gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

在ssl policy中处理keyring。

Browse Source
This commit is contained in:
zhengchao
2019-05-20 16:56:37 +08:00
parent a268c52abc
commit 1f73b4832d
7 changed files with 104 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugin/business/ssl-policy/src/ssl_policy.cpp
View File

@@ -136,9 +136,8 @@ void intercept_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, v
param->ref_cnt--;
if(param->ref_cnt==0)
{
TFE_LOG_INFO(enforcer->logger, "Del intercept policy %d", param->policy_id);\
free(param);
TFE_LOG_INFO(enforcer->logger, "Del intercept policy %d", param->policy_id);
free(*ad);
*ad=NULL;
}
}
@@ -193,6 +192,8 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
{
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_BLOCK_FAKE_CERT, 1);
}
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_ID, param->keyring);
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus);
assert(ret==1);
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_EV_CERT, &is_ev);
@@ -200,7 +201,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_MUTUAL_AUTH, &is_mauth);
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_CT_CERT, &is_ct);
assert(ret=1);
if( (pinning_staus>1 && param->bypass_pinning) ||
if( (pinning_staus==1 && param->bypass_pinning) ||
(is_mauth && param->bypass_mutual_auth) ||
(is_ev && param->bypass_ev_cert) ||
(is_ct && param->bypass_ct_cert) )