCM6E0MXRbYfTSd1UwKzb
|
||||
AqlVuj20pFWAw6LOeMZ0xjC74hP2ADosmJg9KboOMhHYwRvLRP/IZcTNVFBxA3jo
|
||||
mMLAGgNOYio4aLtNNfbLS61I+OK/XPii7/IW3V5AqDVGSyNJJsiQX3HuetQhMtg4
|
||||
iKtZWBHjGRaZIKJiKDRkCT+/yXXoEsr+nGk0PLWGFaeEsQgeQYA1vNuqSSHaTk9O
|
||||
1BNaLjAC3QrRRD9UnXjRW8psUdDml5R3NEiqPhar78ddDDMphXGN32Sy2TI1RoJr
|
||||
AgMBAAGjUDBOMB0GA1UdDgQWBBQ6GT0R/WaBzKME9AYvw4mC3V12OzAfBgNVHSME
|
||||
GDAWgBQ6GT0R/WaBzKME9AYvw4mC3V12OzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQCmO/IfjwAyGOzYZAzDxc9uLdjkucqofTNUzyDav/I+35bmp8Q8
|
||||
/jzz/U7Ld7ThSmhP8kkGHM39wlpQhef9CrndRYvMpCUNB64rhDHq0xX07XLJoVUD
|
||||
st4Qd8iWSHMF0cNM84FY+5L0DSVxKPlnqa+kRGwVumHuTbcrIzNwATiXrbOzCrdI
|
||||
QMh5R/XmI09/c6Lj3KNI1DM4wgDzU/Cye+t/dSXOdsfMUL7mhnBKxlsPf02pnx4f
|
||||
1qyOISPskn/ACnYNce8R+LAZh1SdNb4ZGnSeY28YHc9HFGme1y01X2KvB12ifheK
|
||||
mcQTT7A7Vtee1H9ZnXHvvzAT6IkhMKnosYzv
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
@@ -1,15 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXgIBAAKBgQDWw3z/GmyxjezF+27AZGF9pazUSMXo5dhnF/Q86u0EdHzI+93I
|
||||
cFO/XTyB99H3YJocFU4Pr9m8TTJ21+db3eqCi9ib4RqDY2dbzROKAWltBuIconTS
|
||||
l3JWJQQrfynAwGSJXtKWczIc1NV3SLo7GCVzSLUPydQfvnfMLcxCnx2S/wIDAQAB
|
||||
AoGBAKukTZAs9FXrkiKhUuCc2XXsJXb8OoBqwkuSz3aoY4m998VB1v1NGQHGaIeP
|
||||
ItZM9J4hQOQ0rRZbtEtbPuMjNzpr5yxhBjnp4ZDgutZxfgA8xVbOGcGMqf5vE6C1
|
||||
+eZK3kg5a+DAPgniKx0Gy2Ov/3R0H/3tWcLFcJicG/vJFgDxAkEA7fRm3pG2vzQb
|
||||
RpJh/mhupBnq5gZ2S5zXk+ktBQ5Q4Dg4R2hl3c8TG8skCoaO4m1EhtSUk1ayR6zG
|
||||
cD/VhpJzfQJBAOcM3D3EvFYFgrsOjB3sHYuL1ctTWojfNJprukSu7B+IUIumZM0w
|
||||
ZIDMoPIXRhAl72qwzFHuH8QE+A1FdZ/ScSsCQQCeB2YaAiOfr/c9UxIJZ0mzahL6
|
||||
WOhPJwZ0kLL5XJyRjES0B70/JbrHBo4U/2/9KBwOfzd88mLL/w56lao1CSXxAkB9
|
||||
X6Ma+WhhHThlHG23xun5UPXAEQjtgIDg0lgO8QQ70BI01SOZnArNQTyMYUipdoxF
|
||||
zo3wX1BpY3DecrRy9xRlAkEAzTvYMw1R4YJ68eis4SZyjEE8dy+g92+SU4VEWnps
|
||||
f+f868w4jE6D94dgnRi0yYd/O2ctEF7+mbM/eh1mdFaxaA==
|
||||
MIIEogIBAAKCAQEAvbkauLTAqgOMDVpOJyKIGMsRYiakMpdXVrghiCtEA7l3DdgX
|
||||
kn8dXQk1vVJeic6I1AjOhNDF0W2H00ndVMCs2wKpVbo9tKRVgMOiznjGdMYwu+IT
|
||||
9gA6LJiYPSm6DjIR2MEby0T/yGXEzVRQcQN46JjCwBoDTmIqOGi7TTX2y0utSPji
|
||||
v1z4ou/yFt1eQKg1RksjSSbIkF9x7nrUITLYOIirWVgR4xkWmSCiYig0ZAk/v8l1
|
||||
6BLK/pxpNDy1hhWnhLEIHkGANbzbqkkh2k5PTtQTWi4wAt0K0UQ/VJ140VvKbFHQ
|
||||
5peUdzRIqj4Wq+/HXQwzKYVxjd9kstkyNUaCawIDAQABAoIBAGwpgq15BzomKYtX
|
||||
R6USD8sqwm9VnljlZTqgYSWTnQQOkWxIHTA83g2zeXrE4fbo06Mmni6kI5NBQaVY
|
||||
wCFYc3Os8cNZGWLKKaDuZ/wUaPgcIZ6LxluCR6gzGuAL0PHU483SUjkxzi1+r5Ns
|
||||
FSxJEX5x0N3aNrZSSsW8F8RuFpRRRS38fZ21c4mBzge/mfBLu9M4HQu8cW/LIwuX
|
||||
uMZfj00+PKKtEyS0louNDBTkHUz7plCJAyY93BYhmgHSI/dq0Iv3YsrOlrzTnuFF
|
||||
21nDa8DSYciSm3IbLbyLzhn5jO1oYcD7CM6l31Oklrk5C4HuxI84IrwVtc+z7nya
|
||||
