gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up session cache校验ssl version,增加ssl状态读写的接口。

Browse Source
This commit is contained in:
zhengchao
2019-05-17 21:35:20 +08:00
parent 630a3dba60
commit dda60c674c
12 changed files with 263 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
platform/src/ssl_sess_cache.cpp
View File

@@ -17,6 +17,7 @@ struct asn1_sess
{
unsigned char * buff;
size_t size;
int version;
};
struct sess_set_args
@@ -24,6 +25,11 @@ struct sess_set_args
MESA_htable_handle hash;
struct asn1_sess * new_sess;
};
struct sess_get_args
{
SSL_SESSION *sess;
int version;
};
struct sess_cache
{
@@ -41,7 +47,7 @@ static void ssl_sess_free_serialized(void * data)
return;
}
static struct asn1_sess * ssl_sess_serialize(SSL_SESSION * sess)
static struct asn1_sess * ssl_sess_serialize(SSL_SESSION * sess, int version)
{
struct asn1_sess * result = ALLOC(struct asn1_sess, 1);
@@ -62,6 +68,7 @@ static struct asn1_sess * ssl_sess_serialize(SSL_SESSION * sess)
j=i2d_SSL_SESSION(sess, &(temp));
assert(i == j);
assert(result->buff + i == temp);
result->version=version;
return result;
}
@@ -101,6 +108,8 @@ static int ssl_sess_verify_cb(void * data, int eliminate_type)
static long sess_cache_get_cb(void * data, const uchar * key, uint size, void * user_arg)
{
struct sess_get_args *result=(struct sess_get_args *)user_arg;
SSL_SESSION * sess = NULL;
int is_valid = 0;
if (data == NULL)
@@ -119,7 +128,8 @@ static long sess_cache_get_cb(void * data, const uchar * key, uint size, void *
}
else
{
*(SSL_SESSION **) user_arg = sess;
result->sess=sess;
result->version=asn1->version;
return SESS_CACHE_FOUND;
}
}
@@ -137,6 +147,7 @@ static long sess_cache_set_cb(void * data, const uchar * key, uint size, void *
cur_asn1->size = new_asn1->size;
cur_asn1->buff = ALLOC(unsigned char, cur_asn1->size);
memcpy(cur_asn1->buff, new_asn1->buff, cur_asn1->size);
cur_asn1->version=new_asn1->version;
return SESS_CACHE_UPDATE_OLD;
}
else
@@ -178,16 +189,20 @@ static size_t upsess_mk_key(struct sockaddr * res, socklen_t addrlen, const char
}
void up_session_set(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni,
SSL_SESSION * sess)
int version, SSL_SESSION * sess)
{
unsigned char * key = NULL;
size_t key_size = 0;
long cb_ret = 0;
assert(cache->served_for == CONN_DIR_UPSTREAM);
if(!SSL_SESSION_is_resumable(sess))
{
return;
}
key_size = upsess_mk_key(addr, addr_len, sni, &key);
struct asn1_sess * asn1 = NULL;
asn1 = ssl_sess_serialize(sess);
asn1 = ssl_sess_serialize(sess, version);
struct sess_set_args set_args={.hash = cache->hash, .new_sess = asn1};
MESA_htable_search_cb(cache->hash, key, key_size, sess_cache_set_cb, &set_args, &cb_ret);
@@ -200,9 +215,9 @@ void up_session_set(struct sess_cache * cache, struct sockaddr * addr, socklen_t
return;
}
SSL_SESSION * up_session_get(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni)
{
SSL_SESSION * sess = NULL;
SSL_SESSION * up_session_get(struct sess_cache * cache, struct sockaddr * addr, socklen_t addr_len, const char * sni, int min_ver, int max_ver)
{
struct sess_get_args args={NULL, 0};
long cb_ret = 0;
size_t key_size = 0;
@@ -210,14 +225,14 @@ SSL_SESSION * up_session_get(struct sess_cache * cache, struct sockaddr * addr,
unsigned char * key = NULL;
key_size = upsess_mk_key(addr, addr_len, sni, &key);
MESA_htable_search_cb(cache->hash, key, key_size, sess_cache_get_cb, &sess, &cb_ret);
MESA_htable_search_cb(cache->hash, key, key_size, sess_cache_get_cb, &args, &cb_ret);
// printf("%s %s\n", __FUNCTION__, key);
free(key);
key = NULL;
if (cb_ret == SESS_CACHE_FOUND)
if (cb_ret == SESS_CACHE_FOUND && args.version>=min_ver && args.version<=max_ver)
{
ATOMIC_INC(&(cache->hit_cnt));
return sess;
return args.sess;
}
else
{
@@ -232,7 +247,7 @@ void down_session_set(struct sess_cache * cache, const SSL_SESSION * sess)
struct asn1_sess * asn1 = NULL;
long cb_ret = 0;
assert(cache->served_for == CONN_DIR_DOWNSTREAM);
asn1 = ssl_sess_serialize((SSL_SESSION *) sess);
asn1 = ssl_sess_serialize((SSL_SESSION *) sess, 0);
/*
* SSL_SESSION_get_id() returns a pointer to the internal session id value for the session s.