变更ssl.cpp为ssl_utils.cpp,修正了编译错误,整体编译通过。
This commit is contained in:
Lu Qiuwen
@@ -1,4 +1,4 @@
|
||||
add_executable(tfe src/key_keeper.cpp src/kni_acceptor.cpp src/ssl_stream.cpp src/ssl_sess_cache.cpp
|
||||
add_executable(tfe src/key_keeper.cpp src/kni_acceptor.cpp src/ssl_stream.cpp src/ssl_sess_cache.cpp src/ssl_utils.cc
|
||||
src/tcp_stream.cpp src/main.cpp src/proxy.cpp)
|
||||
|
||||
target_include_directories(tfe PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include/external)
|
||||
@@ -7,4 +7,3 @@ target_include_directories(tfe PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/interna
|
||||
target_link_libraries(tfe common)
|
||||
target_link_libraries(tfe pthread dl openssl-ssl-static openssl-crypto-static pthread libevent-static
|
||||
libevent-static-openssl libevent-static-pthreads MESA_handle_logger MESA_prof_load MESA_htable wiredcfg)
|
||||
|
||||
|
||||
@@ -142,7 +142,7 @@ void ssl_key_refcount_inc(EVP_PKEY *);
|
||||
int ssl_key_identifier_sha1(EVP_PKEY *, unsigned char *);
|
||||
char * ssl_key_identifier(EVP_PKEY *, int);
|
||||
|
||||
int ssl_x509_v3ext_add(X509V3_CTX *, X509 *, char *, char *);
|
||||
int ssl_x509_v3ext_add(X509V3_CTX * ctx, X509 * crt, const char * k, const char * v);
|
||||
int ssl_x509_v3ext_copy_by_nid(X509 *, X509 *, int);
|
||||
|
||||
int ssl_x509_serial_copyrand(X509 *, X509 *);
|
||||
@@ -1,6 +1,6 @@
|
||||
#include <key_keeper.h>
|
||||
#include <string.h>
|
||||
#include <ssl.h>
|
||||
#include <ssl_utils.h>
|
||||
|
||||
struct key_keeper
|
||||
{
|
||||
@@ -321,3 +321,30 @@ void cert_manager_free(cert_t * keyring)
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
struct key_keeper * key_keeper_init(const char * profile, const char* section, void* logger)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
struct key_keeper * key_keeper_destroy(struct key_keeper *keeper)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
struct keyring* key_keeper_release_cert(future_result_t* result)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void key_keeper_free_keyring(struct keyring* cert)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, int keyring_id,
|
||||
X509 * origin_cert, int is_cert_valid, struct event_base * evbase)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
2376
platform/src/ssl.cc
2376
platform/src/ssl.cc
File diff suppressed because it is too large
Load Diff
@@ -1,7 +1,7 @@
|
||||
#include <assert.h>
|
||||
|
||||
#include <ssl_sess_cache.h>
|
||||
#include <ssl.h>
|
||||
#include <ssl_utils.h>
|
||||
|
||||
#include <MESA/MESA_htable.h>
|
||||
#include <MESA/field_stat2.h>
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
#include <tfe_future.h>
|
||||
#include <key_keeper.h>
|
||||
#include <ssl_sess_cache.h>
|
||||
#include <ssl.h>
|
||||
#include <ssl_utils.h>
|
||||
#include <platform.h>
|
||||
|
||||
#define SSL_EX_DATA_IDX_SSLMGR 0
|
||||
@@ -37,19 +37,23 @@
|
||||
|
||||
struct ssl_mgr
|
||||
{
|
||||
int sslcomp;
|
||||
int no_ssl2;
|
||||
int no_ssl3;
|
||||
int no_tls10;
|
||||
int no_tls11;
|
||||
int no_tls12;
|
||||
unsigned int sslcomp;
|
||||
unsigned int no_ssl2;
|
||||
unsigned int no_ssl3;
|
||||
unsigned int no_tls10;
|
||||
unsigned int no_tls11;
|
||||
unsigned int no_tls12;
|
||||
|
||||
CONST_SSL_METHOD * (* sslmethod)(void); //Parameter of SSL_CTX_new
|
||||
int sslversion;
|
||||
char ssl_session_context[8];
|
||||
int cache_slot_num;
|
||||
int sess_expire_seconds;
|
||||
|
||||
unsigned int cache_slot_num;
|
||||
unsigned int sess_expire_seconds;
|
||||
|
||||
struct sess_cache * down_sess_cache;
|
||||
struct sess_cache * up_sess_cache;
|
||||
|
||||
char default_ciphers[TFE_STRING_MAX];
|
||||
DH * dh;
|
||||
char * ecdhcurve;
|
||||
@@ -103,7 +107,7 @@ struct ssl_connect_origin_ctx
|
||||
struct bufferevent * bev;
|
||||
struct ssl_stream * s_stream;
|
||||
struct ssl_mgr * mgr;
|
||||
struct sockaddr addr;
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen;
|
||||
void * logger;
|
||||
|
||||
@@ -290,18 +294,17 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
|
||||
//tfe2a uses SSLv23_method, it was been deprecated and replaced with the TLS_method() in openssl 1.1.0.
