TSG-12548 TFE适配拦截策略的keyring_for_untrusted字段
* keyring拆分为keyring_for_trusted与keyring_for_untrusted
This commit is contained in:
luwenpeng
@@ -18,7 +18,8 @@ struct intercept_param
|
||||
{
|
||||
int policy_id;
|
||||
int ref_cnt;
|
||||
int keyring;
|
||||
int keyring_for_trusted;
|
||||
int keyring_for_untrusted;
|
||||
int decryption_profile_id;
|
||||
};
|
||||
|
||||
@@ -99,23 +100,41 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin
|
||||
param->bypass_pinning=1;
|
||||
param->mirror_client_version=1;
|
||||
*/
|
||||
param->keyring=1;
|
||||
param->keyring_for_trusted=1;
|
||||
param->keyring_for_untrusted=0;
|
||||
param->decryption_profile_id=0;
|
||||
|
||||
item=cJSON_GetObjectItem(json, "keyring");
|
||||
item=cJSON_GetObjectItem(json, "keyring_for_trusted");
|
||||
if(item)
|
||||
{
|
||||
if(item->type==cJSON_Number)
|
||||
{
|
||||
param->keyring=item->valueint;
|
||||
param->keyring_for_trusted=item->valueint;
|
||||
}
|
||||
else if(item->type==cJSON_String)
|
||||
{
|
||||
param->keyring=atoi(item->valuestring);
|
||||
param->keyring_for_trusted=atoi(item->valuestring);
|
||||
}
|
||||
else
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %d invalid keyring format", param->policy_id);
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %d invalid keyring_for_trusted format", param->policy_id);
|
||||
}
|
||||
}
|
||||
|
||||
item=cJSON_GetObjectItem(json, "keyring_for_untrusted");
|
||||
if(item)
|
||||
{
|
||||
if(item->type==cJSON_Number)
|
||||
{
|
||||
param->keyring_for_untrusted=item->valueint;
|
||||
}
|
||||
else if(item->type==cJSON_String)
|
||||
{
|
||||
param->keyring_for_untrusted=atoi(item->valuestring);
|
||||
}
|
||||
else
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %d invalid keyring_for_untrusted format", param->policy_id);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -380,7 +399,8 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
|
||||
{
|
||||
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_BLOCK_FAKE_CERT, 1);
|
||||
}
|
||||
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_ID, policy_param->keyring);
|
||||
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_FOR_TRUSTED, policy_param->keyring_for_trusted);
|
||||
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED, policy_param->keyring_for_untrusted);
|
||||
|
||||
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus);
|
||||
assert(ret==0);
|
||||
|
||||
Reference in New Issue
Block a user