gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

*添加脚本tarball.sh,生成安装包

Browse Source 
*修改当Maat无初始化时,证书签发失败
This commit is contained in:
fengweihao
2018-11-13 10:31:21 +08:00
parent c0dd5d1d3f
commit e125afd91d
8 changed files with 73 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/Makefile
View File

@@ -4,9 +4,9 @@ CERT_ROOT = ..
endif endif
MAJOR="1.0" MAJOR="1.0"
BUILD="1.0" BUILD=$(shell git log | grep -cE 'Author:.*<.*@.*>')
BUILD_FINGERPRINT=$(MAJOR).$(BUILD) BUILDSHA=$(shell git rev-parse --short HEAD)
BUILD_FINGERPRINT2=$(strip $(BUILD_FINGERPRINT)) BUILD_FINGERPRINT=$(MAJOR).$(BUILD).$(BUILDSHA)
# Default simulation parameters # Default simulation parameters
NUM_PROCESSORS=1 NUM_PROCESSORS=1
@@ -48,7 +48,7 @@ dir := ./inc
include $(dir)/inc.mk include $(dir)/inc.mk
OBJS += $(OBJS_$(dir)) OBJS += $(OBJS_$(dir))
LDFLAGS_GLOBAL += -L ./lib -lapps -lcrypto -lssl -levent -lhiredis LDFLAGS_GLOBAL += -L ./lib -lcrypto -lssl -levent -lhiredis
LDFLAGS_GLOBAL += -L ./lib -lMESA_htable -lMESA_field_stat2 -lMESA_handle_logger -lMESA_prof_load LDFLAGS_GLOBAL += -L ./lib -lMESA_htable -lMESA_field_stat2 -lMESA_handle_logger -lMESA_prof_load
LDFLAGS_GLOBAL += \ LDFLAGS_GLOBAL += \
-lpthread -lcrypt -lm -lz -ldl -lmaatframe -lstdc++ -lpthread -lcrypt -lm -lz -ldl -lmaatframe -lstdc++
@@ -73,24 +73,7 @@ $(OBJ_DIR)/%.o: $(d)/%.c
include $(CERT_ROOT)/make/application.mk include $(CERT_ROOT)/make/application.mk
tarball: cert_store tarball: cert_store
if [ ! -d "package/certstroe_run/bin" ]; then mkdir -p "package/certstore_run/bin/"; fi sh script/tarball.sh $(TARGET) $(MAJOR).$(BUILD) $(BUILDSHA)
if [ ! -d "package/certstroe_run/conf" ]; then mkdir -p "package/certstore_run/conf"; fi
if [ ! -d "package/certstroe_run/cert" ]; then mkdir -p "package/certstore_run/cert"; fi
if [ ! -d "package/certstroe_run/rule" ]; then mkdir -p "package/certstore_run/rule"; fi
cp cert_store package/certstore_run/bin/certstore1.0
cp ../conf/cert_store.ini package/certstore_run/conf/
cp ../conf/pxy_obj_keyring.json package/certstore_run/conf
cp ../conf/table_info.conf package/certstore_run/conf
# cp ../ca/mesalab-def-cert.cer package/certstore_run/cert
# cp ../ca/mesalab-def-cert.key package/certstore_run/cert
cp ../ca/* package/certstore_run/cert
cp package/Makefile package/certstore_run/
cp ../rule/* -rf package/certstore_run/rule/
cp package/run.sh package/certstore_run/
cd package && tar cpfz certstore_run.tar.gz certstore_run
cd ..
mv package/certstore_run.tar.gz ../release/
rm -rf package/certstore_run
clean: clean:
rm -rf $(CLEAN_LIST) rm -rf $(CLEAN_LIST)
rm -f $(TARGET) rm -f $(TARGET)

