gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up session cache校验ssl version,增加ssl状态读写的接口。

Browse Source
This commit is contained in:
zhengchao
2019-05-17 21:35:20 +08:00
parent 630a3dba60
commit dda60c674c
12 changed files with 263 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
platform/include/internal/platform.h
View File

@@ -104,8 +104,8 @@ struct tfe_stream_private
unsigned int nr_plugin_ctxs;
struct plugin_ctx * plugin_ctxs;
/* TCP forward without scan or decode when the passthough is set */
bool passthough;
/* TCP forward without scan or decode when the tcp_passthough is set */
bool tcp_passthough;
/* For defer connection setup */
evutil_socket_t defer_fd_downstream;

4
platform/include/internal/ssl_sess_cache.h
View File

@@ -8,8 +8,8 @@ struct sess_cache;
struct sess_cache * ssl_sess_cache_create(unsigned int slot_size, unsigned int expire_seconds, enum tfe_conn_dir served);
void ssl_sess_cache_destroy(struct sess_cache * cache);
void up_session_set(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni, SSL_SESSION * value);
SSL_SESSION * up_session_get(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni);
void up_session_set(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni, int version, SSL_SESSION * sess);
SSL_SESSION * up_session_get(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni, int min_ver, int max_ver);
void down_session_set(struct sess_cache * cache, const SSL_SESSION * sess);
void down_session_del(struct sess_cache * cache, const SSL_SESSION * sess);

38
platform/include/internal/ssl_stream.h
View File

@@ -8,14 +8,6 @@
struct ssl_stream;
struct ssl_mgr;
typedef void ssl_stream_new_cb(struct ssl_stream *, void* u_para);
typedef void ssl_stream_free_cb(struct ssl_stream *, void* u_para);
struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section, struct event_base * ev_base_gc,
void * logger);
//, ssl_stream_new_cb* new_func, ssl_stream_free_cb* free_func, void* u_para);
void ssl_manager_destroy(struct ssl_mgr * mgr);
unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr);
enum ssl_stream_action
{
@@ -24,7 +16,17 @@ enum ssl_stream_action
SSL_ACTION_SHUTDOWN
};
typedef enum ssl_stream_action ssl_stream_new_hook(struct ssl_stream *upstream, void* u_para);
struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section, struct event_base * ev_base_gc,
void * logger, ssl_stream_new_hook* hook_func, void* u_para);
void ssl_manager_destroy(struct ssl_mgr * mgr);
unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr);
enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result);
evutil_socket_t ssl_upstream_create_result_release_fd(future_result_t * result);
struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result);
struct bufferevent * ssl_upstream_create_result_release_bev(future_result_t * result);
void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, evutil_socket_t fd_upstream,
@@ -43,6 +45,22 @@ int ssl_manager_add_crl(struct ssl_mgr* mgr, const char* pem_file);
int ssl_manager_del_crl(struct ssl_mgr* mgr, const char* pem_file);
void ssl_manager_reset_trust_ca(struct ssl_mgr* mgr);
//s_stream must be upstream.
int ssl_stream_set_opt(struct ssl_stream *s_stream, enum SSL_STREAM_OPT type, const void* value, size_t size);
enum SSL_STREAM_OPT
{
SSL_STREAM_OPT_IS_EV_CERT, //0:FALSE, 1:TRUE.
SSL_STREAM_OPT_IS_CT_CERT, //0:FALSE, 1:TRUE.
SSL_STREAM_OPT_IS_MUTUAL_AUTH, //0:FALSE, 1:TRUE.
SSL_STREAM_OPT_PINNING_STATUS, //0:FALSE, 1:TRUE.
SSL_STREAM_OPT_NO_VERIFY_SELF_SIGNED, //VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME, //VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:1.
SSL_STREAM_OPT_NO_VERIFY_ISSUER, //VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
SSL_STREAM_OPT_NO_VERIFY_EXPIRY_DATE, //VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
SST_STREAM_OPT_VERIFY_FAIL_ACTION, //VALUE is an interger, SIZE=sizeof(int). 1:PASSTHROUGH, 0:BLOCK. DEFAULT:1.
SSL_STREAM_OPT_PROTOCOL_MIN_VERSION,
SSL_STREAM_OPT_PROTOCOL_MAX_VERSION
};
//s_stream must be upstream.
int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int opt_val);
int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int *opt_val);