gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes #12

Browse Source 
1修改Redis中keyz值
原key值为:keyring_id + 请求源指纹
修改为:  keyring_id(非0) + 请求源指纹 + 根证书指纹
          keyring_id(0) + 请求源指纹
This commit is contained in:
fengweihao
2019-05-14 10:25:00 +08:00
parent 4cd7deea4e
commit f6b42ceed5
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/cert_conf.h
View File

@@ -34,6 +34,7 @@ struct pxy_obj_keyring{
int service;
EVP_PKEY *key;
X509 *root;
char digest[EVP_MAX_MD_SIZE];
char name[128];
char type[128];
char ctl[512];

27
src/cert_session.c
View File

@@ -1559,6 +1559,7 @@ finish:
static int
x509_get_rkey(X509 *origin, int keyring_id, char *rkey)
{
void *odata = NULL;
unsigned int len = 0, i = 0;
char hex[EVP_MAX_MD_SIZE] = {0};
unsigned char fdig[EVP_MAX_MD_SIZE] = {0};
@@ -1567,7 +1568,18 @@ x509_get_rkey(X509 *origin, int keyring_id, char *rkey)
for (i = 0; i < len ; ++i){
sprintf(hex + i * sizeof(unsigned char) * 2, "%02x", fdig[i]);
}
struct key_ring_list *keyring = &cert_default_config()->keyring;
if (keyring->htable != NULL){
odata = MESA_htable_search(keyring->htable, (const uchar *)&(keyring_id), sizeof(int));
if (odata){
struct pxy_obj_keyring *pxy_obj = (struct pxy_obj_keyring *)odata;
snprintf(rkey, DATALEN, "%d:%s:%s", keyring_id, hex, pxy_obj->digest);
goto finish;
}
}
snprintf(rkey, DATALEN, "%d:%s", keyring_id, hex);
finish:
return 0;
}
@@ -2009,6 +2021,19 @@ finish:
return;
}
static void
x509_get_fingerprint(X509 *x509, char *digest)
{
unsigned int len = 0, i = 0;
unsigned char fdig[EVP_MAX_MD_SIZE] = {0};
X509_digest(x509, EVP_sha1(), fdig, &len);
for (i = 0; i < len ; ++i){
sprintf(digest + i * sizeof(unsigned char) * 2, "%02x", fdig[i]);
}
return;
}
static void
Maat_read_entry_cb(int __attribute__((__unused__))table_id, const char* table_line,
void *u_para)
@@ -2048,7 +2073,7 @@ Maat_read_entry_cb(int __attribute__((__unused__))table_id, const char* table_li
}
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "initialize the x509 certificate, the keyring id is %d",
pxy_obj->id);
x509_get_fingerprint(pxy_obj->root, pxy_obj->digest);
MESA_htable_add(htable, (const uchar *)(&(pxy_obj->id)), sizeof(int), pxy_obj);
keyring->sum_cnt++;
}else{