From 410ce46f06d5ca690d2015091104f4a7bd6ae34f Mon Sep 17 00:00:00 2001
From: Lu Qiuwen <luqiuwen@iie.ac.cn>
Date: Fri, 31 Aug 2018 10:39:25 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0SSL=E6=A8=A1=E5=9D=97?=
 =?UTF-8?q?=E5=88=9D=E5=A7=8B=E5=8C=96=E4=BB=A3=E7=A0=81=EF=BC=8C=E4=BF=AE?=
 =?UTF-8?q?=E6=AD=A3SSL=E6=A8=A1=E5=9D=97=E5=88=9D=E5=A7=8B=E5=8C=96?=
 =?UTF-8?q?=E6=97=B6=E9=81=87=E5=88=B0=E7=9A=84=E7=A9=BA=E5=8F=A5=E6=9F=84?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 platform/include/internal/ssl_stream.h | 2 +-
 platform/src/proxy.cpp                 | 5 +++++
 platform/src/ssl_stream.cpp            | 9 +++++----
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/platform/include/internal/ssl_stream.h b/platform/include/internal/ssl_stream.h
index 8f3e46c..210128f 100644
--- a/platform/include/internal/ssl_stream.h
+++ b/platform/include/internal/ssl_stream.h
@@ -13,7 +13,7 @@
 struct ssl_stream;
 
 struct ssl_mgr;
-struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section, struct event_base * evbase,
+struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section, struct event_base * ev_base_gc,
 	void * logger, screen_stat_handle_t * fs);
 void ssl_manager_destroy(struct ssl_mgr * mgr);
 
diff --git a/platform/src/proxy.cpp b/platform/src/proxy.cpp
index c0b2e18..0394cd4 100644
--- a/platform/src/proxy.cpp
+++ b/platform/src/proxy.cpp
@@ -216,6 +216,11 @@ int main(int argc, char *argv[])
 	g_default_proxy->gcev = event_new(g_default_proxy->evbase, -1, EV_PERSIST, __gc_handler_cb, g_default_proxy);
 	CHECK_OR_EXIT(g_default_proxy->gcev, "Failed at creating GC event. Exit. ");
 
+	/* SSL INIT */
+	g_default_proxy->ssl_mgr_handler = ssl_manager_init(main_profile, "ssl",
+		g_default_proxy->evbase, g_default_logger, NULL);
+	CHECK_OR_EXIT(g_default_proxy->ssl_mgr_handler, "Failed at init SSL manager. Exit.");
+
 	/* MODULE INIT */
 	g_default_proxy->kni_acceptor_handler = kni_acceptor_init(g_default_proxy, main_profile, g_default_logger);
 	CHECK_OR_EXIT(g_default_proxy->kni_acceptor_handler, "Failed at init KNI acceptor. Exit. ");
diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index a5f042a..7a94427 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -65,6 +65,7 @@ struct ssl_mgr
 	char trust_CA_dir[TFE_STRING_MAX];
 	X509_STORE * trust_CA_store;
 	struct key_keeper * keeper_of_keys;
+	struct event_base * ev_base_gc;
 };
 
 struct __ssl_stream_debug
@@ -279,7 +280,8 @@ void ssl_manager_destroy(struct ssl_mgr * mgr)
 	free(mgr);
 }
 
-struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section, void * logger)
+struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section,
+	struct event_base * ev_base_gc, void * logger, screen_stat_handle_t * fs)
 {
 	struct ssl_mgr * mgr = ALLOC(struct ssl_mgr, 1);
 	int ret = 0, value = 0;
@@ -331,7 +333,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 	}
 
 	MESA_load_profile_string_def(ini_profile, section, "trust_CA_file", mgr->trust_CA_file, sizeof(mgr->trust_CA_file),
-		"");
+		"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem");
 	MESA_load_profile_string_def(ini_profile, section, "trust_CA_dir", mgr->trust_CA_dir, sizeof(mgr->trust_CA_dir),
 		"");
 
@@ -470,13 +472,12 @@ failed:
 static void ssl_async_peek_client_hello(struct future * future, evutil_socket_t fd, struct event_base * evbase,
 	void * logger)
 {
-	struct event * ev = NULL;
 	struct promise * p = future_to_promise(future);
 	struct peek_client_hello_ctx * ctx = ALLOC(struct peek_client_hello_ctx, 1);
 	ctx->ev = event_new(evbase, fd, EV_READ, peek_client_hello_cb, p);
 	ctx->logger = logger;
 
-	event_add(ev, NULL);
+	event_add(ctx->ev, NULL);
 	promise_set_ctx(p, (void *) ctx, peek_client_hello_ctx_free);
 	return;
 }