JBjFOckCgYEA8vwtM0/aBHJd0OgyoTiLcoht5Z4myniP+fUvyCvJONM3ayFEFs2C
|
||||
bR1T5pJPjF/Qiex2qK0xgXKAFcStCDKP95yURgrmcZlILFvAo/wxy6cz+PXlLolC
|
||||
+GGaIyiIE0DKzw8Hq//w/mFR/IneBh2GMa+ygBbExrZZg1dAxNxvCbUCgYEAx+KY
|
||||
uZ9pSuX0F220gRR9H0Yvn7eAP5DzjQDmbxFbvkqbFCgIiim6Pb8dFgWTc+3g49cY
|
||||
s5GTEqpO53o/tlwdoXG6qfvUyZdVyuD0rPuFO2ppUdKBejJxU3ew44fdTXQw+0ze
|
||||
GCUx+jZxnmHkjQuCRJnhRHw+woZ/Hcr/7lLyb58CgYBZ59btqnkXth1iY9f/8UUf
|
||||
jr1i/Z6Kwgs7yG3ymcjtfrF9sSRZb5b3uqdFpBNM9FLcBaNuDA9KP0yHQWtoohTE
|
||||
4Km4NOZJWBbtWtGvm2vtV6OSVaGEE4O1FaALrD6VKR8heAU1rhDEfsvwLi75gkkZ
|
||||
71GTtVj/0Y7TWyB69rkbFQKBgBNGltPPu6etZUydF7sa7rYFXrJYT9XRdKs0WwR6
|
||||
+A3xw+K9uZUZUQyDUZq+DuovFnDiXU9zymsSYWmRMHO1jmXzQb0CvBJ0taFK8E1+
|
||||
M+r26BEr67CNDMCv2i8W+xBtFAwn7YMGkzs95NcROakgYv+al06zbJn1vmxxFx00
|
||||
goyhAoGANOTrJ/UQuEmG73ptb/1/5tUIOKZXvda7V6UG89jg7r7JsfnS4Ay26Ug0
|
||||
qj205h2qRzYI/55TR3lgWg5cX6IdhpuToBph2SLqjRF8Ro1vSNgMG9ECEdfbNg/X
|
||||
h3uchjbbOVh9vWIZma6HrMxOCr9Lf3AclwcA+ikkFjaNUOL8QgY=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
||||
@@ -12,7 +12,7 @@ expire_after = 30
|
||||
#<23><><EFBFBD><EFBFBD>Ĭ<EFBFBD>ϸ<EFBFBD>֤<EFBFBD><D6A4>·<EFBFBD><C2B7>
|
||||
def-ca-path = ../ca
|
||||
[NTC_MAAT]
|
||||
#<23><><EFBFBD>ü<EFBFBD><C3BC><EFBFBD>ģʽ<EFBFBD><EFBFBD>1Ϊʹ<EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD>json<EFBFBD><EFBFBD>0Ϊʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>÷ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>
|
||||
#<23><><EFBFBD>ü<EFBFBD><C3BC><EFBFBD>ģʽ,0Ϊʹ<CEAA><CAB9><EFBFBD><EFBFBD><EFBFBD>÷ַ<C3B7><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD>ļ<EFBFBD>,1Ϊʹ<EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD>json,2Ϊʹ<EFBFBD><EFBFBD>Redis<EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
maat_json_switch=2
|
||||
#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽΪ<CABD><CEAA><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<DEB8><C4BC><EFBFBD>(s)
|
||||
effective_interval=1
|
||||
@@ -28,10 +28,11 @@ pxy_obj_keyring=../conf/pxy_obj_keyring.json
|
||||
#<23><><EFBFBD>ؼ<EFBFBD><D8BC>ض˿ںţ<DABA>Ĭ<EFBFBD><C4AC>Ϊ9991
|
||||
port = 9991
|
||||
[CERTSTORE_REDIS]
|
||||
#<23><><EFBFBD>ش洢֤<E6B4A2><D6A4><EFBFBD><EFBFBD>Redis<69><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<49><50>ַ<EFBFBD>Ͷ˿ں<CBBF>
|
||||
ip = 127.0.0.1
|
||||
port = 6379
|
||||
[MAAT_REDIS]
|
||||
#ָ<EFBFBD><EFBFBD>Redsi<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD>Ͷ˿ں<EFBFBD>
|
||||
#Maat<EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD>Redsi<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD>Ͷ˿ں<EFBFBD>
|
||||
ip = 192.168.11.243
|
||||
port = 6379
|
||||
dbindex = 4
|
||||
|
||||
@@ -49,8 +49,7 @@
|
||||
|
||||
#define WAIT_FOR_EFFECTIVE_US 1000*1000
