TSG-1518 改进TFE查询Certstore过程的异常处理机制

2020-05-18 20:32:38 +08:00
parent 0d5244ca30
commit f4b2f1a484
2 changed files with 102 additions and 1 deletions
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -64,6 +64,8 @@ static unsigned char SSL_ALPN_HTTP_2[]={2, 'h','2',0};
 */
 #define DFLT_CURVE "prime256v1"

+extern long long certstore_is_unavailable;
+
 enum ssl_stream_stat
 {
 	SSL_UP_NEW,
@@ -1420,6 +1422,13 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
 	{
 		s_stream->up_parts.action=SSL_ACTION_INTERCEPT;
 	}
+
+	if (ATOMIC_READ(&certstore_is_unavailable) > 3)
+	{
+		s_stream->up_parts.action=SSL_ACTION_PASSTHROUGH;
+		TFE_LOG_ERROR(ctx->mgr->logger, "CertStore is unavailable, PASSTHROUGH");
+	}
+	
 	ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_INTERCEPT_STATE, s_stream->up_parts.action);
 	ctx->s_stream = s_stream;
 	if(s_stream->up_parts.action==SSL_ACTION_PASSTHROUGH)