From f99cfe9c1c09645753a1035a077cf979c09f55ed Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Mon, 11 Jan 2021 23:06:19 +0600 Subject: [PATCH] =?UTF-8?q?TSG-5246=20=E6=8B=A6=E6=88=AA=E7=8A=B6=E6=80=81?= =?UTF-8?q?=E4=B8=8B=EF=BC=8C=E4=BD=BF=E7=94=A8=E6=9C=AA=E8=A3=85=E6=A0=B9?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=E7=9A=84=20firefox=20=E8=AE=BF=E9=97=AE=20tw?= =?UTF-8?q?itter.com=20=E6=97=B6=EF=BC=8C=E5=8A=9F=E8=83=BD=E7=AB=AF?= =?UTF-8?q?=E6=9C=AA=E6=A3=80=E6=B5=8B=E5=87=BA=20Pinning=20=E7=89=B9?= =?UTF-8?q?=E5=BE=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- platform/include/internal/ssl_stream_core.h | 6 ++++-- platform/src/ssl_stream.cpp | 2 +- platform/src/tcp_stream.cpp | 16 ++++++++++++++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/platform/include/internal/ssl_stream_core.h b/platform/include/internal/ssl_stream_core.h index 6be60e6..e2d1601 100644 --- a/platform/include/internal/ssl_stream_core.h +++ b/platform/include/internal/ssl_stream_core.h @@ -24,8 +24,10 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section void ssl_manager_set_new_upstream_cb(struct ssl_mgr * mgr, ssl_stream_new_hook* new_upstream_cb, void* u_para); void ssl_manager_destroy(struct ssl_mgr * mgr); unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr); -void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* mgr); - +void ssl_stream_process_error(struct ssl_stream * s_stream, unsigned long sslerr, struct ssl_mgr* mgr); +const char* ssl_stream_get_error_string(enum ssl_stream_error error); +void ssl_stream_set_cmsg_string(struct ssl_stream *stream, enum tfe_cmsg_tlv_type type, const char *value_str); +void ssl_stream_process_zero_eof(struct ssl_stream *s_stream, struct ssl_mgr *mgr); enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result); struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result); diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index 32c4aa1..67e3a41 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -1072,7 +1072,7 @@ const char* ssl_stream_dump_info(struct ssl_stream *stream, char* buffer, size_t stream->dir==CONN_DIR_UPSTREAM ? stream->up_parts.client_hello->sni:NULL); return buffer; } -static void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, const char* value_str) +void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, const char* value_str) { struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream); UNUSED int ret=tfe_cmsg_set(cmsg, type, (const unsigned char*)value_str, (uint16_t)strlen(value_str)); diff --git a/platform/src/tcp_stream.cpp b/platform/src/tcp_stream.cpp index 13faccb..7c7054c 100644 --- a/platform/src/tcp_stream.cpp +++ b/platform/src/tcp_stream.cpp @@ -826,8 +826,20 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void * { if (_stream->session_type == STREAM_PROTO_SSL) { - ssl_stream_log_error(bev, __bev_dir(_stream, bev), _stream->ssl_mgr); - } + unsigned long sslerr = ssl_stream_log_error(bev, __bev_dir(_stream, bev), _stream->ssl_mgr); + if (sslerr) + { + TFE_LOG_ERROR(g_default_logger, "%s %s connection error at tcp layer, ssl layer is unavailable", _stream->str_stream_addr, str_conn_dir); + enum ssl_stream_error error = SSL_STREAM_R_SERVER_PROTOCOL_ERROR; + if (__bev_dir(_stream, bev) == CONN_DIR_DOWNSTREAM) + { + error = SSL_STREAM_R_CLIENT_PROTOCOL_ERROR; + } + + ssl_stream_set_cmsg_string(*ref_this_ssl_stream, TFE_CMSG_SSL_ERROR, ssl_stream_get_error_string(error)); + ssl_stream_process_error(*ref_this_ssl_stream, sslerr, _stream->ssl_mgr); + } + } else if (errno) { TFE_LOG_INFO(g_default_logger, "%s %s connection error, errno = %d, %s",