TSG-22752 Delete SSL Fingerprints, use is_app_not_pinning to determine Certificate Not Installed or Certificate Pinning

2024-10-15 16:18:34 +08:00
parent b7fb2d8a42
commit 8e38bbcf48
12 changed files with 136 additions and 918 deletions
--- a/platform/include/internal/ssl_service_cache.h
+++ b/platform/include/internal/ssl_service_cache.h
@@ -13,7 +13,7 @@
 struct ssl_service_status
 {
 	char cli_pinning_status;
-    char ja3_pinning_status;
+	char is_app_not_pinning;
    char is_ev;
 	char is_ct;
 	char is_mutual_auth;
@@ -31,6 +31,7 @@ struct ssl_service_cache_statistics
 };
 struct ssl_service_cache
 {
+	MESA_htable_handle app_st_hash;
 	MESA_htable_handle cli_st_hash;
 	MESA_htable_handle srv_st_hash;
 	
@@ -38,8 +39,9 @@ struct ssl_service_cache
 	unsigned int fail_as_cli_pinning_count;
 	unsigned int fail_as_proto_err_count;
 	unsigned int fail_time_window;
+	unsigned int succ_as_app_not_pinning_count;
 };
-struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int fail_time_win);
+struct ssl_service_cache *ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int fail_time_win, int succ_as_app_not_pinning_cnt);
 void ssl_service_cache_destroy(struct ssl_service_cache* cache);

 int ssl_service_cache_read(struct ssl_service_cache *svc_cache, const struct ssl_chello *chello, const struct tfe_stream *tcp_stream, struct ssl_service_status *result);