bugfix: TSG-8634 命中Proxy Deny策略时,触发Zero eof被误判Pinninng
(触发Zero eof后当做protocol errors处理)
This commit is contained in:
luwenpeng
@@ -1258,10 +1258,8 @@ void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* m
|
|||||||
if(s_upstream->verify_result.is_hostmatched && s_upstream->is_server_cert_verify_passed )
|
if(s_upstream->verify_result.is_hostmatched && s_upstream->is_server_cert_verify_passed )
|
||||||
{
|
{
|
||||||
const char *sni = s_upstream->client_hello ? (s_upstream->client_hello->sni ? s_upstream->client_hello->sni : "null"): "null";
|
const char *sni = s_upstream->client_hello ? (s_upstream->client_hello->sni ? s_upstream->client_hello->sni : "null"): "null";
|
||||||
TFE_LOG_DEBUG(mgr->logger, "sni:%s cert verify passed and hit zero eof, set pinning:2, next use app_not_pinning to correct", sni);
|
TFE_LOG_DEBUG(mgr->logger, "sni:%s cert verify passed and hit zero eof, set protocol errors", sni);
|
||||||
|
s_upstream->svc_status.has_protocol_errors=1;
|
||||||
s_upstream->svc_status.cli_pinning_status=PINNING_ST_MAYBE_PINNING;
|
|
||||||
// ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_MAYBE_PINNING);
|
|
||||||
ssl_service_cache_write(mgr->svc_cache, s_stream->peer->up_parts.client_hello, s_stream->tcp_stream, &(s_stream->peer->up_parts.svc_status));
|
ssl_service_cache_write(mgr->svc_cache, s_stream->peer->up_parts.client_hello, s_stream->tcp_stream, &(s_stream->peer->up_parts.svc_status));
|
||||||
}
|
}
|
||||||
s_stream->error=SSL_STREAM_R_CLIENT_CLOSED;
|
s_stream->error=SSL_STREAM_R_CLIENT_CLOSED;
|
||||||
|
|||||||
Reference in New Issue
Block a user