gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

证书校验选项调试通过。

Browse Source
This commit is contained in:
zhengchao
2019-05-14 21:02:06 +08:00
parent f4f7a623a5
commit ae678d5128
2 changed files with 17 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
platform/src/ssl_stream.cpp
View File

@@ -43,9 +43,6 @@
static int SSL_EX_DATA_IDX_SSLMGR;
int SSL_PEER_CERT_VERIFY_PASSED=1;
int SSL_PEER_CERT_VERIFY_FAILED=0;
#define MAX_NET_RETRIES 50
#define LATENCY_WARNING_THRESHOLD_MS 1000
/*
@@ -388,7 +385,8 @@ void ssl_stat_init(struct ssl_mgr * mgr)
return;
}
static SSL * downstream_ssl_create(struct ssl_mgr * mgr, struct keyring * crt, const unsigned char* selected_alpn);
static SSL * upstream_ssl_create(struct ssl_mgr * mgr, const struct ssl_chello * chello, evutil_socket_t fd);
static SSL * upstream_ssl_create(struct ssl_mgr * mgr, struct ssl_stream* s_stream, evutil_socket_t fd);
static void sslctx_set_opts(SSL_CTX * sslctx, struct ssl_mgr * mgr);
struct ssl_chello * ssl_peek_result_release_chello(future_result_t * result)
@@ -418,8 +416,9 @@ struct ssl_stream * ssl_stream_new(struct ssl_mgr * mgr, evutil_socket_t fd, enu
break;
case CONN_DIR_UPSTREAM:
ATOMIC_INC(&(s_stream->mgr->stat_val[SSL_UP_NEW]));
s_stream->ssl = upstream_ssl_create(mgr, client_hello, fd);
s_stream->up_parts.verify_param.no_verify_expiry_date=1;
s_stream->up_parts.client_hello = client_hello;
s_stream->ssl = upstream_ssl_create(mgr, s_stream, fd);
break;
default: assert(0);
}
@@ -589,7 +588,6 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
//tfe2a uses SSLv23_method, it was been deprecated and replaced with the TLS_method() in openssl 1.1.0.
mgr->sslmethod = TLS_method;
SSL_EX_DATA_IDX_SSLMGR = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
MESA_load_profile_uint_def(ini_profile, section, "ssl_compression", &(mgr->sslcomp), 1);
MESA_load_profile_uint_def(ini_profile, section, "no_ssl2", &(mgr->no_ssl2), 1);
MESA_load_profile_uint_def(ini_profile, section, "no_ssl3", &(mgr->no_ssl3), 1);
@@ -786,12 +784,12 @@ static void ssl_async_peek_client_hello(struct future * f, evutil_socket_t fd, i
* Create new SSL context for outgoing connections to the original destination.
* If hostname sni is provided, use it for Server Name Indication.
*/
static SSL * upstream_ssl_create(struct ssl_mgr * mgr, const struct ssl_chello * chello, evutil_socket_t fd)
static SSL * upstream_ssl_create(struct ssl_mgr * mgr, struct ssl_stream* s_stream, evutil_socket_t fd)
{
SSL_CTX * sslctx = NULL;
SSL * ssl = NULL;
SSL_SESSION * sess = NULL;
struct ssl_chello * chello=s_stream->up_parts.client_hello;
sslctx = SSL_CTX_new(mgr->sslmethod());
sslctx_set_opts(sslctx, mgr);
int ret=0;
@@ -817,7 +815,7 @@ static SSL * upstream_ssl_create(struct ssl_mgr * mgr, const struct ssl_chello *
SSL_CTX_free(sslctx);
return NULL;
}
SSL_CTX_set_verify(sslctx, SSL_VERIFY_NONE, NULL);
ssl = SSL_new(sslctx);
SSL_CTX_free(sslctx); /* SSL_new() increments refcount */