|
||||
mgr->sslmethod = TLS_method;
|
||||
MESA_load_profile_int_def(ini_profile, section, "ssl_compression", &(mgr->sslcomp), 1);
|
||||
MESA_load_profile_int_def(ini_profile, section, "no_ssl2", &(mgr->no_ssl2), 1);
|
||||
MESA_load_profile_int_def(ini_profile, section, "no_ssl3", &(mgr->no_ssl3), 1);
|
||||
MESA_load_profile_int_def(ini_profile, section, "no_tls10", &(mgr->no_tls10), 1);
|
||||
MESA_load_profile_int_def(ini_profile, section, "no_tls11", &(mgr->no_tls11), 0);
|
||||
MESA_load_profile_int_def(ini_profile, section, "no_tls12", &(mgr->no_tls12), 0);
|
||||
MESA_load_profile_int_def(ini_profile, section, "session_cache_slot_num", &(mgr->cache_slot_num),
|
||||
4 * 1024 * 1024);
|
||||
MESA_load_profile_int_def(ini_profile, section, "session_cache_slot_num", &(mgr->sess_expire_seconds), 30 * 60);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "ssl_compression", &(mgr->sslcomp), 1);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_ssl2", &(mgr->no_ssl2), 1);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_ssl3", &(mgr->no_ssl3), 1);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_tls10", &(mgr->no_tls10), 1);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_tls11", &(mgr->no_tls11), 0);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_tls12", &(mgr->no_tls12), 0);
|
||||
|
||||
MESA_load_profile_uint_def(ini_profile, section, "session_cache_slot_num", &(mgr->cache_slot_num), 4 * 1024 * 1024);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "session_cache_slot_num", &(mgr->sess_expire_seconds), 30 * 60);
|
||||
|
||||
mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slot_num, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM);
|
||||
mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slot_num, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM);
|
||||
@@ -521,11 +524,11 @@ static SSL * upstream_ssl_create(struct ssl_mgr * mgr, const struct ssl_chello *
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen = sizeof(struct sockaddr_storage);
|
||||
|
||||
int ret = getpeername(fd, (struct sockaddr *)(&addr), &addrlen);
|
||||
int ret = getpeername(fd, (struct sockaddr *) (&addr), &addrlen);
|
||||
assert(ret == 0);
|
||||
|
||||
/* session resuming based on remote endpoint address and port */
|
||||
sess = up_session_get(mgr->up_sess_cache, (struct sockaddr *)&addr, addrlen, chello->sni); /* new sess insert */
|
||||
sess = up_session_get(mgr->up_sess_cache, (struct sockaddr *) &addr, addrlen, chello->sni); /* new sess insert */
|
||||
if (sess)
|
||||
{
|
||||
SSL_set_session(ssl, sess); /* increments sess refcount */
|
||||
@@ -564,7 +567,7 @@ void ssl_connect_origin_ctx_free(struct promise * p)
|
||||
ssl_connect_origin_ctx_free(ctx);
|
||||
}
|
||||
|
||||
struct ssl_stream * ssl_conn_origin_result_release_stream(future_result_t * result)
|
||||
struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result)
|
||||
{
|
||||
struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) result;
|
||||
struct ssl_stream * ret = ctx->s_stream;
|
||||
@@ -572,13 +575,12 @@ struct ssl_stream * ssl_conn_origin_result_release_stream(future_result_t * resu
|
||||
return ret;
|
||||
}
|
||||
|
||||
struct bufferevent * ssl_conn_origin_result_release_bev(future_result_t * result)
