gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-5246 拦截状态下,使用未装根证书的 firefox 访问 twitter.com 时,功能端未检测出 Pinning 特征

Browse Source
This commit is contained in:
luwenpeng
2021-01-11 23:06:19 +06:00
parent 933f9e3b02
commit f99cfe9c1c
3 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
platform/include/internal/ssl_stream_core.h
View File

@@ -24,8 +24,10 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
void ssl_manager_set_new_upstream_cb(struct ssl_mgr * mgr, ssl_stream_new_hook* new_upstream_cb, void* u_para); void ssl_manager_set_new_upstream_cb(struct ssl_mgr * mgr, ssl_stream_new_hook* new_upstream_cb, void* u_para);
void ssl_manager_destroy(struct ssl_mgr * mgr); void ssl_manager_destroy(struct ssl_mgr * mgr);
unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr); unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr);
void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* mgr); void ssl_stream_process_error(struct ssl_stream * s_stream, unsigned long sslerr, struct ssl_mgr* mgr);
const char* ssl_stream_get_error_string(enum ssl_stream_error error);
void ssl_stream_set_cmsg_string(struct ssl_stream *stream, enum tfe_cmsg_tlv_type type, const char *value_str);
void ssl_stream_process_zero_eof(struct ssl_stream *s_stream, struct ssl_mgr *mgr);
enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result); enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result);
struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result); struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result);

2
platform/src/ssl_stream.cpp
View File

@@ -1072,7 +1072,7 @@ const char* ssl_stream_dump_info(struct ssl_stream *stream, char* buffer, size_t
stream->dir==CONN_DIR_UPSTREAM ? stream->up_parts.client_hello->sni:NULL); stream->dir==CONN_DIR_UPSTREAM ? stream->up_parts.client_hello->sni:NULL);
return buffer; return buffer;
} }
static void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, const char* value_str) void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, const char* value_str)
{ {
struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream); struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream);
UNUSED int ret=tfe_cmsg_set(cmsg, type, (const unsigned char*)value_str, (uint16_t)strlen(value_str)); UNUSED int ret=tfe_cmsg_set(cmsg, type, (const unsigned char*)value_str, (uint16_t)strlen(value_str));

16
platform/src/tcp_stream.cpp
View File

@@ -826,8 +826,20 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void *
{ {
if (_stream->session_type == STREAM_PROTO_SSL) if (_stream->session_type == STREAM_PROTO_SSL)
{ {
ssl_stream_log_error(bev, __bev_dir(_stream, bev), _stream->ssl_mgr); unsigned long sslerr = ssl_stream_log_error(bev, __bev_dir(_stream, bev), _stream->ssl_mgr);
} if (sslerr)
{
TFE_LOG_ERROR(g_default_logger, "%s %s connection error at tcp layer, ssl layer is unavailable", _stream->str_stream_addr, str_conn_dir);
enum ssl_stream_error error = SSL_STREAM_R_SERVER_PROTOCOL_ERROR;
if (__bev_dir(_stream, bev) == CONN_DIR_DOWNSTREAM)
{
error = SSL_STREAM_R_CLIENT_PROTOCOL_ERROR;
}
ssl_stream_set_cmsg_string(*ref_this_ssl_stream, TFE_CMSG_SSL_ERROR, ssl_stream_get_error_string(error));
ssl_stream_process_error(*ref_this_ssl_stream, sslerr, _stream->ssl_mgr);
}
}
else if (errno) else if (errno)
{ {
TFE_LOG_INFO(g_default_logger, "%s %s connection error, errno = %d, %s", TFE_LOG_INFO(g_default_logger, "%s %s connection error, errno = %d, %s",