gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-12548 TFE适配拦截策略的keyring_for_untrusted字段

Browse Source 
* keyring拆分为keyring_for_trusted与keyring_for_untrusted
This commit is contained in:
luwenpeng
2022-11-08 10:53:05 +08:00
parent d63b40db17
commit 87adce7cbf
4 changed files with 49 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
platform/src/ssl_stream.cpp
View File

@@ -199,7 +199,8 @@ struct ssl_upstream_parts
struct ssl_service_status svc_status;
enum ssl_stream_action action;
int apln_enabled;
int keyring_id;
int keyring_for_trusted;
int keyring_for_untrusted;
struct ssl_chello * client_hello;
int is_server_cert_verify_passed;
};
@@ -2035,7 +2036,16 @@ void ssl_async_downstream_create(struct future * f, struct ssl_mgr * mgr, struct
ctx->f_ask_keyring = future_create("ask_kyr",ask_keyring_on_succ, ask_keyring_on_fail, p);
ctx->is_origin_crt_verify_passed = upstream->up_parts.is_server_cert_verify_passed;
key_keeper_async_ask(ctx->f_ask_keyring, mgr->key_keeper, sni, upstream->up_parts.keyring_id, ctx->origin_crt, ctx->is_origin_crt_verify_passed,
int keyring_id = 0;
if (ctx->is_origin_crt_verify_passed)
{
keyring_id = upstream->up_parts.keyring_for_trusted;
}
else
{
keyring_id = upstream->up_parts.keyring_for_untrusted;
}
key_keeper_async_ask(ctx->f_ask_keyring, mgr->key_keeper, sni, keyring_id, ctx->origin_crt, ctx->is_origin_crt_verify_passed,
evbase, dnsbase, evhttp);
return;
}
@@ -2154,8 +2164,11 @@ int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT
case SSL_STREAM_OPT_ENABLE_ALPN:
upstream->up_parts.apln_enabled=opt_val;
break;
case SSL_STREAM_OPT_KEYRING_ID:
upstream->up_parts.keyring_id=opt_val;
case SSL_STREAM_OPT_KEYRING_FOR_TRUSTED:
upstream->up_parts.keyring_for_trusted=opt_val;
break;
case SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED:
upstream->up_parts.keyring_for_untrusted=opt_val;
break;
default:
assert(0);