gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加trusted_cert_load_local开关,控制是否加载本地的pem bundle文件,默认加载。

Browse Source
This commit is contained in:
zhengchao
2019-06-14 23:43:03 +08:00
parent b579c718b3
commit 6e6fdfd010
2 changed files with 39 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
platform/src/ssl_stream.cpp
View File

@@ -149,6 +149,7 @@ struct ssl_mgr
char * ecdhcurve;
char * crl_url;
unsigned int trusted_cert_load_local;
struct cert_store_param cert_verify_param;
uint8_t ssl_mode_release_buffers;
char trusted_cert_file[TFE_PATH_MAX];
@@ -705,13 +706,18 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
goto error_out;
}
MESA_load_profile_string_def(ini_profile, section, "trusted_cert_file", mgr->trusted_cert_file, sizeof(mgr->trusted_cert_file),
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem");
MESA_load_profile_string_def(ini_profile, section, "trusted_cert_dir", mgr->trusted_cert_dir, sizeof(mgr->trusted_cert_dir),
"./resource/tfe/trusted_storage");
MESA_load_profile_uint_def(ini_profile, section, "trusted_cert_load_local",
&(mgr->trusted_cert_load_local), 1);
MESA_load_profile_uint_def(ini_profile, section, "check_cert_crl", &(mgr->cert_verify_param.check_crl), 0);
if(mgr->trusted_cert_load_local)//Other wise, use policy defined trusted CA file.
{
MESA_load_profile_string_def(ini_profile, section, "trusted_cert_file", mgr->trusted_cert_file, sizeof(mgr->trusted_cert_file),
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem");
MESA_load_profile_string_def(ini_profile, section, "trusted_cert_dir", mgr->trusted_cert_dir, sizeof(mgr->trusted_cert_dir),
"./resource/tfe/trusted_storage");
}
mgr->trust_CA_store = ssl_trusted_cert_storage_create(mgr->trusted_cert_file, mgr->trusted_cert_dir, &(mgr->cert_verify_param));
if (mgr->trust_CA_store == NULL)
{