|
||||
struct bufferevent * ssl_upstream_create_result_release_bev(future_result_t * result)
|
||||
{
|
||||
struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) result;
|
||||
struct bufferevent * ret = ctx->bev;
|
||||
ctx->bev = NULL; //giveup ownership
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -603,8 +605,8 @@ static void ssl_connect_origin_eventcb(struct bufferevent * bev, short events, v
|
||||
{
|
||||
bufferevent_setcb(ctx->bev, NULL, NULL, NULL, NULL); //leave a clean bev for on_success
|
||||
ssl_sess = SSL_get0_session(s_stream->ssl);
|
||||
up_session_set(s_stream->mgr->up_sess_cache, &(ctx->addr), ctx->addrlen, s_stream->client_hello->sni,
|
||||
ssl_sess);
|
||||
up_session_set(s_stream->mgr->up_sess_cache, (struct sockaddr *)&(ctx->addr),
|
||||
ctx->addrlen, s_stream->client_hello->sni, ssl_sess);
|
||||
promise_success(promise, ctx);
|
||||
}
|
||||
else
|
||||
@@ -620,7 +622,7 @@ static void ssl_connect_origin_eventcb(struct bufferevent * bev, short events, v
|
||||
static void peek_chello_on_succ(future_result_t * result, void * user)
|
||||
{
|
||||
struct promise * p = (struct promise *) user;
|
||||
struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) promise_dettach_ctx(p);
|
||||
struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) promise_get_ctx(p);
|
||||
|
||||
struct ssl_chello * chello = ssl_peek_result_release_chello(result);//chello has been saved in ssl_stream.
|
||||
ctx->s_stream = ssl_stream_new(ctx->mgr, ctx->fd_upstream, CONN_DIR_UPSTREAM, chello, NULL);
|
||||
@@ -628,7 +630,7 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
|
||||
ctx->s_stream->ssl, BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS);
|
||||
|
||||
bufferevent_openssl_set_allow_dirty_shutdown(ctx->bev, 1);
|
||||
bufferevent_setcb(ctx->bev, NULL, NULL, ssl_connect_origin_eventcb, ctx);
|
||||
bufferevent_setcb(ctx->bev, NULL, NULL, ssl_connect_origin_eventcb, p);
|
||||
bufferevent_disable(ctx->bev, EV_READ | EV_WRITE); //waiting for connect event only
|
||||
|
||||
future_destroy(ctx->f_peek_chello);
|
||||
@@ -653,11 +655,10 @@ extern void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, e
|
||||
struct ssl_connect_origin_ctx * ctx = ALLOC(struct ssl_connect_origin_ctx, 1);
|
||||
int ret = 0;
|
||||
|
||||
struct sockaddr addr;
|
||||
socklen_t addrlen;
|
||||
|
||||
ret = getpeername(fd_downstream, &(ctx->addr), &(ctx->addrlen));
|
||||
ctx->addrlen = sizeof(ctx->addr);
|
||||
ret = getpeername(fd_downstream, (struct sockaddr *)&(ctx->addr), &(ctx->addrlen));
|
||||
assert(ret == 0);
|
||||
|
||||
ctx->fd_downstream = fd_downstream;
|
||||
ctx->fd_upstream = fd_upstream;
|
||||
ctx->evbase = evbase;
|
||||
@@ -666,7 +667,6 @@ extern void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, e
|
||||
|
||||
ctx->f_peek_chello = future_create(peek_chello_on_succ, peek_chello_on_fail, p);
|
||||
ssl_async_peek_client_hello(ctx->f_peek_chello, fd_downstream, evbase, mgr->logger);
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -705,7 +705,7 @@ static int ossl_sessnew_cb(SSL * ssl, SSL_SESSION * sess)
|
||||
*/
|
||||
static void ossl_sessremove_cb(SSL_CTX * sslctx, SSL_SESSION * sess)
|
||||
{
|
||||