|
||||
|
||||
#define SG_DATA_SIZE 8192
|
||||
#define SG_INSEC_ID 256
|
||||
#define SG_DATA_SIZE 10240
|
||||
|
||||
#define LOCAL_USER_PEN 1
|
||||
#define LOCAL_USER_DER 2
|
||||
@@ -59,6 +58,9 @@
|
||||
#define DEFAULT_PRIVATEKEY_NAME "mesalab-ca-cert.key"
|
||||
#define DEFAULT_CA_CERTIFICATE "mesalab-ca-cert.cer"
|
||||
|
||||
#define MESALAB_INSEC_CERT "mesalab-insec-cert.cer"
|
||||
#define MESALAB_INSEC_KEY "mesalab-insec-cert.key"
|
||||
|
||||
#define CM_UPDATE_TYPE_FULL 1
|
||||
#define CM_UPDATE_TYPE_INC 2
|
||||
|
||||
@@ -974,12 +976,11 @@ err:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int
|
||||
x509_online_append(struct x509_object_ctx *def, X509 *origin, int id,
|
||||
char *sni, char *root, char *sign,
|
||||
char *pkey, STACK_OF(X509) **stack_ca)
|
||||
static int x509_online_append(struct x509_object_ctx *def, struct request_t *request,
|
||||
char *root, char *sign, char *pkey, STACK_OF(X509) **stack_ca)
|
||||
{
|
||||
void *odata = NULL;
|
||||
int is_valid = request->is_valid;
|
||||
int _expire = 0; char *_crl = NULL;
|
||||
X509 *_root = NULL; EVP_PKEY *_key = NULL;
|
||||
|
||||
@@ -988,10 +989,10 @@ x509_online_append(struct x509_object_ctx *def, X509 *origin, int id,
|
||||
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "The approval certificate chain is empty");
|
||||
goto finish;
|
||||
}
|
||||
odata = MESA_htable_search(keyring->htable, (const uchar *)&id, sizeof(int));
|
||||
odata = MESA_htable_search(keyring->htable, (const uchar *)&(request->keyring_id), sizeof(int));
|
||||
if ( !odata ){
|
||||
_root = def->root;
|
||||
_key = def->key;
|
||||
_root = (is_valid == 1) ? def->root : def->insec_root;
|
||||
_key = (is_valid == 1) ? def->key : def->insec_key;
|
||||
_expire = cert_default_config()->expire_after;
|
||||
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Sing certificates using local default certificates");
|
||||
} else {
|
||||
@@ -999,7 +1000,6 @@ x509_online_append(struct x509_object_ctx *def, X509 *origin, int id,
|
||||
if (pxy_obj->is_valid != 1){
|
||||
pxy_obj->root = def->root;
|
||||
pxy_obj->key = def->key;
|
||||
|
||||
}else{
|
||||
if (!STRCMP(pxy_obj->type, "end-entity")){
|
||||
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The certificate(%d) type is an entity certificate",
|
||||
@@ -1015,13 +1015,13 @@ x509_online_append(struct x509_object_ctx *def, X509 *origin, int id,
|
||||
*stack_ca = pxy_obj->stack_ca;
|
||||
}
|
||||
}
|
||||
_root = pxy_obj->root;
|
||||
_key = pxy_obj->key;
|
||||
_root = (is_valid == 1) ? pxy_obj->root : def->insec_root;
|
||||
_key = (is_valid == 1) ? pxy_obj->key : def->insec_key;
|
||||
_expire = pxy_obj->expire_after;
|
||||
_crl = pxy_obj->ctl;
