From d201968652ab059013578a272278acbabe036b69 Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Mon, 20 Dec 2021 16:35:34 +0800 Subject: [PATCH] =?UTF-8?q?bugfix:=20TSG-8634=20=E5=91=BD=E4=B8=ADProxy=20?= =?UTF-8?q?Deny=E7=AD=96=E7=95=A5=E6=97=B6=EF=BC=8C=E8=A7=A6=E5=8F=91Zero?= =?UTF-8?q?=20eof=E8=A2=AB=E8=AF=AF=E5=88=A4Pinninng=20=09(=E8=A7=A6?= =?UTF-8?q?=E5=8F=91Zero=20eof=E5=90=8E=E5=BD=93=E5=81=9Aprotocol=20errors?= =?UTF-8?q?=E5=A4=84=E7=90=86)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- platform/src/ssl_stream.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index 5e1edcc..a6baa70 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -1258,10 +1258,8 @@ void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* m if(s_upstream->verify_result.is_hostmatched && s_upstream->is_server_cert_verify_passed ) { const char *sni = s_upstream->client_hello ? (s_upstream->client_hello->sni ? s_upstream->client_hello->sni : "null"): "null"; - TFE_LOG_DEBUG(mgr->logger, "sni:%s cert verify passed and hit zero eof, set pinning:2, next use app_not_pinning to correct", sni); - - s_upstream->svc_status.cli_pinning_status=PINNING_ST_MAYBE_PINNING; - // ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_MAYBE_PINNING); + TFE_LOG_DEBUG(mgr->logger, "sni:%s cert verify passed and hit zero eof, set protocol errors", sni); + s_upstream->svc_status.has_protocol_errors=1; ssl_service_cache_write(mgr->svc_cache, s_stream->peer->up_parts.client_hello, s_stream->tcp_stream, &(s_stream->peer->up_parts.svc_status)); } s_stream->error=SSL_STREAM_R_CLIENT_CLOSED;