完成tfe中相关功能的开发，回归测试通过。

2018-10-31 19:44:13 +08:00
parent 16935d273c
commit 198818a2aa
11 changed files with 384 additions and 92 deletions
--- a/platform/include/internal/MESA_htable_aux.h
+++ b/platform/include/internal/MESA_htable_aux.h
@@ -0,0 +1,17 @@
+#pragma once
+#include <MESA/MESA_htable.h>
+#include <assert.h>
+inline int __wrapper_MESA_htable_set_opt_int(MESA_htable_handle table, enum MESA_htable_opt opt_type, unsigned int value)
+{
+    int ret = MESA_htable_set_opt(table, opt_type, &value, (int)(sizeof(value)));
+    assert(ret == 0);
+    return ret;
+}
+
+inline int __wrapper_MESA_htable_set_opt_func(MESA_htable_handle table, enum MESA_htable_opt opt_type, void * val, size_t len)
+{
+	int ret = MESA_htable_set_opt(table, opt_type, val, (int)len);
+	assert(ret == 0);
+	return ret;
+}
+
--- a/platform/include/internal/key_keeper.h
+++ b/platform/include/internal/key_keeper.h
@@ -1,10 +1,7 @@
 #pragma once
-#include <ssl_utils.h>
-#include <pthread.h>
-#include <tfe_future.h>
-#include <tfe_utils.h>
-#include <MESA/MESA_htable.h>
 #include <event2/event.h>
+#include <openssl/ssl.h>
+#include <tfe_future.h>

 struct keyring
 {
--- a/platform/include/internal/ssl_stream.h
+++ b/platform/include/internal/ssl_stream.h
@@ -1,12 +1,8 @@
 #pragma once
 #include <event2/event.h>
 #include <tfe_future.h>
+#include <tfe_types.h>

-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>


 struct ssl_stream;
@@ -28,3 +24,11 @@ void ssl_async_downstream_create(struct future * f, struct ssl_mgr * mgr, struct
 void ssl_stream_free_and_close_fd(struct ssl_stream * stream, struct event_base * evbase, evutil_socket_t fd);
 void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void* logger);

+//Follow functions are allowed to call during runtime.
+int ssl_manager_add_trust_ca(struct ssl_mgr* mgr, const char* pem_file);
+int ssl_manager_del_trust_ca(struct ssl_mgr* mgr, const char* pem_file);
+int ssl_manager_add_crl(struct ssl_mgr* mgr, const char* pem_file);
+int ssl_manager_del_crl(struct ssl_mgr* mgr, const char* pem_file);
+void ssl_manager_reset_trust_ca(struct ssl_mgr* mgr);
+
+
--- a/platform/include/internal/ssl_trusted_cert_storage.h
+++ b/platform/include/internal/ssl_trusted_cert_storage.h
@@ -0,0 +1,19 @@
+#pragma once
+#include <openssl/ssl.h>
+
+enum ssl_X509_obj_type
+{
+	SSL_X509_OBJ_CERT,
+	SSL_X509_OBJ_CRL
+};
+
+struct ssl_trusted_cert_storage;
+struct ssl_trusted_cert_storage* ssl_trusted_cert_storage_create(const char* pem_bundle);
+void ssl_trusted_cert_storage_destroy(struct ssl_trusted_cert_storage* storage);
+
+int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storage, const SSL * ssl, char* reason, size_t n_reason);
+int ssl_trusted_cert_storage_add(struct ssl_trusted_cert_storage* storage, enum ssl_X509_obj_type type, const char* filename);
+int ssl_trusted_cert_storage_del(struct ssl_trusted_cert_storage* storage, enum ssl_X509_obj_type type, const char* filename);
+void ssl_trusted_cert_storage_reset(struct ssl_trusted_cert_storage* storage);
+
+