增加no_mirror_client_cipher_suite开关；ssl_utils.cpp改名后cmakelist未响应修改；

platform/CMakeLists.txt

@@ -36,7 +36,7 @@ endif()
 install(TARGETS tfe RUNTIME DESTINATION bin COMPONENT Program)
 
 ### test_key_keeper
-add_executable(test_key_keeper test/test_key_keeper.cpp src/key_keeper.cpp src/ssl_sess_cache.cpp  src/ssl_utils.cc )
+add_executable(test_key_keeper test/test_key_keeper.cpp src/key_keeper.cpp src/ssl_sess_cache.cpp  src/ssl_utils.cpp )
 
 target_include_directories(test_key_keeper PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/internal)
 
@@ -55,7 +55,7 @@ target_link_libraries(test_key_keeper pthread dl
 		MESA_field_stat)
 		
 ### test_tfe_rpc
-add_executable(test_tfe_rpc test/test_tfe_rpc.cpp src/key_keeper.cpp src/ssl_sess_cache.cpp  src/ssl_utils.cc)
+add_executable(test_tfe_rpc test/test_tfe_rpc.cpp src/key_keeper.cpp src/ssl_sess_cache.cpp  src/ssl_utils.cpp)
 
 target_include_directories(test_tfe_rpc PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/internal)
 
@@ -74,7 +74,7 @@ target_link_libraries(test_tfe_rpc pthread dl
 		MESA_field_stat)
 
 ### test_chello_parse
-add_executable(test_chello_parse test/test_chello_parse.cpp src/ssl_utils.cc)
+add_executable(test_chello_parse test/test_chello_parse.cpp src/ssl_utils.cpp)
 
 target_include_directories(test_chello_parse PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/internal)
 

platform/include/internal/ssl_utils.h

@@ -204,7 +204,7 @@ struct ssl_chello
 	char* cipher_suites;
 	char* cipher_suites_tls13;
 };
-struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result);
+struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, int parse_cipher, enum chello_parse_result* result);
 
 void ssl_chello_free(struct ssl_chello* chello);
 

platform/src/ssl_stream.cpp

@@ -122,6 +122,7 @@ struct ssl_mgr
 	unsigned int no_sessticket;
 	unsigned int no_alpn;
 	unsigned int no_cert_verify;
+	unsigned int no_mirror_client_cipher_suite;
 	CONST_SSL_METHOD * (* sslmethod)(void);        //Parameter of SSL_CTX_new
 	int ssl_min_version, ssl_max_version;
 	char ssl_session_context[8];
@@ -187,6 +188,7 @@ struct peek_client_hello_ctx
 {
 	struct ssl_chello* chello;
 	unsigned char sni_peek_retries;                /* max 64 SNI parse retries */
+	int parse_client_cipher;
 	struct event * ev;
 	struct event_base * evbase;
 	void * logger;
@@ -579,6 +581,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 	MESA_load_profile_uint_def(ini_profile, section, "no_session_ticket", &(mgr->no_sessticket), 0);
 	MESA_load_profile_uint_def(ini_profile, section, "no_alpn", &(mgr->no_alpn), 0);
 	MESA_load_profile_uint_def(ini_profile, section, "no_cert_verify", &(mgr->no_cert_verify), 0);
+	MESA_load_profile_uint_def(ini_profile, section, "no_mirror_client_cipher_suite", &(mgr->no_mirror_client_cipher_suite), 0);
 
 
 	MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024);
@@ -679,7 +682,7 @@ static void peek_client_hello_cb(evutil_socket_t fd, short what, void * arg)
 		goto failed;
 	}
 
-	chello=ssl_chello_parse(buf,n, &chello_status);
+	chello=ssl_chello_parse(buf, n, ctx->parse_client_cipher, &chello_status);
 	switch(chello_status)
 	{
 		case CHELLO_PARSE_SUCCESS:
@@ -739,12 +742,13 @@ failed:
 	return;
 }
 