struct ssl_mgr * mgr = (struct ssl_mgr *)SSL_CTX_get_ex_data(sslctx, SSL_EX_DATA_IDX_SSLMGR);
|
||||
struct ssl_mgr * mgr = (struct ssl_mgr *) SSL_CTX_get_ex_data(sslctx, SSL_EX_DATA_IDX_SSLMGR);
|
||||
assert(mgr != NULL);
|
||||
|
||||
if (sess)
|
||||
@@ -722,11 +722,11 @@ static void ossl_sessremove_cb(SSL_CTX * sslctx, SSL_SESSION * sess)
|
||||
*/
|
||||
static SSL_SESSION * ossl_sessget_cb(SSL * ssl, const unsigned char * id, int idlen, int * copy)
|
||||
{
|
||||
struct ssl_mgr * mgr = (struct ssl_mgr *)SSL_get_ex_data(ssl, SSL_EX_DATA_IDX_SSLMGR);
|
||||
struct ssl_mgr * mgr = (struct ssl_mgr *) SSL_get_ex_data(ssl, SSL_EX_DATA_IDX_SSLMGR);
|
||||
SSL_SESSION * sess;
|
||||
|
||||
*copy = 0; /* SSL should not increment reference count of session */
|
||||
sess = (SSL_SESSION *)down_session_get(mgr->down_sess_cache, id, idlen);
|
||||
sess = (SSL_SESSION *) down_session_get(mgr->down_sess_cache, id, idlen);
|
||||
return sess;
|
||||
}
|
||||
|
||||
@@ -844,7 +844,8 @@ static SSL * downstream_ssl_create(struct ssl_mgr * mgr, struct keyring * crt)
|
||||
SSL_CTX_sess_set_remove_cb(sslctx, ossl_sessremove_cb);
|
||||
SSL_CTX_sess_set_get_cb(sslctx, ossl_sessget_cb);
|
||||
SSL_CTX_set_session_cache_mode(sslctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_INTERNAL);
|
||||
SSL_CTX_set_session_id_context(sslctx, (const unsigned char *)mgr->ssl_session_context, sizeof(mgr->ssl_session_context));
|
||||
SSL_CTX_set_session_id_context(sslctx, (const unsigned char *) mgr->ssl_session_context,
|
||||
sizeof(mgr->ssl_session_context));
|
||||
|
||||
if (mgr->dh)
|
||||
{
|
||||
@@ -919,7 +920,7 @@ void query_cert_ctx_free(struct ask_keyring_ctx * ctx)
|
||||
|
||||
void query_cert_ctx_free(struct promise * p)
|
||||
{
|
||||
struct ask_keyring_ctx * ctx = (struct ask_keyring_ctx *)promise_dettach_ctx(p);
|
||||
struct ask_keyring_ctx * ctx = (struct ask_keyring_ctx *) promise_dettach_ctx(p);
|
||||
query_cert_ctx_free(ctx);
|
||||
}
|
||||
|
||||
@@ -1035,7 +1036,7 @@ static void pxy_ssl_shutdown_cb(evutil_socket_t fd, short what, void * arg)
|
||||
{
|
||||
struct ssl_shutdown_ctx * ctx = (struct ssl_shutdown_ctx *) arg;
|
||||
|
||||
struct timeval retry_delay = {0, 100 };
|
||||
struct timeval retry_delay = {0, 100};
|
||||
|
||||
void * logger = ctx->s_stream->mgr->logger;
|
||||
short want = 0;
|
||||
|
||||
2087
platform/src/ssl_utils.cc
Normal file
2087
platform/src/ssl_utils.cc
Normal file
File diff suppressed because it is too large
Load Diff
2
vendor/CMakeLists.txt
vendored
2
vendor/CMakeLists.txt
vendored
@@ -136,7 +136,7 @@ set_property(TARGET wiredcfg PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR
|
||||
set_property(TARGET wiredcfg PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
|
||||
|
||||
add_library(MESA_htable SHARED IMPORTED GLOBAL)
|
||||
set_property(TARGET MESA_htable PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libmaatframe.so)
|
||||
set_property(TARGET MESA_htable PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libMESA_htable.so)
|
||||
set_property(TARGET MESA_htable PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
|
||||
|
||||
add_library(maatframe SHARED IMPORTED GLOBAL)
|
||||
|
||||
Reference in New Issue
Block a user