修改 is_app_not_pinning 的判定条件：在 ssl up stream free 之前判定

platform/src/ssl_stream.cpp

@@ -1840,7 +1840,7 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
 	}
 	else if(events & BEV_EVENT_EOF)
 	{		
-		ATOMIC_INC(&(mgr->stat_val[SSL_DOWN_ERR]));	
+		ATOMIC_INC(&(mgr->stat_val[SSL_DOWN_ERR]));
 		ssl_stream_process_zero_eof(s_stream, mgr);
 	}
 	else if(events & BEV_EVENT_TIMEOUT)
@@ -2111,14 +2111,19 @@ void ssl_stream_free_and_close_fd(struct ssl_stream * s_stream, struct event_bas
 	assert(fd==s_stream->_do_not_use.fd);
 	unsigned long sslerr=0;
 
-	size_t rx_offset_this_time = 0;
-	int ret = tfe_stream_info_get(s_stream->tcp_stream, INFO_FROM_DOWNSTREAM_RX_OFFSET, &rx_offset_this_time, sizeof(rx_offset_this_time));
-	if (ret >= 0 && rx_offset_this_time > 0)
+	if (s_stream->dir == CONN_DIR_UPSTREAM)
 	{
-		struct ssl_service_status svc_status;
-		memset(&svc_status, 0, sizeof(svc_status));
-		svc_status.is_app_not_pinning=1;
-		ssl_service_cache_write(s_stream->mgr->svc_cache, s_stream->up_parts.client_hello, s_stream->tcp_stream->addr, &svc_status);
+		size_t rx_offset_this_time = 0;
+		int ret = tfe_stream_info_get(s_stream->tcp_stream, INFO_FROM_UPSTREAM_RX_OFFSET, &rx_offset_this_time, sizeof(rx_offset_this_time));
+		if (ret >= 0 && rx_offset_this_time > 100)
+		{
+			struct ssl_service_status svc_status;
+			memset(&svc_status, 0, sizeof(svc_status));
+			svc_status.is_app_not_pinning = 1;
+			ssl_service_cache_write(s_stream->mgr->svc_cache, s_stream->up_parts.client_hello, s_stream->tcp_stream->addr, &svc_status);
+		}
+		const char * sni = (s_stream->up_parts.client_hello && s_stream->up_parts.client_hello->sni) ? s_stream->up_parts.client_hello->sni : "null";
+		TFE_LOG_DEBUG(g_default_logger, "ssl up stream close, rx_offset:%d, sni:%s", rx_offset_this_time, sni);
 	}
 
 	if(errno)