1. 客户端报SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN错误时，不作为maybe pinning; 2. ssl policy中增加protocol_errors的bypass开关。

2019-05-21 11:47:09 +08:00
parent 1f73b4832d
commit 4cd42b9f95
5 changed files with 68 additions and 25 deletions
--- a/common/include/ssl_stream.h
+++ b/common/include/ssl_stream.h
@@ -16,6 +16,7 @@ enum SSL_STREAM_OPT
 	SSL_STREAM_OPT_IS_CT_CERT,				//0:FALSE, 1:TRUE.
 	SSL_STREAM_OPT_IS_MUTUAL_AUTH,			//0:FALSE, 1:TRUE.
 	SSL_STREAM_OPT_PINNING_STATUS,			//0:FALSE, 1:TRUE.
+	SSL_STREAM_OPT_HAS_PROTOCOL_ERRORS,	//0:FALSE, 1:TRUE.
 	SSL_STREAM_OPT_NO_VERIFY_SELF_SIGNED,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
 	SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:1.
 	SSL_STREAM_OPT_NO_VERIFY_ISSUER,		//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.