gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pinning,Mutual authentication,EV等passthrough功能在windows10测试通过。

Browse Source
This commit is contained in:
zhengchao
2019-05-18 12:39:19 +08:00
parent dda60c674c
commit 3f305a9e88
3 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
platform/src/ssl_policy.cpp
View File

@@ -13,12 +13,14 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
{ {
UNUSED struct ssl_policy_enforcer* enforcer=(struct ssl_policy_enforcer*)u_para; UNUSED struct ssl_policy_enforcer* enforcer=(struct ssl_policy_enforcer*)u_para;
UNUSED int ret=0; UNUSED int ret=0;
int pinning_staus=0, is_ev=0; int pinning_staus=0, is_ev=0, is_mauth=0;
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus); ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus);
assert(ret==1); assert(ret==1);
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_EV_CERT, &is_ev); ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_EV_CERT, &is_ev);
assert(ret==1); assert(ret==1);
if(pinning_staus>0||is_ev) ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_MUTUAL_AUTH, &is_mauth);
if(pinning_staus>0||is_ev||is_mauth)
{ {
return SSL_ACTION_PASSTHROUGH; return SSL_ACTION_PASSTHROUGH;
} }

1
platform/src/ssl_stream.cpp
View File

@@ -1207,6 +1207,7 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
ctx->s_stream = s_stream; ctx->s_stream = s_stream;
if(s_stream->up_parts.action==SSL_ACTION_PASSTHROUGH) if(s_stream->up_parts.action==SSL_ACTION_PASSTHROUGH)
{ {
promise_dettach_ctx(p);
promise_success(p, ctx); promise_success(p, ctx);
wrap_ssl_connect_server_ctx_free(ctx); wrap_ssl_connect_server_ctx_free(ctx);
} }

11
platform/src/tcp_stream.cpp
View File

@@ -916,6 +916,9 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
fd=ssl_upstream_create_result_release_fd(result); fd=ssl_upstream_create_result_release_fd(result);
_stream->conn_upstream=__conn_private_create_by_fd(_stream, fd); _stream->conn_upstream=__conn_private_create_by_fd(_stream, fd);
_stream->conn_downstream=__conn_private_create_by_fd(_stream, _stream->defer_fd_downstream); _stream->conn_downstream=__conn_private_create_by_fd(_stream, _stream->defer_fd_downstream);
__conn_private_enable(_stream->conn_downstream);
__conn_private_enable(_stream->conn_upstream);
} }
else if(SSL_ACTION_SHUTDOWN==ssl_action) else if(SSL_ACTION_SHUTDOWN==ssl_action)
{ {
@@ -934,10 +937,6 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
assert(_stream->conn_upstream != NULL); assert(_stream->conn_upstream != NULL);
assert(_stream->ssl_upstream != NULL); assert(_stream->ssl_upstream != NULL);
future_destroy(_stream->future_upstream_create);
_stream->future_upstream_create = NULL;
_stream->defer_fd_upstream = 0;
/* Next, create downstream */ /* Next, create downstream */
_stream->future_downstream_create = future_create("ssl_down", ssl_downstream_create_on_success, _stream->future_downstream_create = future_create("ssl_down", ssl_downstream_create_on_success,
ssl_downstream_create_on_fail, _stream); ssl_downstream_create_on_fail, _stream);
@@ -945,6 +944,10 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
ssl_async_downstream_create(_stream->future_downstream_create, _stream->ssl_mgr, ssl_async_downstream_create(_stream->future_downstream_create, _stream->ssl_mgr,
_stream->ssl_upstream, _stream->defer_fd_downstream, _stream->keyring_id, _stream->thread_ref->thread_id); _stream->ssl_upstream, _stream->defer_fd_downstream, _stream->keyring_id, _stream->thread_ref->thread_id);
} }
future_destroy(_stream->future_upstream_create);
_stream->future_upstream_create = NULL;
_stream->defer_fd_upstream = 0;
} }
void ssl_upstream_create_on_fail(enum e_future_error err, const char * what, void * user) void ssl_upstream_create_on_fail(enum e_future_error err, const char * what, void * user)