From 04ed73db0e0a4071b9d2d39644510299ebf1cdbf Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Tue, 28 Apr 2020 18:52:44 +0800 Subject: [PATCH] =?UTF-8?q?TSG-1280=20=E4=BF=AE=E6=94=B9=20debug=20log?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/business/ssl-policy/src/ssl_policy.cpp | 34 +++++-------------- 1 file changed, 8 insertions(+), 26 deletions(-) diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp index 259cb79..71a2ea1 100644 --- a/plugin/business/ssl-policy/src/ssl_policy.cpp +++ b/plugin/business/ssl-policy/src/ssl_policy.cpp @@ -214,7 +214,6 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin } *ad=param; TFE_LOG_INFO(enforcer->logger, "Add intercept policy: %d", param->policy_id); - TFE_LOG_DEBUG(enforcer->logger, "intercept policy id=%d, key=%s, json=%s", param->policy_id, key, json_str); error_out: cJSON_Delete(json); free(json_str); @@ -366,7 +365,7 @@ void profile_param_new_cb(int table_id, const char* key, const char* table_line, } *ad=param; - TFE_LOG_INFO(enforcer->logger, "decryption profile key=%s, value=%s", key, json_str); + TFE_LOG_INFO(enforcer->logger, "Add decryption profile: %s", key); error_out: if (json) cJSON_Delete(json); @@ -472,36 +471,19 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p (has_error && profile_param->bypass_protocol_errors)) { action=SSL_ACTION_PASSTHROUGH; + TFE_LOG_DEBUG(enforcer->logger, "%s %s enforce policy_id %d, action PASSTHROUGH due to pinning:%d, mutual_auth:%d, is_ev:%d, is_ct:%d, has_error:%d", + addr_string, sni, policy_param->policy_id, + ((pinning_staus == 1 && profile_param->bypass_pinning) ? 1 : 0), + ((is_mauth && profile_param->bypass_mutual_auth) ? 1 : 0), + ((is_ev && profile_param->bypass_ev_cert) ? 1 : 0), + ((is_ct && profile_param->bypass_ct_cert) ? 1 : 0), + ((has_error && profile_param->bypass_protocol_errors) ? 1 : 0)); } else { action=SSL_ACTION_INTERCEPT; } - TFE_LOG_DEBUG(enforcer->logger, "%s %s action:%s enforce \"policy_id:%d, keyring:%d, decryption_profile_id:%d, bypass_ct_cert:%d, bypass_ev_cert:%d, bypass_mutual_auth:%d, bypass_pinning:%d, bypass_protocol_errors:%d, " - "no_verify_cn:%d, no_verify_expry_date:%d, no_verify_issuer:%d, no_verify_self_signed:%d, block_fake_cert:%d, ssl_max_version:%d, ssl_min_version:%d, mirror_client_version:%d, allow_http2:%d\"", - addr_string, sni, (action == SSL_ACTION_INTERCEPT ? "INTERCEPT" : "PASSTHROUGH"), - policy_param->policy_id, - policy_param->keyring, - policy_param->decryption_profile_id, - - profile_param->bypass_ct_cert, - profile_param->bypass_ev_cert, - profile_param->bypass_mutual_auth, - profile_param->bypass_pinning, - profile_param->bypass_protocol_errors, - - profile_param->no_verify_cn, - profile_param->no_verify_expry_date, - profile_param->no_verify_issuer, - profile_param->no_verify_self_signed, - profile_param->block_fake_cert, - - profile_param->ssl_max_version, - profile_param->ssl_min_version, - profile_param->mirror_client_version, - profile_param->allow_http2 - ); intercept_param_free(policy_param); profile_param_free(profile_param); policy_param=NULL;