gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改debug日志: 输出服务端证书验证结果

Browse Source
This commit is contained in:
luwenpeng
2021-11-20 18:24:28 +03:00
parent ad481d77d9
commit 000ab9f991
2 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
platform/src/ssl_stream.cpp
View File

@@ -1333,6 +1333,19 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
s_upstream->is_server_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
s_stream->ssl, s_stream->up_parts.client_hello->sni, &(s_stream->up_parts.verify_param),
error_str, sizeof(error_str), &(s_stream->up_parts.verify_result));
TFE_LOG_DEBUG(g_default_logger,
"addr:%s, sni:%s, is_cert_verify_passed:%d, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d, verify_other_fail:%d, %s",
s_stream->tcp_stream->str_stream_info,
s_upstream->client_hello->sni,
s_upstream->is_server_cert_verify_passed,
((s_upstream->verify_param.real_untrust & 0xff) ? 1 : 0),
((s_upstream->verify_param.real_untrust & 0x01) ? 1 : 0),
((s_upstream->verify_param.real_untrust & 0x02) ? 1 : 0),
((s_upstream->verify_param.real_untrust & 0x04) ? 1 : 0),
((s_upstream->verify_param.real_untrust & 0x08) ? 1 : 0),
((s_upstream->verify_param.real_untrust & 0x10) ? 1 : 0),
(s_upstream->is_server_cert_verify_passed == 0 ? error_str : ""));
s_upstream->svc_status.is_ct=s_upstream->verify_result.is_ct;
s_upstream->svc_status.is_ev=s_upstream->verify_result.is_ev;
ssl_service_cache_write(mgr->svc_cache, s_upstream->client_hello, s_stream->tcp_stream, &(s_upstream->svc_status));

9
platform/src/ssl_trusted_cert_storage.cpp
View File

@@ -476,15 +476,6 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
if (is_ssl_debug())
{
TFE_LOG_DEBUG(g_default_logger,
"sni:%s, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d, verify_other_fail:%d",
(hostname ? hostname : "NULL"),
((param->real_untrust & 0xff) ? 1 : 0),
((param->real_untrust & 0x01) ? 1 : 0),
((param->real_untrust & 0x02) ? 1 : 0),
((param->real_untrust & 0x04) ? 1 : 0),
((param->real_untrust & 0x08) ? 1 : 0),
((param->real_untrust & 0x10) ? 1 : 0));
ssl_chain_dump(hostname, "server_chain", cert_chain);
}