gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加trusted_cert_load_local开关,控制是否加载本地的pem bundle文件,默认加载。

Browse Source
This commit is contained in:
zhengchao
2019-06-14 23:43:03 +08:00
parent b579c718b3
commit 6e6fdfd010
2 changed files with 39 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
platform/src/ssl_trusted_cert_storage.cpp
View File

@@ -109,12 +109,15 @@ static X509_STORE* _X509_store_create(const char* pem_bundle, const char* pem_di
{
return NULL;
}
ret = X509_STORE_load_locations(store, pem_bundle, NULL);
if (ret == 0)
if(pem_bundle&&strlen(pem_bundle)>0)
{
return NULL;
ret = X509_STORE_load_locations(store, pem_bundle, NULL);
if (ret == 0)
{
return NULL;
}
TFE_LOG_INFO(g_default_logger, "X509 trust store load pem boundle: %s", pem_bundle);
}
X509_VERIFY_PARAM *x509_param=NULL;
if(param->check_crl)
{
@@ -122,31 +125,35 @@ static X509_STORE* _X509_store_create(const char* pem_bundle, const char* pem_di
X509_VERIFY_PARAM_set_flags(x509_param, X509_V_FLAG_CRL_CHECK);
X509_STORE_set1_param(store, x509_param);
X509_VERIFY_PARAM_free(x509_param);
TFE_LOG_INFO(g_default_logger, "X509 trust store enable CRL check");
}
struct dirent **namelist = NULL;
n=tfe_scandir(pem_dir, &namelist, NULL, (int (*)(const void*, const void*))alphasort);
if(n < 0)
if(pem_dir&&strlen(pem_dir)>0)
{
return store;
}
for(i=0;i<n;i++)
{
snprintf(path, sizeof(path), "%s/%s",pem_dir, namelist[i]->d_name);
if(0==strcasecmp(namelist[i]->d_name+strlen(namelist[i]->d_name)-strlen(".pem"), ".pem"))
n=tfe_scandir(pem_dir, &namelist, NULL, (int (*)(const void*, const void*))alphasort);
if(n < 0)
{
_X509_add_cert_or_crl_add(store, SSL_X509_OBJ_CERT, path);
return store;
}
else if(0==strcasecmp(namelist[i]->d_name+strlen(namelist[i]->d_name)-strlen(".crl"), ".crl"))
for(i=0;i<n;i++)
{
_X509_add_cert_or_crl_add(store, SSL_X509_OBJ_CRL, path);
snprintf(path, sizeof(path), "%s/%s",pem_dir, namelist[i]->d_name);
if(0==strcasecmp(namelist[i]->d_name+strlen(namelist[i]->d_name)-strlen(".pem"), ".pem"))
{
_X509_add_cert_or_crl_add(store, SSL_X509_OBJ_CERT, path);
}
else if(0==strcasecmp(namelist[i]->d_name+strlen(namelist[i]->d_name)-strlen(".crl"), ".crl"))
{
_X509_add_cert_or_crl_add(store, SSL_X509_OBJ_CRL, path);
}
TFE_LOG_INFO(g_default_logger, "X509 trust store found X509 additive trust CA: %s", path);
free(namelist[i]);
}
TFE_LOG_INFO(g_default_logger, "Found X509 additive trust CA: %s", path);
free(namelist[i]);
free(namelist);
}
free(namelist);
return store;
}