|
||||
}
|
||||
X509* x509 = x509_modify_by_cert(_root, _key, origin, pkey,
|
||||
_expire, sni, _crl);
|
||||
X509* x509 = x509_modify_by_cert(_root, _key, request->origin, pkey,
|
||||
_expire, request->sni, _crl);
|
||||
if (!x509){
|
||||
goto finish;
|
||||
}
|
||||
@@ -1163,8 +1163,7 @@ redis_clnt_pdu_send(struct request_t *request, redisAsyncContext *c)
|
||||
|
||||
startTime = rt_time_ns();
|
||||
|
||||
expire_after = x509_online_append(&info->def, request->origin, request->keyring_id, request->sni,
|
||||
root, sign, pkey, &stack_ca);
|
||||
expire_after = x509_online_append(&info->def, request, root, sign, pkey, &stack_ca);
|
||||
if (sign[0] == '\0' && pkey[0] == '\0'){
|
||||
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to sign certificate");
|
||||
evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0);
|
||||
@@ -1178,7 +1177,7 @@ redis_clnt_pdu_send(struct request_t *request, redisAsyncContext *c)
|
||||
FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[3], FS_OP_SET, info->diffTime);
|
||||
FS_internal_operate(SGstats.handle, info->field_ids, 0, FS_OP_ADD, 1);
|
||||
|
||||
char _chain[4][SG_DATA_SIZE];
|
||||
char _chain[6][SG_DATA_SIZE];
|
||||
char *chain[6] = {0};
|
||||
if (stack_ca){
|
||||
for (i = 0; i < sk_X509_num(stack_ca); i++){
|
||||
@@ -1220,7 +1219,6 @@ redis_clnt_send(struct request_t *request, redisReply *reply)
|
||||
{
|
||||
int xret = -1;
|
||||
|
||||
char odata[SG_DATA_SIZE * 2] = {0};
|
||||
libevent_thread *thread = threads + request->thread_id;
|
||||
|
||||
if (!reply && !reply->str){
|
||||
@@ -1232,9 +1230,7 @@ redis_clnt_send(struct request_t *request, redisReply *reply)
|
||||
|
||||
FS_internal_operate(SGstats.handle, thread->field_ids, 0, FS_OP_ADD, 1);
|
||||
|
||||
snprintf(odata, SG_DATA_SIZE * 2, "%s", reply->str);
|
||||
|
||||
evhttp_socket_send(request->evh_req, odata);
|
||||
evhttp_socket_send(request->evh_req, reply->str);
|
||||
|
||||
finish:
|
||||
kfree(request);
|
||||
@@ -1336,8 +1332,6 @@ finish:
|
||||
return xret;
|
||||
}
|
||||
|
||||
#define BURSIZE 4096
|
||||
|
||||
int hex2dec(char c)
|
||||
{
|
||||
if ('0' <= c && c <= '9') {
|
||||
@@ -1356,7 +1350,13 @@ void _urldecode(char url[])
|
||||
int i = 0;
|
||||
int len = strlen(url);
|
||||
int res_len = 0;
|
||||
char res[BURSIZE];
|
||||
char *res = NULL;
|
||||
|
||||
res = (char *)malloc(len + 1);
|
||||
if (!res){
|
||||
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Url alloc faild");
|
||||
return;
|
||||
}
|
||||
|
||||
if(!strchr(url, '%'))
|
||||
return;
|
||||
@@ -1375,6 +1375,8 @@ void _urldecode(char url[])
|
||||
}
|
||||
res[res_len] = '\0';
|
||||
strcpy(url, res);
|
||||
|
||||
free(res);
|
||||
