处理无sni的ssl。
This commit is contained in:
zhengchao
@@ -73,7 +73,7 @@ static size_t ssl_svc_server_st_mk_key(const struct ssl_chello* chello, const st
|
||||
const char* sip=NULL, *sport=NULL, *dip=NULL, *dport=NULL;
|
||||
char * addr_str= tfe_stream_addr_to_str(addr);
|
||||
tfe_stream_addr_str_split(addr_str, &sip, &sport, &dip, &dport);
|
||||
key_len=snprintf(key_buff, sz, "%s:%s:%s:", dip, dport, chello->sni);
|
||||
key_len=snprintf(key_buff, sz, "%s:%s:%s:", dip, dport, chello->sni?chello->sni:"null");
|
||||
free(addr_str);
|
||||
return key_len;
|
||||
}
|
||||
@@ -83,10 +83,11 @@ static size_t ssl_svc_client_st_mk_key(const struct ssl_chello* chello, const st
|
||||
const char* sip=NULL, *sport=NULL, *dip=NULL, *dport=NULL;
|
||||
char * addr_str= tfe_stream_addr_to_str(addr);
|
||||
tfe_stream_addr_str_split(addr_str, &sip, &sport, &dip, &dport);
|
||||
key_len=snprintf(key_buff, sz, "%s:%d:%d:%s:%s:", sip,
|
||||
key_len=snprintf(key_buff, sz, "%s:%d:%d:%s:%s", sip,
|
||||
chello->min_version.ossl_format,
|
||||
chello->max_version.ossl_format,
|
||||
chello->sni, chello->alpn?chello->alpn:"null");
|
||||
chello->sni?chello->sni: dip ,
|
||||
chello->alpn?chello->alpn:"null");
|
||||
if(chello->cipher_suites && sz-key_len>chello->cipher_suites_len)
|
||||
{
|
||||
memcpy(key_buff+key_len, chello->cipher_suites, chello->cipher_suites_len);
|
||||
|
||||
@@ -183,7 +183,7 @@ static size_t upsess_mk_key(struct sockaddr * res, socklen_t addrlen, const char
|
||||
break;
|
||||
}
|
||||
|
||||
key_size=asprintf((char**)key_buf,"%s:%u:%s",s, port, sni);
|
||||
key_size=asprintf((char**)key_buf,"%s:%u:%s",s, port, sni?sni:"null");
|
||||
free(s);
|
||||
return key_size;
|
||||
}
|
||||
|
||||
@@ -214,8 +214,8 @@ struct ssl_stream
|
||||
uint64_t connect_latency_ms;
|
||||
|
||||
struct ssl_stream* peer;
|
||||
socklen_t addrlen;
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t peer_addrlen;
|
||||
struct sockaddr_storage peer_addr;
|
||||
struct __ssl_stream_debug _do_not_use;
|
||||
enum ssl_stream_error error;
|
||||
};
|
||||
@@ -500,7 +500,7 @@ struct ssl_stream * ssl_stream_new(struct ssl_mgr * mgr, evutil_socket_t fd, enu
|
||||
s_stream->ssl_min_version=mgr->ssl_min_version;
|
||||
s_stream->peer=peer;
|
||||
s_stream->tcp_stream=tcp_stream;
|
||||
ret = getpeername(fd, (struct sockaddr *) (&s_stream->addr), &(s_stream->addrlen));
|
||||
ret = getpeername(fd, (struct sockaddr *) (&s_stream->peer_addr), &(s_stream->peer_addrlen));
|
||||
switch (dir)
|
||||
{
|
||||
case CONN_DIR_DOWNSTREAM:
|
||||
@@ -935,7 +935,7 @@ static void upstream_ossl_init(struct ssl_stream* s_stream)
|
||||
SSL_CTX_set_session_cache_mode(sslctx, SSL_SESS_CACHE_NO_INTERNAL);
|
||||
/* session resuming based on remote endpoint address and port */
|
||||
sess = up_session_get(mgr->up_sess_cache,
|
||||
(struct sockaddr *) &(s_stream->addr), s_stream->addrlen, chello->sni,
|
||||
(struct sockaddr *) &(s_stream->peer_addr), s_stream->peer_addrlen, chello->sni,
|
||||
s_stream->ssl_min_version, s_stream->ssl_max_version);
|
||||
if (sess)
|
||||
{
|
||||
@@ -1223,7 +1223,6 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
struct ssl_mgr* mgr=s_stream->mgr;
|
||||
SSL_SESSION * ssl_sess = NULL;
|
||||
char error_str[TFE_STRING_MAX];
|
||||
const char* sni=s_upstream->client_hello->sni?s_upstream->client_hello->sni:"null";
|
||||
uint64_t jiffies_ms;
|
||||
unsigned long sslerr=0;
|
||||
if (events & BEV_EVENT_ERROR)
|
||||
@@ -1254,7 +1253,10 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
