From 8cf94539803ccc11d1d205122d87a422e7a8f469 Mon Sep 17 00:00:00 2001
From: luwenpeng <luwenpeng@zdjizhi.com>
Date: Mon, 14 Oct 2019 11:12:01 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=8B=A6=E6=88=AA=E7=AD=96?=
 =?UTF-8?q?=E7=95=A5=E6=8B=A6=E6=88=AA=E5=8A=A8=E4=BD=9C=E6=97=B6user=5Fre?=
 =?UTF-8?q?gion=E8=A1=A8=E7=9A=84json=E5=8F=82=E6=95=B0=E5=8F=98=E6=9B=B4?=
 =?UTF-8?q?=EF=BC=9A=20=201=EF=BC=89exclusions=E4=BF=AE=E6=AD=A3=E4=B8=BAd?=
 =?UTF-8?q?ynamic=5Fbypass;=20=202=EF=BC=89pinning=E4=BF=AE=E6=AD=A3?=
 =?UTF-8?q?=E4=B8=BAcert=5Fpinning=EF=BC=9B=20=203=EF=BC=89client=5Fcert?=
 =?UTF-8?q?=5Freq=E4=BF=AE=E6=AD=A3=E4=B8=BAmutual=5Fauthentication;=20=20?=
 =?UTF-8?q?4=EF=BC=89cert=5Fverify=E4=BF=AE=E6=AD=A3=E4=B8=BAcertificate?=
 =?UTF-8?q?=5Fchecks=EF=BC=9B=20=205=EF=BC=89fail=5Fmethod=E4=BF=AE?=
 =?UTF-8?q?=E6=AD=A3=E4=B8=BAfail=5Faction=EF=BC=9B=20=206=EF=BC=89ssl=5Fv?=
 =?UTF-8?q?er=E4=BF=AE=E6=AD=A3=E4=B8=BAprotocol=5Fversion=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugin/business/ssl-policy/src/ssl_policy.cpp | 12 ++++++------
 resource/pangu/pangu_http.json                |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp
index dff2f9a..8489ffb 100644
--- a/plugin/business/ssl-policy/src/ssl_policy.cpp
+++ b/plugin/business/ssl-policy/src/ssl_policy.cpp
@@ -97,22 +97,22 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin
 		}
 	}
 	
-	exclusions=cJSON_GetObjectItem(json, "exclusions");
+	exclusions=cJSON_GetObjectItem(json, "dynamic_bypass");
 	if(exclusions)
 	{
 		item=cJSON_GetObjectItem(exclusions, "ev_cert");
 		if(item && item->type==cJSON_Number) param->bypass_ev_cert=item->valueint;
 		item=cJSON_GetObjectItem(exclusions, "cert_transparency");
 		if(item && item->type==cJSON_Number) param->bypass_ct_cert=item->valueint;
-		item=cJSON_GetObjectItem(exclusions, "client_cert_req");
+		item=cJSON_GetObjectItem(exclusions, "mutual_authentication");
 		if(item && item->type==cJSON_Number) param->bypass_mutual_auth=item->valueint;
-		item=cJSON_GetObjectItem(exclusions, "pinning");
+		item=cJSON_GetObjectItem(exclusions, "cert_pinning");
 		if(item && item->type==cJSON_Number) param->bypass_pinning=item->valueint;
 		item=cJSON_GetObjectItem(exclusions, "protocol_errors");
 		if(item && item->type==cJSON_Number) param->bypass_protocol_errors=item->valueint;
 
 	}
-	cert_verify=cJSON_GetObjectItem(json, "cert_verify");
+	cert_verify=cJSON_GetObjectItem(json, "certificate_checks");
 	if(cert_verify)
 	{
 		approach=cJSON_GetObjectItem(cert_verify, "approach");
@@ -127,7 +127,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin
 			item=cJSON_GetObjectItem(approach, "expiration");
 			if(item && item->type==cJSON_Number && item->valueint==0) param->no_verify_expry_date=1;
 		}
-		item=cJSON_GetObjectItem(cert_verify, "fail_method");
+		item=cJSON_GetObjectItem(cert_verify, "fail_action");
 		if(item && item->type==cJSON_String)
 		{
 			if(0==strcasecmp(item->valuestring, "Fail-Close"))
@@ -136,7 +136,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin
 			}
 		}
 	}
-	ssl_ver=cJSON_GetObjectItem(json, "ssl_ver");
+	ssl_ver=cJSON_GetObjectItem(json, "protocol_version");
 	if(ssl_ver)
 	{		
 		item=cJSON_GetObjectItem(ssl_ver, "mirror_client");	
diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json
index 6c90056..b2a3b15 100644
--- a/resource/pangu/pangu_http.json
+++ b/resource/pangu/pangu_http.json
@@ -315,8 +315,8 @@
 				{
             "table_name": "PXY_INTERCEPT_COMPILE",
             "table_content": [
-                "0\t0\t2\t1\t1\t{}\t{\"keyring\":765,\"exclusions\":{\"ev_cert\":0,\"cert_transparency\":0,\"client_cert_req\":1,\"pinning\":1,\"protocol_errors\":1},\"cert_verify\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_method\":\"pass-through\"},\"ssl_ver\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2",
-                "1\t0\t2\t1\t1\t{}\t{\"keyring\":0,\"exclusions\":{\"ev_cert\":0,\"cert_transparency\":0,\"client_cert_req\":1,\"pinning\":1},\"cert_verify\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_method\":\"pass-through\"},\"ssl_ver\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2"
+                "0\t0\t2\t1\t1\t{}\t{\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2",
+                "1\t0\t2\t1\t1\t{}\t{\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2"
             ]
         }
     ]