}
|
||||
|
||||
static char*
|
||||
@@ -1428,7 +1430,7 @@ thread_decode_uri(const char *uri, X509 **origin,
|
||||
id = evhttp_find_header(¶ms, "keyring_id");
|
||||
if (id)
|
||||
*keyring_id = atoi(id);
|
||||
_valid = evhttp_find_header(¶ms, "is_valid");
|
||||
_valid = evhttp_find_header(¶ms, "is_vaild");
|
||||
if (_valid)
|
||||
*is_valid = atoi(_valid);
|
||||
_sni = evhttp_find_header(¶ms, "sni");
|
||||
@@ -1496,8 +1498,10 @@ pthread_work_proc(struct evhttp_request *evh_req, void *arg)
|
||||
|
||||
request = (struct request_t *) kmalloc (sizeof(struct request_t), MPF_CLR, -1);
|
||||
if (request != NULL){
|
||||
request->thread_id = info->id;
|
||||
request->evh_req = evh_req;
|
||||
memset(request, 0, sizeof(struct request_t));
|
||||
request->keyring_id = 0;
|
||||
request->thread_id = info->id;
|
||||
request->evh_req = evh_req;
|
||||
}
|
||||
switch (evhttp_request_get_command(evh_req)) {
|
||||
case EVHTTP_REQ_GET: cmdtype = "GET"; break;
|
||||
@@ -1507,8 +1511,9 @@ pthread_work_proc(struct evhttp_request *evh_req, void *arg)
|
||||
|
||||
thread_decode_uri(uri, &request->origin, &request->keyring_id, request->sni,
|
||||
&request->is_valid);
|
||||
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[Thread %d]Received a %s request for uri, kering_id:%d, sni:%s origin:%p",
|
||||
request->thread_id, cmdtype, request->keyring_id, request->sni, request->origin);
|
||||
|
||||
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[Thread %d]Received a %s request for uri, kering_id:%d, sni:%s origin:%p valid:%d",
|
||||
request->thread_id, cmdtype, request->keyring_id, request->sni, request->origin, request->is_valid);
|
||||
|
||||
if (request->origin == NULL || !request->evh_req){
|
||||
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to resolve the request url");
|
||||
@@ -1524,7 +1529,7 @@ pthread_work_proc(struct evhttp_request *evh_req, void *arg)
|
||||
}
|
||||
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Redis key is %s", request->rkey);
|
||||
|
||||
if (info->cl_ctx->err != 0){
|
||||
if (info->cl_ctx->err != 0 || request->is_valid == 0){
|
||||
xret = redis_clnt_pdu_send(request, NULL);
|
||||
if (xret < 0)
|
||||
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Local sign certificate failed");
|
||||
@@ -1593,6 +1598,19 @@ task_private_init(struct event_base *base, libevent_thread *info)
|
||||
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the x509 certificate");
|
||||
goto finish;
|
||||
}
|
||||
|
||||
/* Initialize the insec CA*/
|
||||
memset(key_path, 0, 256);
|
||||
memset(cert_path, 0, 256);
|
||||
snprintf(key_path, sizeof(key_path), "%s/%s", cert_default_config()->def_path, MESALAB_INSEC_KEY);
|
||||