jiffies_ms=(ctx->end.tv_sec-ctx->start.tv_sec)*1000+(ctx->end.tv_nsec-ctx->start.tv_nsec)/1000000;
|
||||
if(jiffies_ms>LATENCY_WARNING_THRESHOLD_MS)
|
||||
{
|
||||
TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect server latency %ld ms: addr=%s, sni=%s", jiffies_ms, s_stream->tcp_stream->str_stream_info, sni);
|
||||
TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect server latency %ld ms: addr=%s, sni=%s",
|
||||
jiffies_ms,
|
||||
s_stream->tcp_stream->str_stream_info,
|
||||
s_upstream->client_hello->sni);
|
||||
}
|
||||
s_stream->connect_latency_ms=jiffies_ms;
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_SERVER_SIDE_LATENCY, jiffies_ms);
|
||||
@@ -1338,7 +1340,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
if(s_stream->error)
|
||||
{
|
||||
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_ERROR, ssl_stream_get_error_string(s_stream->error));
|
||||
snprintf(error_str, sizeof(error_str), "%s, sni=%s", ssl_stream_get_error_string(s_stream->error), sni);
|
||||
snprintf(error_str, sizeof(error_str), "%s, sni=%s", ssl_stream_get_error_string(s_stream->error), s_upstream->client_hello->sni);
|
||||
promise_failed(p, FUTURE_ERROR_EXCEPTION, error_str);
|
||||
}
|
||||
wrap_ssl_connect_server_ctx_free(ctx);
|
||||
@@ -1699,7 +1701,7 @@ void downstream_ossl_init(struct ssl_stream *s_stream)
|
||||
SSL_CTX_sess_set_new_cb(sslctx, ossl_downsess_new_cb);
|
||||
SSL_CTX_sess_set_remove_cb(sslctx, ossl_downsess_remove_cb);
|
||||
SSL_CTX_sess_set_get_cb(sslctx, ossl_downsess_get_cb);
|
||||
if(!mgr->no_sessticket)
|
||||
if(!mgr->no_sessticket&&s_stream->peer->up_parts.client_hello->sni)
|
||||
{
|
||||
SSL_CTX_set_tlsext_ticket_key_cb(sslctx, ossl_session_ticket_key_callback);
|
||||
}
|
||||
@@ -1812,7 +1814,6 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
|
||||
struct ssl_stream * s_stream = ctx->downstream;
|
||||
struct ssl_upstream_parts* s_upstream= &(ctx->peer->up_parts);
|
||||
struct ssl_mgr* mgr=s_stream->mgr;
|
||||
const char* sni=s_upstream->client_hello->sni?s_upstream->client_hello->sni:"null";
|
||||
char error_str[TFE_STRING_MAX]={0};
|
||||
uint64_t jiffies_ms=0;
|
||||
unsigned long sslerr=0;
|
||||
@@ -1843,7 +1844,10 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
|
||||
jiffies_ms=(ctx->end.tv_sec-ctx->start.tv_sec)*1000+(ctx->end.tv_nsec-ctx->start.tv_nsec)/1000000;
|
||||
if(jiffies_ms>LATENCY_WARNING_THRESHOLD_MS)
|
||||
{
|
||||
TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect client latency %ld ms: addr=%s, sni=%s", jiffies_ms, s_stream->tcp_stream->str_stream_info, sni);
|
||||
TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect client latency %ld ms: addr=%s, sni=%s",
|
||||
jiffies_ms,
|
||||
s_stream->tcp_stream->str_stream_info,
|
||||
s_upstream->client_hello->sni);
|
||||
}
|
||||
s_stream->connect_latency_ms=jiffies_ms;
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, jiffies_ms);
|
||||
@@ -1862,7 +1866,7 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
|
||||
if(s_stream->error)
|
||||
{
|
||||
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_ERROR, ssl_stream_get_error_string(s_stream->error));
|
||||
snprintf(error_str, sizeof(error_str), "%s : sni=%s", ssl_stream_get_error_string(s_stream->error), sni);
|
||||
snprintf(error_str, sizeof(error_str), "%s : sni=%s", ssl_stream_get_error_string(s_stream->error), s_upstream->client_hello->sni);
|
||||
promise_failed(p, FUTURE_ERROR_EXCEPTION, error_str);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user