gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1. 可以获取x509证书的ct和ev状态。2. hostname不匹配,不认为是非法证书。

Browse Source
This commit is contained in:
zhengchao
2019-05-15 20:09:12 +08:00
parent ae678d5128
commit ea0292f1b4
7 changed files with 846 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
platform/include/internal/ssl_trusted_cert_storage.h
View File

@@ -20,7 +20,14 @@ struct cert_verify_param
char no_verify_issuer;
char no_verify_expiry_date;
};
int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storage, SSL * ssl, const char* hostname, struct cert_verify_param* param, char* reason, size_t n_reason);
struct cert_verify_result
{
char is_hostmatched;
char is_ev;
char is_ct;
int error_code;
};
int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storage, SSL * ssl, const char* hostname, struct cert_verify_param* param, char* reason, size_t n_reason, struct cert_verify_result* result);
int ssl_trusted_cert_storage_add(struct ssl_trusted_cert_storage* storage, enum ssl_X509_obj_type type, const char* filename);
int ssl_trusted_cert_storage_del(struct ssl_trusted_cert_storage* storage, enum ssl_X509_obj_type type, const char* filename);
void ssl_trusted_cert_storage_reset(struct ssl_trusted_cert_storage* storage);