gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#64 在tfe.conf中增加check_cert_crl开关,默认关闭CRL校验。

Browse Source
This commit is contained in:
zhengchao
2018-11-12 13:58:01 +08:00
parent 865a4066fc
commit ca650d12ff
3 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
platform/src/ssl_stream.cpp
View File

@@ -130,11 +130,12 @@ struct ssl_mgr
char * ecdhcurve;
char * crl_url;
struct cert_store_param cert_verify_param;
uint8_t ssl_mode_release_buffers;
char trusted_cert_file[TFE_PATH_MAX];
char trusted_cert_dir[TFE_PATH_MAX];
char crl_file[TFE_PATH_MAX];
struct ssl_trusted_cert_storage * trust_CA_store;
struct key_keeper * key_keeper;
@@ -570,7 +571,9 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
MESA_load_profile_string_def(ini_profile, section, "trusted_cert_dir", mgr->trusted_cert_dir, sizeof(mgr->trusted_cert_dir),
"./conf/trusted_storage");
mgr->trust_CA_store = ssl_trusted_cert_storage_create(mgr->trusted_cert_file, mgr->trusted_cert_dir);
MESA_load_profile_uint_def(ini_profile, section, "check_cert_crl", &(mgr->cert_verify_param.check_crl), 0);
mgr->trust_CA_store = ssl_trusted_cert_storage_create(mgr->trusted_cert_file, mgr->trusted_cert_dir, &(mgr->cert_verify_param));
if (mgr->trust_CA_store == NULL)
{
TFE_LOG_ERROR(logger, "Failed at creating X509_STORE");