diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp index dff2f9a..8489ffb 100644 --- a/plugin/business/ssl-policy/src/ssl_policy.cpp +++ b/plugin/business/ssl-policy/src/ssl_policy.cpp @@ -97,22 +97,22 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin } } - exclusions=cJSON_GetObjectItem(json, "exclusions"); + exclusions=cJSON_GetObjectItem(json, "dynamic_bypass"); if(exclusions) { item=cJSON_GetObjectItem(exclusions, "ev_cert"); if(item && item->type==cJSON_Number) param->bypass_ev_cert=item->valueint; item=cJSON_GetObjectItem(exclusions, "cert_transparency"); if(item && item->type==cJSON_Number) param->bypass_ct_cert=item->valueint; - item=cJSON_GetObjectItem(exclusions, "client_cert_req"); + item=cJSON_GetObjectItem(exclusions, "mutual_authentication"); if(item && item->type==cJSON_Number) param->bypass_mutual_auth=item->valueint; - item=cJSON_GetObjectItem(exclusions, "pinning"); + item=cJSON_GetObjectItem(exclusions, "cert_pinning"); if(item && item->type==cJSON_Number) param->bypass_pinning=item->valueint; item=cJSON_GetObjectItem(exclusions, "protocol_errors"); if(item && item->type==cJSON_Number) param->bypass_protocol_errors=item->valueint; } - cert_verify=cJSON_GetObjectItem(json, "cert_verify"); + cert_verify=cJSON_GetObjectItem(json, "certificate_checks"); if(cert_verify) { approach=cJSON_GetObjectItem(cert_verify, "approach"); @@ -127,7 +127,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin item=cJSON_GetObjectItem(approach, "expiration"); if(item && item->type==cJSON_Number && item->valueint==0) param->no_verify_expry_date=1; } - item=cJSON_GetObjectItem(cert_verify, "fail_method"); + item=cJSON_GetObjectItem(cert_verify, "fail_action"); if(item && item->type==cJSON_String) { if(0==strcasecmp(item->valuestring, "Fail-Close")) @@ -136,7 +136,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin } } } - ssl_ver=cJSON_GetObjectItem(json, "ssl_ver"); + ssl_ver=cJSON_GetObjectItem(json, "protocol_version"); if(ssl_ver) { item=cJSON_GetObjectItem(ssl_ver, "mirror_client"); diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index 6c90056..b2a3b15 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -315,8 +315,8 @@ { "table_name": "PXY_INTERCEPT_COMPILE", "table_content": [ - "0\t0\t2\t1\t1\t{}\t{\"keyring\":765,\"exclusions\":{\"ev_cert\":0,\"cert_transparency\":0,\"client_cert_req\":1,\"pinning\":1,\"protocol_errors\":1},\"cert_verify\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_method\":\"pass-through\"},\"ssl_ver\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", - "1\t0\t2\t1\t1\t{}\t{\"keyring\":0,\"exclusions\":{\"ev_cert\":0,\"cert_transparency\":0,\"client_cert_req\":1,\"pinning\":1},\"cert_verify\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_method\":\"pass-through\"},\"ssl_ver\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2" + "0\t0\t2\t1\t1\t{}\t{\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", + "1\t0\t2\t1\t1\t{}\t{\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2" ] } ]