ssl stream和ssl policy对接tfe_cmsg_xx。

2019-06-01 20:28:07 +08:00
parent 77aa3063f7
commit bc41051da2
9 changed files with 147 additions and 69 deletions
--- a/plugin/business/ssl-policy/src/ssl_policy.cpp
+++ b/plugin/business/ssl-policy/src/ssl_policy.cpp
@@ -178,6 +178,8 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
 	UNUSED int ret=0;
 	int policy_id=0;
 	char policy_id_str[16]={0};
+	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_INTERCEPT_POLICY_ID, &policy_id);
+	assert(ret==0);
 	snprintf(policy_id_str, sizeof(policy_id_str), "%d", policy_id);
 	param=(struct intercept_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->table_id, policy_id_str);
 	if(param==NULL)
@@ -206,13 +208,13 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
 	ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_ID, param->keyring);

 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus);
-	assert(ret==1);
+	assert(ret==0);
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_EV_CERT, &is_ev);
-	assert(ret==1);
+	assert(ret==0);
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_MUTUAL_AUTH, &is_mauth);
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_CT_CERT, &is_ct);
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_HAS_PROTOCOL_ERRORS, &has_error);
-	assert(ret=1);
+	assert(ret=0);
 	if( (pinning_staus==1 && param->bypass_pinning) ||
 		(is_mauth && param->bypass_mutual_auth) ||
 		(is_ev && param->bypass_ev_cert) ||