14
src/cert_session.c
View File

@@ -980,15 +980,20 @@ static int x509_online_append(struct x509_object_ctx *def, struct request_t *req
char *root, char *sign, char *pkey, STACK_OF(X509) **stack_ca) char *root, char *sign, char *pkey, STACK_OF(X509) **stack_ca)
{ {
void *odata = NULL; void *odata = NULL;
X509* x509 = NULL;
int is_valid = request->is_valid; int is_valid = request->is_valid;
int _expire = 0; char *_crl = NULL; int _expire = 0; char *_crl = NULL;
X509 *_root = NULL; EVP_PKEY *_key = NULL; X509 *_root = NULL; EVP_PKEY *_key = NULL;
struct key_ring_list *keyring = &cert_default_config()->keyring; struct key_ring_list *keyring = &cert_default_config()->keyring;
if (keyring->htable == NULL){ if (keyring->htable == NULL){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "The approval certificate chain is empty"); _root = (is_valid == 1) ? def->root : def->insec_root;
goto finish; _key = (is_valid == 1) ? def->key : def->insec_key;
_expire = cert_default_config()->expire_after;
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "The approval certificate chain is empty");
goto modify;
} }
odata = MESA_htable_search(keyring->htable, (const uchar *)&(request->keyring_id), sizeof(int)); odata = MESA_htable_search(keyring->htable, (const uchar *)&(request->keyring_id), sizeof(int));
if ( !odata ){ if ( !odata ){
_root = (is_valid == 1) ? def->root : def->insec_root; _root = (is_valid == 1) ? def->root : def->insec_root;
@@ -1020,7 +1025,8 @@ static int x509_online_append(struct x509_object_ctx *def, struct request_t *req
_expire = pxy_obj->expire_after; _expire = pxy_obj->expire_after;
_crl = pxy_obj->ctl; _crl = pxy_obj->ctl;
} }
X509* x509 = x509_modify_by_cert(_root, _key, request->origin, pkey, modify:
x509 = x509_modify_by_cert(_root, _key, request->origin, pkey,
_expire, request->sni, _crl); _expire, request->sni, _crl);
if (!x509){ if (!x509){
goto finish; goto finish;
@@ -1986,7 +1992,7 @@ int sample_plugin_table(Maat_feather_t feather,const char* table_name,
void __attribute__((__unused__))*logger) void __attribute__((__unused__))*logger)
{ {
int table_id = 0,ret = 0; int table_id = 0,ret = 0;
table_id = Maat_inter_table_register(feather,table_name); table_id = Maat_inter_table_register(feather, table_name);
if(table_id == -1){ if(table_id == -1){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Database table %s register failed.",table_name); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Database table %s register failed.",table_name);
}else{ }else{

4
src/cert_store.c
View File

@@ -27,7 +27,7 @@
#if 0 #if 0
#define CERT_BASIC_CFG "/home/ceiec/certstore_run/conf/cert_store.ini" #define CERT_BASIC_CFG "/home/ceiec/certstore_run/conf/cert_store.ini"
#else #else
#define CERT_BASIC_CFG "../conf/cert_store.ini" #define CERT_BASIC_CFG "./conf/cert_store.ini"
#endif #endif
static char* cert_revision() { return (CERT_GIT_RELEASE); } static char* cert_revision() { return (CERT_GIT_RELEASE); }
@@ -42,7 +42,7 @@ static int run_mode;
static void help() static void help()
{ {
printf("Welcome to CertStor %s\n", cert_revision()); printf("Welcome to CertStore %s\n", cert_revision());
printf("cert_store <--normal|--daemon>\n" printf("cert_store <--normal|--daemon>\n"
"Usage:\n" "Usage:\n"
" --normal | Run the program in normal mode\n" " --normal | Run the program in normal mode\n"

BIN
src/lib/libapps.a
View File

Binary file not shown.

4
src/package/Makefile
View File

@@ -6,13 +6,13 @@ install:
# cp -f etc/cert_store.ini /usr/local/etc/ # cp -f etc/cert_store.ini /usr/local/etc/
# #
# cp -f bin/cert_store /usr/local/bin/ # cp -f bin/cert_store /usr/local/bin/
chmod +x bin/certstore1.0 chmod +x certstore1.0
# #
# cp -f lib/* /usr/local/lib/ # cp -f lib/* /usr/local/lib/
# sudo ldconfig # sudo ldconfig
update: update:
# cp -f bin/cert_server /usr/local/bin/ # cp -f bin/cert_server /usr/local/bin/
chmod +x bin/certstore1.0 chmod +x certstore1.0
uninstall: uninstall:
rm -f /usr/local/bin/cert_store rm -f /usr/local/bin/cert_store

3
src/package/r2_certstore1.0 Normal file
View File

@@ -0,0 +1,3 @@
killall r3_certstore1.0 certstore1.0
./r3_certstore1.0 &> /dev/null &

17
src/package/r3_certstore1.0 Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/sh
while [ 1 ]; do
count=`ls -l core.* |wc -l`
echo $count
if [ $count -lt 5 ]
then
echo "set unlimited"
ulimit -c unlimited
else
ulimit -c 0
fi
./certstore1.0 --normal 2>&1
echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log
sleep 10
done

34
src/script/tarball.sh Normal file
View File

@@ -0,0 +1,34 @@
X=CertStore-Base-$2
version=`lsb_release -i -s`
version_id=`lsb_release -r -s`
machine=`uname -m`
issue_date=`date "+%Y%m%d"`
tarball="$X-$3-$version$version_id-$machine-$issue_date".tar.gz
do_mkdir(){
cd ../release
rm $X -rf
mkdir $X
mkdir $X/cert
}
do_copy(){
cp ../conf/ $X -rf
cp ../ca/* $X/cert
cp ../rule/ $X -rf
cp ../src/cert_store $X/certstore1.0
cp ../src/package/* $X
}
do_tarball(){
tar -zcvf $1 $X
rm $X -rf
echo "`date` BUILD=$X COMMIT=$3 ARCHIVE=$tarball" >> release.log
}
do_mkdir
do_copy $1
do_tarball $tarball