gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'bufix-ssl-stream' into develop-tfe4a

Browse Source 
修复 ssl init 造成的 core dump
This commit is contained in:
luwenpeng
2019-09-04 11:23:12 +08:00
parent eb6c9221a9 e44791bd93
commit 1e3241899b
1 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
platform/src/ssl_stream.cpp
View File

@@ -474,7 +474,7 @@ void ssl_stat_init(struct ssl_mgr * mgr)
return;
}
static void downstream_ossl_init(struct ssl_stream* s_stream);
static void upstream_ossl_init(struct ssl_stream* s_stream);
static int upstream_ossl_init(struct ssl_stream* s_stream);
static void sslctx_set_opts(SSL_CTX * sslctx, struct ssl_mgr * mgr);
@@ -883,7 +883,7 @@ int ossl_client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
* Create new SSL context for outgoing connections to the original destination.
* If hostname sni is provided, use it for Server Name Indication.
*/
static void upstream_ossl_init(struct ssl_stream* s_stream)
static int upstream_ossl_init(struct ssl_stream* s_stream)
{
SSL_CTX * sslctx = NULL;
SSL * ssl = NULL;
@@ -891,6 +891,11 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
struct ssl_mgr * mgr = s_stream->mgr;
struct ssl_chello * chello=s_stream->up_parts.client_hello;
sslctx = SSL_CTX_new(mgr->sslmethod());
if (sslctx == NULL)
{
TFE_LOG_ERROR(mgr->logger, "ssl ctx new failed.");
return -1;
}
sslctx_set_opts(sslctx, mgr);
int ret=0;
char common_cipher[TFE_STRING_MAX]={0}, tls13_cipher[TFE_STRING_MAX]={0};
@@ -905,7 +910,7 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
ret=SSL_CTX_set_cipher_list(sslctx, common_cipher);
if(ret==0)
{
TFE_LOG_ERROR(mgr->logger, "SSL_CTX_set_cipher_list %s failed.", common_cipher);
TFE_LOG_ERROR(mgr->logger, "ssl ctx set cipher list %s failed.", common_cipher);
SSL_CTX_set_cipher_list(sslctx, mgr->default_ciphers);
}
}
@@ -918,11 +923,17 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
//SSL_CTX_set_ciphersuites(sslctx, tls13_cipher);
}
if (SSL_CTX_set_min_proto_version(sslctx, s_stream->ssl_min_version) == 0 ||
SSL_CTX_set_max_proto_version(sslctx, s_stream->ssl_max_version) == 0)
if (SSL_CTX_set_min_proto_version(sslctx, s_stream->ssl_min_version) == 0)
{
SSL_CTX_free(sslctx);
return;
TFE_LOG_ERROR(mgr->logger, "ssl set min proto version failed %d.", s_stream->ssl_min_version);
return -1;
}
if (SSL_CTX_set_max_proto_version(sslctx, s_stream->ssl_max_version) == 0)
{
SSL_CTX_free(sslctx);
TFE_LOG_ERROR(mgr->logger, "ssl set max proto version failed %d.", s_stream->ssl_max_version);
return -1;
}
SSL_CTX_set_verify(sslctx, SSL_VERIFY_NONE, NULL);
@@ -950,7 +961,8 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
SSL_CTX_free(sslctx); /* SSL_new() increments refcount */
if (!ssl)
{
return;
TFE_LOG_ERROR(mgr->logger, "ssl new failed.");
return -1;
}
SSL_set_ex_data(ssl, SSL_EX_DATA_IDX_SSLSTREAM, s_stream);
@@ -967,7 +979,7 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
SSL_set_mode(ssl, SSL_get_mode(ssl) | SSL_MODE_RELEASE_BUFFERS);
s_stream->ssl=ssl;
return ;
return 0;
}
void ssl_connect_server_ctx_free(struct ssl_connect_server_ctx * ctx)
@@ -1404,7 +1416,13 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
}
else
{
upstream_ossl_init(s_stream);
if (upstream_ossl_init(s_stream))
{
promise_dettach_ctx(p);
promise_failed(p, FUTURE_ERROR_EXCEPTION, "upstream ossl init failed");
wrap_ssl_connect_server_ctx_free(ctx);
return;
}
ctx->bev = bufferevent_openssl_socket_new(evbase, ctx->fd_upstream,
ctx->s_stream->ssl, BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS | BEV_OPT_THREADSAFE );
@@ -2236,5 +2254,4 @@ int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT o
return -1;
}
return 0;
}
}