snprintf(cert_path, sizeof(cert_path), "%s/%s", cert_default_config()->def_path, MESALAB_INSEC_CERT);
|
||||
|
||||
xret = x509_privatekey_init(key_path, cert_path, &info->def.insec_key, &info->def.insec_root);
|
||||
if (xret < 0 || !(info->def.key) || !(info->def.root)){
|
||||
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the insec x509 certificate");
|
||||
goto finish;
|
||||
}
|
||||
|
||||
finish:
|
||||
return xret;
|
||||
}
|
||||
|
||||
@@ -16,6 +16,9 @@ struct x509_object_ctx
|
||||
{
|
||||
X509 *root;
|
||||
EVP_PKEY *key;
|
||||
|
||||
X509 *insec_root;
|
||||
EVP_PKEY *insec_key;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
|
||||
@@ -22,45 +22,12 @@
|
||||
#include "MESA_prof_load.h"
|
||||
#include "MESA_handle_logger.h"
|
||||
|
||||
static void rt_get_pname_by_pid(pid_t pid, char *task_name)
|
||||
{
|
||||
#define BUF_SIZE 1024
|
||||
char proc_pid_path[BUF_SIZE];
|
||||
char buf[BUF_SIZE];
|
||||
sprintf(proc_pid_path, "/proc/%d/status", pid);
|
||||
FILE* fp = fopen(proc_pid_path, "r");
|
||||
if(NULL != fp){
|
||||
if( fgets(buf, BUF_SIZE-1, fp)== NULL ){
|
||||
fclose(fp);
|
||||
}
|
||||
fclose(fp);
|
||||
sscanf(buf, "%*s %s", task_name);
|
||||
}
|
||||
}
|
||||
|
||||
void mesa_logging_print(int log_level, char *module, char *msg)
|
||||
{
|
||||
MESA_handle_runtime_log(logging_sc_lid.run_log_handle, log_level, module, msg);
|
||||
return;
|
||||
}
|
||||
|
||||
int mesa_logging_mkfile(char *file, size_t size)
|
||||
{
|
||||
char tm[24] = {0};
|
||||
char pname[32]= {0};
|
||||
|
||||
assert(file);
|
||||
|
||||
if (size < 32)
|
||||
return -1;
|
||||
|
||||
rt_curr_tms2str(EVAL_TM_STYLE, tm, 23);
|
||||
rt_get_pname_by_pid(getpid(), &pname[0]);
|
||||
snprintf(file, 63, "%s-%s-%d-%d-%s.log", pname, getpwuid(getuid())->pw_name, getpwuid(getuid())->pw_uid, getpwuid(getuid())->pw_gid, tm);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void cert_syslog_init(char *config)
|
||||
{
|
||||
char run_log_path[256] = {0};
|
||||
@@ -72,10 +39,7 @@ void cert_syslog_init(char *config)
|
||||
MESA_load_profile_string_def(config, (const char *)"SYSTEM",(const char *)"RUN_LOG_PATH",
|
||||
logging_sc_lid.run_log_path, 128, NULL);
|
||||
|
||||
char file[64] = {0};
|
||||
mesa_logging_mkfile(file, 63);
|
||||
//STRCAT(logging_sc_lid.run_log_path, file);
|
||||
snprintf(run_log_path, 255, "%s/%s", logging_sc_lid.run_log_path, file);
|
||||
snprintf(run_log_path, 255, "%s/%s", logging_sc_lid.run_log_path, "certstore.log");
|
||||
|
||||
logging_sc_lid.run_log_handle = MESA_create_runtime_log_handle(run_log_path, logging_sc_lid.run_log_level);
|
||||
if(logging_sc_lid.run_log_handle == NULL){
|
||||
|
||||
Reference in New Issue
Block a user