From f92b7098da98a916e9ebbebd4bca965778e17315 Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Tue, 3 Sep 2019 11:07:09 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20is=5Fapp=5Fnot=5Fpinning?= =?UTF-8?q?=20=E7=9A=84=E5=88=A4=E5=AE=9A=E6=9D=A1=E4=BB=B6=EF=BC=9A?= =?UTF-8?q?=E5=8E=9F=E6=9D=A5=E5=9C=A8=20client=20connected=20=E4=B9=8B?= =?UTF-8?q?=E5=90=8E=E5=88=A4=E5=AE=9A=EF=BC=8C=E7=8E=B0=E5=9C=A8=E5=9C=A8?= =?UTF-8?q?=20ssl=20stream=20free=20=E4=B9=8B=E5=89=8D=E5=88=A4=E5=AE=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- platform/src/ssl_stream.cpp | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index c600614..b9601c5 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -1871,10 +1871,10 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events, } s_stream->negotiated_version=SSL_version(s_stream->ssl); ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_CLIENT_SIDE_VERSION, SSL_get_version(s_stream->ssl)); - struct ssl_service_status svc_status; - memset(&svc_status, 0, sizeof(svc_status)); - svc_status.is_app_not_pinning=1; - ssl_service_cache_write(mgr->svc_cache, s_upstream->client_hello, s_stream->tcp_stream->addr, &svc_status); + // struct ssl_service_status svc_status; + // memset(&svc_status, 0, sizeof(svc_status)); + // svc_status.is_app_not_pinning=1; + // ssl_service_cache_write(mgr->svc_cache, s_upstream->client_hello, s_stream->tcp_stream->addr, &svc_status); promise_success(p, ctx); } @@ -2110,6 +2110,17 @@ void ssl_stream_free_and_close_fd(struct ssl_stream * s_stream, struct event_bas fd=bufferevent_getfd(bev); assert(fd==s_stream->_do_not_use.fd); unsigned long sslerr=0; + + size_t rx_offset_this_time = 0; + int ret = tfe_stream_info_get(s_stream->tcp_stream, INFO_FROM_DOWNSTREAM_RX_OFFSET, &rx_offset_this_time, sizeof(rx_offset_this_time)); + if (ret >= 0 && rx_offset_this_time > 0) + { + struct ssl_service_status svc_status; + memset(&svc_status, 0, sizeof(svc_status)); + svc_status.is_app_not_pinning=1; + ssl_service_cache_write(s_stream->mgr->svc_cache, s_stream->up_parts.client_hello, s_stream->tcp_stream->addr, &svc_status); + } + if(errno) { sslerr=ssl_stream_log_error(bev, s_stream->dir, s_stream->mgr); @@ -2198,6 +2209,7 @@ int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT } int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int *opt_val) { + const char * sni = (upstream->up_parts.client_hello->sni) ? (upstream->up_parts.client_hello->sni) : "null"; struct ssl_service_status* svc=&upstream->up_parts.svc_status; struct ssl_mgr* mgr=upstream->mgr; struct tfe_cmsg *cmsg=NULL; @@ -2217,10 +2229,14 @@ int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT case SSL_STREAM_OPT_PINNING_STATUS: if(mgr->root_cert_not_installed_is_not_pinning && svc->is_app_not_pinning) { + TFE_LOG_DEBUG(g_default_logger, "ssl svc client root_cert_not_installed_is_not_pinning:%d, is_app_not_pinning:%d, cli_pinning_status:%d, mod pinning:%d, sni:%s", + mgr->root_cert_not_installed_is_not_pinning, svc->is_app_not_pinning, svc->cli_pinning_status, PINNING_ST_NOT_PINNING, sni); *opt_val=PINNING_ST_NOT_PINNING; } else { + TFE_LOG_DEBUG(g_default_logger, "ssl svc client root_cert_not_installed_is_not_pinning:%d, is_app_not_pinning:%d, cli_pinning_status:%d, set pinning:%d, sni:%s", + mgr->root_cert_not_installed_is_not_pinning, svc->is_app_not_pinning, svc->cli_pinning_status, svc->cli_pinning_status, sni); *opt_val=svc->cli_pinning_status; } break;