gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root_cert_not_installed_is_not_pinning 日志中输出 c/s 的地址,方便调试

Browse Source
This commit is contained in:
luwenpeng
2019-09-05 18:02:10 +08:00
parent 021500f42a
commit 6b4a45c005
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
platform/src/ssl_stream.cpp
View File

@@ -2133,7 +2133,7 @@ void ssl_stream_free_and_close_fd(struct ssl_stream * s_stream, struct event_bas
{ {
size_t rx_offset_this_time = 0; size_t rx_offset_this_time = 0;
int ret = tfe_stream_info_get(s_stream->tcp_stream, INFO_FROM_UPSTREAM_RX_OFFSET, &rx_offset_this_time, sizeof(rx_offset_this_time)); int ret = tfe_stream_info_get(s_stream->tcp_stream, INFO_FROM_UPSTREAM_RX_OFFSET, &rx_offset_this_time, sizeof(rx_offset_this_time));
if (ret >= 0 && rx_offset_this_time > 100) if (ret >= 0 && rx_offset_this_time > 0)
{ {
struct ssl_service_status svc_status; struct ssl_service_status svc_status;
memset(&svc_status, 0, sizeof(svc_status)); memset(&svc_status, 0, sizeof(svc_status));
@@ -2232,12 +2232,15 @@ int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT
} }
int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int *opt_val) int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int *opt_val)
{ {
const char* sip=NULL, *sport=NULL, *dip=NULL, *dport=NULL;
char * addr_str=NULL;
const char * sni = (upstream->up_parts.client_hello->sni) ? (upstream->up_parts.client_hello->sni) : "null"; const char * sni = (upstream->up_parts.client_hello->sni) ? (upstream->up_parts.client_hello->sni) : "null";
struct ssl_service_status* svc=&upstream->up_parts.svc_status; struct ssl_service_status* svc=&upstream->up_parts.svc_status;
struct ssl_mgr* mgr=upstream->mgr; struct ssl_mgr* mgr=upstream->mgr;
struct tfe_cmsg *cmsg=NULL; struct tfe_cmsg *cmsg=NULL;
UNUSED int ret=0; UNUSED int ret=0;
uint16_t out_size=0; uint16_t out_size=0;
int mod = 0;
switch(opt_type) switch(opt_type)
{ {
case SSL_STREAM_OPT_IS_EV_CERT: case SSL_STREAM_OPT_IS_EV_CERT:
@@ -2252,16 +2255,20 @@ int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT
case SSL_STREAM_OPT_PINNING_STATUS: case SSL_STREAM_OPT_PINNING_STATUS:
if(mgr->root_cert_not_installed_is_not_pinning && svc->is_app_not_pinning) if(mgr->root_cert_not_installed_is_not_pinning && svc->is_app_not_pinning)
{ {
TFE_LOG_DEBUG(g_default_logger, "ssl svc client root_cert_not_installed_is_not_pinning:%d, is_app_not_pinning:%d, cli_pinning_status:%d, mod pinning:%d, sni:%s", mod = 1;
mgr->root_cert_not_installed_is_not_pinning, svc->is_app_not_pinning, svc->cli_pinning_status, PINNING_ST_NOT_PINNING, sni);
*opt_val=PINNING_ST_NOT_PINNING; *opt_val=PINNING_ST_NOT_PINNING;
} }
else else
{ {
TFE_LOG_DEBUG(g_default_logger, "ssl svc client root_cert_not_installed_is_not_pinning:%d, is_app_not_pinning:%d, cli_pinning_status:%d, set pinning:%d, sni:%s",
mgr->root_cert_not_installed_is_not_pinning, svc->is_app_not_pinning, svc->cli_pinning_status, svc->cli_pinning_status, sni);
*opt_val=svc->cli_pinning_status; *opt_val=svc->cli_pinning_status;
} }
addr_str = tfe_stream_addr_to_str(upstream->tcp_stream->addr);
tfe_stream_addr_str_split(addr_str, &sip, &sport, &dip, &dport);
TFE_LOG_DEBUG(g_default_logger, "c:%s:%s s:%s:%s, root_cert_not_installed_is_not_pinning:%d, is_app_not_pinning:%d, cli_pinning_status:%d, %s pinning:%d, sni:%s",
sip, sport, dip, dport, mgr->root_cert_not_installed_is_not_pinning, svc->is_app_not_pinning, svc->cli_pinning_status, (mod == 1) ? "mod" : "set", *opt_val, sni);
free(addr_str);
break; break;
case SSL_STREAM_OPT_HAS_PROTOCOL_ERRORS: case SSL_STREAM_OPT_HAS_PROTOCOL_ERRORS:
*opt_val=svc->has_protocol_errors; *opt_val=svc->has_protocol_errors;