gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1. 可以获取x509证书的ct和ev状态。2. hostname不匹配,不认为是非法证书。

Browse Source
This commit is contained in:
zhengchao
2019-05-15 20:09:12 +08:00
parent ae678d5128
commit ea0292f1b4
7 changed files with 846 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
platform/include/internal/ssl_trusted_cert_storage.h
View File

@@ -20,7 +20,14 @@ struct cert_verify_param
char no_verify_issuer;
char no_verify_expiry_date;
};
int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storage, SSL * ssl, const char* hostname, struct cert_verify_param* param, char* reason, size_t n_reason);
struct cert_verify_result
{
char is_hostmatched;
char is_ev;
char is_ct;
int error_code;
};
int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storage, SSL * ssl, const char* hostname, struct cert_verify_param* param, char* reason, size_t n_reason, struct cert_verify_result* result);
int ssl_trusted_cert_storage_add(struct ssl_trusted_cert_storage* storage, enum ssl_X509_obj_type type, const char* filename);
int ssl_trusted_cert_storage_del(struct ssl_trusted_cert_storage* storage, enum ssl_X509_obj_type type, const char* filename);
void ssl_trusted_cert_storage_reset(struct ssl_trusted_cert_storage* storage);

2
platform/include/internal/ssl_utils.h
View File

@@ -164,6 +164,8 @@ int ssl_x509_is_valid(X509 *);
char * ssl_x509_to_str(X509 *);
char * ssl_x509_to_pem(X509 *);
void ssl_x509_refcount_inc(X509 *);
char* ssl_x509_get_extension(X509 *cert, int ext_NID);
int ssl_x509_is_ev(const char* policy_oid);
int ssl_x509chain_load(X509 **, STACK_OF(X509) **, const char *);
void ssl_x509chain_use(SSL_CTX *, X509 *, STACK_OF(X509) *);