为了识别第二种pinning：在tcp_stream的event callback中，若接收字节数为0，调用ssl_stream_process_zero_eof。

platform/include/internal/platform.h

@@ -48,6 +48,7 @@ struct tfe_conn_private
 	struct bufferevent * bev;
 	struct ev_token_bucket_cfg * ratelimit_bucket;
 	uint8_t on_writing;
+	size_t total_rx_bytes, total_tx_bytes;
 };
 
 enum tfe_stream_event_log_type

platform/include/internal/ssl_stream_core.h

@@ -24,6 +24,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 void ssl_manager_set_new_upstream_cb(struct ssl_mgr * mgr, ssl_stream_new_hook* new_upstream_cb, void* u_para);
 void ssl_manager_destroy(struct ssl_mgr * mgr);
 unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr);
+void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* mgr);
 
 
 enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result);

platform/src/ssl_stream.cpp

@@ -1182,6 +1182,24 @@ void ssl_stream_process_error(struct ssl_stream * s_stream, unsigned long sslerr
 	return;
 }
 
+void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* mgr)
+{
+	struct ssl_upstream_parts* s_upstream=NULL;
+	if(s_stream->dir==CONN_DIR_UPSTREAM)
+	{
+		return;
+	}
+	assert(mgr==s_stream->mgr);
+	s_upstream=&s_stream->peer->up_parts;
+	if(s_upstream->verify_result.is_hostmatched && s_upstream->is_server_cert_verify_passed )
+	{
+		s_upstream->svc_status.pinning_status=PINNING_ST_MAYBE_PINNING;
+		ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_MAYBE_PINNING);
+		ssl_service_cache_write(mgr->svc_cache, s_stream->peer->up_parts.client_hello, s_stream->tcp_stream->addr, &(s_stream->peer->up_parts.svc_status));
+	}
+	s_stream->error=SSL_STREAM_R_CLIENT_CLOSED;
+	return;
+}
 
 
 /*
@@ -1805,13 +1823,7 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
 	else if(events & BEV_EVENT_EOF)
 	{		
 		ATOMIC_INC(&(mgr->stat_val[SSL_DOWN_ERR]));	
-		if(s_upstream->verify_result.is_hostmatched && s_upstream->is_server_cert_verify_passed )
+		ssl_stream_process_zero_eof(s_stream, mgr);
-		{
-			s_upstream->svc_status.pinning_status=PINNING_ST_MAYBE_PINNING;
-			ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_MAYBE_PINNING);
-			ssl_service_cache_write(mgr->svc_cache, s_stream->peer->up_parts.client_hello, s_stream->tcp_stream->addr, &(s_stream->peer->up_parts.svc_status));
-		}
-		s_stream->error=SSL_STREAM_R_CLIENT_CLOSED;
 	}
 	else if(events & BEV_EVENT_TIMEOUT)
 	{

platform/src/tcp_stream.cpp

@@ -526,11 +526,14 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
 {
 	struct tfe_stream_private * _stream = (struct tfe_stream_private *) arg;
 	enum tfe_conn_dir dir = __bev_dir(_stream, bev);
+	struct tfe_conn_private * this_conn = __this_conn(_stream, dir);
 	struct tfe_conn_private * peer_conn = __peer_conn(_stream, dir);
 
 	/* Peer connection is terminated, drain all data.
 	 * This connection will be destoryed in __event_cb */
 	struct evbuffer * inbuf = bufferevent_get_input(bev);
+	size_t contigous_len = evbuffer_get_length(inbuf);
+	this_conn->total_rx_bytes+=contigous_len;
 	if (peer_conn == NULL)
 	{
 		evbuffer_drain(inbuf, evbuffer_get_length(inbuf));
@@ -544,7 +547,6 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
 	enum tfe_stream_action action_final = ACTION_FORWARD_DATA;
 
 	size_t drain_size = 0;
-	size_t contigous_len = evbuffer_get_length(inbuf);
 	unsigned char * contiguous_data = evbuffer_pullup(inbuf, contigous_len);
 
 	_stream->defer_bytes = 0;
@@ -585,10 +587,12 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
 			if (_stream->forward_bytes > 0)
 			{
 				evbuffer_remove_buffer(inbuf, outbuf, _stream->forward_bytes);
+				peer_conn->total_tx_bytes+=_stream->forward_bytes;
 			}
 			else
 			{
 				evbuffer_add_buffer(outbuf, inbuf);
+				peer_conn->total_tx_bytes+=contigous_len;
 			}
 			break;
 
@@ -743,7 +747,10 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void *
 					_stream->str_stream_addr, str_conn_dir, errno, strerror(errno));
 			}
 		}
-
+		else if(events & BEV_EVENT_EOF && (*ref_this_conn)->total_rx_bytes==0 && _stream->session_type==STREAM_PROTO_SSL)
+		{
+			ssl_stream_process_zero_eof(*ref_this_ssl_stream, g_default_proxy->ssl_mgr_handler);
+		}
 		if(events & BEV_EVENT_ERROR) __stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FD_ERROR, conn_dir, 0, NULL);
 		if(events & BEV_EVENT_EOF) __stream_log_event(_stream, EVENT_LOG_CLOSE_BY_FD_EOF, conn_dir, 0, NULL);
 		goto __close_connection;