向 tfe 的 FieldStat 中输出可信证书的数量

platform/src/ssl_stream.cpp

@@ -106,6 +106,9 @@ enum ssl_stream_stat
 	SSL_SVC_CT_CERT,
 	SSL_SVC_EV_CERT,
 	SSL_SVC_APP_NOT_PINNING,
+
+	SSL_SVC_TRUSTED_CERT,
+
 	SSL_STAT_MAX
 };
 
@@ -362,6 +365,7 @@ ssl_stream_gc_cb(evutil_socket_t fd, short what, void * arg)
 	mgr->stat_val[SSL_SVC_CT_CERT]=svc_stat.ct_srv_cnt;
 	mgr->stat_val[SSL_SVC_EV_CERT]=svc_stat.ev_srv_cnt;
 	mgr->stat_val[SSL_SVC_APP_NOT_PINNING]=svc_stat.app_not_pinning_cnt;
+	mgr->stat_val[SSL_SVC_TRUSTED_CERT]=svc_stat.trusted_cert_cnt;
 	for(i=0;i<SSL_STAT_MAX;i++)
 	{
 		FS_operate(mgr->fs_handle, mgr->fs_id[i], 0, FS_OP_SET, ATOMIC_READ(&(mgr->stat_val[i])));
@@ -419,6 +423,8 @@ void ssl_stat_init(struct ssl_mgr * mgr)
 	spec[SSL_SVC_EV_CERT]="ssl_ev_crt";
 	spec[SSL_SVC_APP_NOT_PINNING]="app_no_pinning";
 
+	spec[SSL_SVC_TRUSTED_CERT]="trusted_cert_nums";
+
 
 	for(i=0;i<SSL_STAT_MAX;i++)
 	{
@@ -2034,10 +2040,12 @@ void ssl_stream_free(struct ssl_stream * s_stream, struct event_base * evbase, s
 
 int ssl_manager_add_trust_ca(struct ssl_mgr* mgr, const char* pem_file)
 {
+	ATOMIC_INC(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
 	return ssl_trusted_cert_storage_add(mgr->trust_CA_store, SSL_X509_OBJ_CERT, pem_file);
 }
 int ssl_manager_del_trust_ca(struct ssl_mgr* mgr, const char* pem_file)
 {
+	ATOMIC_DEC(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
 	return ssl_trusted_cert_storage_del(mgr->trust_CA_store, SSL_X509_OBJ_CERT, pem_file);
 }
 int ssl_manager_add_crl(struct ssl_mgr* mgr, const char* pem_file)
@@ -2050,6 +2058,7 @@ int ssl_manager_del_crl(struct ssl_mgr* mgr, const char* pem_file)
 }
 void ssl_manager_reset_trust_ca(struct ssl_mgr* mgr)
 {
+	ATOMIC_ZERO(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
 	ssl_trusted_cert_storage_reset(mgr->trust_CA_store);
 	return;
 }