gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1. 暴露ssl_stream.h给业务层;2. 将ssl policy功能放到业务层插件目录。

Browse Source
This commit is contained in:
zhengchao
2019-05-20 15:08:42 +08:00
parent 7cbd432a25
commit e4291c0fda
13 changed files with 104 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
platform/include/internal/proxy.h
View File

@@ -2,7 +2,7 @@
#include <tfe_stream.h>
#include <event2/event.h>
#include <ssl_stream.h>
#include <ssl_stream_core.h>
struct ssl_mgr;
struct key_keeper;

8
platform/include/internal/ssl_policy.h
View File

@@ -1,8 +0,0 @@
#pragma once
#include <ssl_stream.h>
#include <MESA/Maat_rule.h>
struct ssl_policy_enforcer;
struct ssl_policy_enforcer* ssl_policy_enforcer_create(Maat_feather_t maat, void* logger);
enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_para);

31
platform/include/internal/ssl_stream.h → platform/include/internal/ssl_stream_core.h
View File

@@ -1,23 +1,12 @@
#pragma once
#include <ssl_stream.h>
#include <event2/event.h>
#include <tfe_future.h>
#include <tfe_types.h>
struct ssl_stream;
struct ssl_mgr;
enum ssl_stream_action
{
SSL_ACTION_PASSTHROUGH,
SSL_ACTION_INTERCEPT,
SSL_ACTION_SHUTDOWN
};
typedef enum ssl_stream_action ssl_stream_new_hook(struct ssl_stream *upstream, void* u_para);
struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section, struct event_base * ev_base_gc,
void * logger);
void ssl_manager_set_new_upstream_cb(struct ssl_mgr * mgr, ssl_stream_new_hook* new_upstream_cb, void* u_para);
@@ -46,22 +35,4 @@ int ssl_manager_add_crl(struct ssl_mgr* mgr, const char* pem_file);
int ssl_manager_del_crl(struct ssl_mgr* mgr, const char* pem_file);
void ssl_manager_reset_trust_ca(struct ssl_mgr* mgr);
enum SSL_STREAM_OPT
{
SSL_STREAM_OPT_IS_EV_CERT, //0:FALSE, 1:TRUE.
SSL_STREAM_OPT_IS_CT_CERT, //0:FALSE, 1:TRUE.
SSL_STREAM_OPT_IS_MUTUAL_AUTH, //0:FALSE, 1:TRUE.
SSL_STREAM_OPT_PINNING_STATUS, //0:FALSE, 1:TRUE.
SSL_STREAM_OPT_NO_VERIFY_SELF_SIGNED, //VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME, //VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:1.
SSL_STREAM_OPT_NO_VERIFY_ISSUER, //VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
SSL_STREAM_OPT_NO_VERIFY_EXPIRY_DATE, //VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
SSL_STREAM_OPT_BLOCK_FAKE_CERT, //VALUE is an interger, SIZE=sizeof(int). 1:PASSTHROUGH, 0:BLOCK. DEFAULT:1.
SSL_STREAM_OPT_PROTOCOL_MIN_VERSION,
SSL_STREAM_OPT_PROTOCOL_MAX_VERSION
};
//s_stream must be upstream.
int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int opt_val);
int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int *opt_val);

1
platform/include/internal/ssl_utils.h
View File

@@ -122,7 +122,6 @@ void ssl_openssl_version(void);
int ssl_init(void);
int ssl_reinit(void);
void ssl_fini(void);
int sslver_str2num(const char * version_str);
char * ssl_sha1_to_str(unsigned char *, int);