1. ssl增加no_verify_cert开关，可以关闭证书校验；

2. ssl_utils.cc改名为ssl_utils.cpp; 3. 暂时使用tcmalloc接管内存分配； 4. 原work thread选择算法存在bug，暂时改为轮询； 5. FieldStat状态输出暂时改为Field格式，便于观察实时性能，Future的状态输出暂时改为累计值；
2019-01-14 18:23:46 +06:00
parent f5c153c59e
commit f21d51de3d
8 changed files with 53 additions and 26 deletions
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -121,7 +121,7 @@ struct ssl_mgr
 	unsigned int no_tls12;
 	unsigned int no_sessticket;
 	unsigned int no_alpn;
-	
+	unsigned int no_cert_verify;
 	CONST_SSL_METHOD * (* sslmethod)(void);        //Parameter of SSL_CTX_new
 	int ssl_min_version, ssl_max_version;
 	char ssl_session_context[8];
@@ -312,7 +312,7 @@ void ssl_stat_init(struct ssl_mgr * mgr)
 	{
 		if(spec[i]!=NULL)
 		{
-			mgr->fs_id[i]=FS_register(mgr->fs_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,spec[i]);
+			mgr->fs_id[i]=FS_register(mgr->fs_handle, FS_STYLE_FIELD, FS_CALC_CURRENT,spec[i]);
 		}
 	}

@@ -578,10 +578,9 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 		sizeof(mgr->default_ciphers), DFLT_CIPHERS);
 	MESA_load_profile_uint_def(ini_profile, section, "no_session_ticket", &(mgr->no_sessticket), 0);
 	MESA_load_profile_uint_def(ini_profile, section, "no_alpn", &(mgr->no_alpn), 0);
+	MESA_load_profile_uint_def(ini_profile, section, "no_cert_verify", &(mgr->no_cert_verify), 0);


-	
-
 	MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024);
 	MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds", &(mgr->sess_expire_seconds), 30 * 60);

@@ -1033,8 +1032,15 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,

 		if(!SSL_session_reused(s_stream->ssl))
 		{
-			s_stream->is_peer_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store, 
+			if(mgr->no_cert_verify)
+			{
+				s_stream->is_peer_cert_verify_passed=1;
+			}
+			else
+			{				
+				s_stream->is_peer_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store, 
 													s_stream->ssl, error_str, sizeof(error_str));
+			}
 			if(s_stream->is_peer_cert_verify_passed)
 			{
 				//ONLY verified session is cacheable.