gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加no_mirror_client_cipher_suite开关;ssl_utils.cpp改名后cmakelist未响应修改;

Browse Source
This commit is contained in:
zhengchao
2019-01-14 20:35:29 +06:00
parent f21d51de3d
commit 124b7f083f
5 changed files with 29 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
platform/src/ssl_stream.cpp
View File

@@ -122,6 +122,7 @@ struct ssl_mgr
unsigned int no_sessticket;
unsigned int no_alpn;
unsigned int no_cert_verify;
unsigned int no_mirror_client_cipher_suite;
CONST_SSL_METHOD * (* sslmethod)(void); //Parameter of SSL_CTX_new
int ssl_min_version, ssl_max_version;
char ssl_session_context[8];
@@ -187,6 +188,7 @@ struct peek_client_hello_ctx
{
struct ssl_chello* chello;
unsigned char sni_peek_retries; /* max 64 SNI parse retries */
int parse_client_cipher;
struct event * ev;
struct event_base * evbase;
void * logger;
@@ -579,6 +581,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
MESA_load_profile_uint_def(ini_profile, section, "no_session_ticket", &(mgr->no_sessticket), 0);
MESA_load_profile_uint_def(ini_profile, section, "no_alpn", &(mgr->no_alpn), 0);
MESA_load_profile_uint_def(ini_profile, section, "no_cert_verify", &(mgr->no_cert_verify), 0);
MESA_load_profile_uint_def(ini_profile, section, "no_mirror_client_cipher_suite", &(mgr->no_mirror_client_cipher_suite), 0);
MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024);
@@ -679,7 +682,7 @@ static void peek_client_hello_cb(evutil_socket_t fd, short what, void * arg)
goto failed;
}
chello=ssl_chello_parse(buf,n, &chello_status);
chello=ssl_chello_parse(buf, n, ctx->parse_client_cipher, &chello_status);
switch(chello_status)
{
case CHELLO_PARSE_SUCCESS:
@@ -739,12 +742,13 @@ failed:
return;
}
static void ssl_async_peek_client_hello(struct future * f, evutil_socket_t fd, struct event_base * evbase,
static void ssl_async_peek_client_hello(struct future * f, evutil_socket_t fd, int parse_cipher, struct event_base * evbase,
void * logger)
{
struct promise * p = future_to_promise(f);
struct peek_client_hello_ctx * ctx = ALLOC(struct peek_client_hello_ctx, 1);
ctx->ev = event_new(evbase, fd, EV_READ, peek_client_hello_cb, p);
ctx->parse_client_cipher=parse_cipher;
ctx->logger = logger;
promise_set_ctx(p, (void *) ctx, peek_client_hello_ctx_free_cb);
event_add(ctx->ev, NULL);
@@ -1148,7 +1152,7 @@ void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, evutil_s
promise_set_ctx(p, ctx, wrap_ssl_connect_server_ctx_free);
ctx->f_peek_chello = future_create("peek_sni", peek_chello_on_succ, peek_chello_on_fail, p);
ssl_async_peek_client_hello(ctx->f_peek_chello, fd_downstream, evbase, mgr->logger);
ssl_async_peek_client_hello(ctx->f_peek_chello, fd_downstream, !mgr->no_mirror_client_cipher_suite, evbase, mgr->logger);
}
static int ossl_session_ticket_key_callback(SSL *ssl_conn,