-static void ssl_async_peek_client_hello(struct future * f, evutil_socket_t fd, struct event_base * evbase,
+static void ssl_async_peek_client_hello(struct future * f, evutil_socket_t fd, int parse_cipher, struct event_base * evbase,
 	void * logger)
 {
 	struct promise * p = future_to_promise(f);
 	struct peek_client_hello_ctx * ctx = ALLOC(struct peek_client_hello_ctx, 1);
 	ctx->ev = event_new(evbase, fd, EV_READ, peek_client_hello_cb, p);
+	ctx->parse_client_cipher=parse_cipher;
 	ctx->logger = logger;
 	promise_set_ctx(p, (void *) ctx, peek_client_hello_ctx_free_cb);
 	event_add(ctx->ev, NULL);
@@ -1148,7 +1152,7 @@ void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, evutil_s
 	promise_set_ctx(p, ctx, wrap_ssl_connect_server_ctx_free);
 
 	ctx->f_peek_chello = future_create("peek_sni", peek_chello_on_succ, peek_chello_on_fail, p);
-	ssl_async_peek_client_hello(ctx->f_peek_chello, fd_downstream, evbase, mgr->logger);
+	ssl_async_peek_client_hello(ctx->f_peek_chello, fd_downstream, !mgr->no_mirror_client_cipher_suite, evbase, mgr->logger);
 }
 
 static int ossl_session_ticket_key_callback(SSL *ssl_conn,

platform/src/ssl_utils.cpp

@@ -1965,8 +1965,9 @@ static char* parse_cipher_suites(struct cipher_suite* _cipher_suite_list, int n,
 	return cipher_suites_str;
 }
 
-struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result)
+struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, int parse_cipher, enum chello_parse_result* result)
 {
+	int n=0;
 	if(buff == NULL)
 	{
 		*result = CHELLO_PARSE_INVALID_FORMAT;
@@ -2101,19 +2102,21 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
 			*result = CHELLO_PARSE_INVALID_FORMAT;
         	return _chello;
 		}
-		/*
+		if(parse_cipher)
-		int n = sizeof(cipher_suite_list) / sizeof(struct cipher_suite);
-		_chello->cipher_suites = parse_cipher_suites(cipher_suite_list, n, buff  + pos, len, result);
-		if(*result != CHELLO_PARSE_SUCCESS)
 		{
-			return _chello;
+			n = sizeof(cipher_suite_list) / sizeof(struct cipher_suite);
+			_chello->cipher_suites = parse_cipher_suites(cipher_suite_list, n, buff  + pos, len, result);
+			if(*result != CHELLO_PARSE_SUCCESS)
+			{
+				return _chello;
+			}
+			n = sizeof(cipher_suite_list_tls13) / sizeof(struct cipher_suite);
+			_chello->cipher_suites_tls13 = parse_cipher_suites(cipher_suite_list_tls13, n, buff + pos, len, result);
+			if(*result != CHELLO_PARSE_SUCCESS)
+			{
+				return _chello;
+			}
 		}
-		n = sizeof(cipher_suite_list_tls13) / sizeof(struct cipher_suite);
-		_chello->cipher_suites_tls13 = parse_cipher_suites(cipher_suite_list_tls13, n, buff + pos, len, result);
-		if(*result != CHELLO_PARSE_SUCCESS)
-		{
-			return _chello;
-		}*/
 		pos += len;
 		
 		/* Compression Methods */

platform/test/test_chello_parse.cpp

@@ -44,7 +44,7 @@ int main()
 	};
 	size_t buff_len = sizeof(buff) / sizeof(char);
 	enum chello_parse_result result;
-	struct ssl_chello* chello = ssl_chello_parse(buff, buff_len, &result);
+	struct ssl_chello* chello = ssl_chello_parse(buff, buff_len, 1, &result);
 	printf("-----------------------------ssl2.0 only parse version --------------------------------\n");
 	printf("result is %d\n", result);
 	printf("min version is %d, %d\n", chello->min_version.major, chello->min_version.minor);
@@ -67,7 +67,7 @@ int main()
 	};
 	size_t buff1_len = sizeof(buff1) / sizeof(char);
 	enum chello_parse_result result1;
-	struct ssl_chello* chello1 = ssl_chello_parse(buff1, buff1_len, &result1);
+	struct ssl_chello* chello1 = ssl_chello_parse(buff1, buff1_len, 1, &result1);
 	printf("--------------------------------ssl3.0, no extensions --------------------------------\n");
 	printf("result is %d\n", result1);
 	printf("min version is %d, %d\n", chello1->min_version.major, chello1->min_version.minor);
@@ -139,7 +139,7 @@ int main()
 	};
 	size_t buff2_len = sizeof(buff2) / sizeof(char);
 	enum chello_parse_result result2;
-	struct ssl_chello* chello2 = ssl_chello_parse(buff2, buff2_len, &result2);
+	struct ssl_chello* chello2 = ssl_chello_parse(buff2, buff2_len, 1, &result2);
 	printf("---------------------------tls1.2 --------------------------------\n");
 	printf("result is %d\n", result2);
 	printf("min version:  %d, %d, ossl format: %x\n", chello2->min_version.major, chello2->min_version.minor, chello2->min_version.ossl_format);