diff options
| author | fengweihao <[email protected]> | 2019-05-14 10:25:00 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2019-05-14 10:25:00 +0800 |
| commit | f6b42ceed53c481de40aea852c607a8d0951954d (patch) | |
| tree | 729679a1fc8d5a8450cad554638250f0bd103d88 | |
| parent | 4cd7deea4eb5692d30ae7fdd4cd6adeacd49f70f (diff) | |
fixes #12
1修改Redis中keyz值
原key值为:keyring_id + 请求源指纹
修改为: keyring_id(非0) + 请求源指纹 + 根证书指纹
keyring_id(0) + 请求源指纹
| -rw-r--r-- | src/cert_conf.h | 1 | ||||
| -rw-r--r-- | src/cert_session.c | 27 |
2 files changed, 27 insertions, 1 deletions
diff --git a/src/cert_conf.h b/src/cert_conf.h index 7da297c..27a4543 100644 --- a/src/cert_conf.h +++ b/src/cert_conf.h @@ -34,6 +34,7 @@ struct pxy_obj_keyring{ int service; EVP_PKEY *key; X509 *root; + char digest[EVP_MAX_MD_SIZE]; char name[128]; char type[128]; char ctl[512]; diff --git a/src/cert_session.c b/src/cert_session.c index f1543fe..5b1c7f2 100644 --- a/src/cert_session.c +++ b/src/cert_session.c @@ -1559,6 +1559,7 @@ finish: static int x509_get_rkey(X509 *origin, int keyring_id, char *rkey) { + void *odata = NULL; unsigned int len = 0, i = 0; char hex[EVP_MAX_MD_SIZE] = {0}; unsigned char fdig[EVP_MAX_MD_SIZE] = {0}; @@ -1567,7 +1568,18 @@ x509_get_rkey(X509 *origin, int keyring_id, char *rkey) for (i = 0; i < len ; ++i){ sprintf(hex + i * sizeof(unsigned char) * 2, "%02x", fdig[i]); } + struct key_ring_list *keyring = &cert_default_config()->keyring; + if (keyring->htable != NULL){ + odata = MESA_htable_search(keyring->htable, (const uchar *)&(keyring_id), sizeof(int)); + if (odata){ + struct pxy_obj_keyring *pxy_obj = (struct pxy_obj_keyring *)odata; + + snprintf(rkey, DATALEN, "%d:%s:%s", keyring_id, hex, pxy_obj->digest); + goto finish; + } + } snprintf(rkey, DATALEN, "%d:%s", keyring_id, hex); +finish: return 0; } @@ -2010,6 +2022,19 @@ finish: } static void +x509_get_fingerprint(X509 *x509, char *digest) +{ + unsigned int len = 0, i = 0; + unsigned char fdig[EVP_MAX_MD_SIZE] = {0}; + + X509_digest(x509, EVP_sha1(), fdig, &len); + for (i = 0; i < len ; ++i){ + sprintf(digest + i * sizeof(unsigned char) * 2, "%02x", fdig[i]); + } + return; +} + +static void Maat_read_entry_cb(int __attribute__((__unused__))table_id, const char* table_line, void *u_para) { @@ -2048,7 +2073,7 @@ Maat_read_entry_cb(int __attribute__((__unused__))table_id, const char* table_li } mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "initialize the x509 certificate, the keyring id is %d", pxy_obj->id); - + x509_get_fingerprint(pxy_obj->root, pxy_obj->digest); MESA_htable_add(htable, (const uchar *)(&(pxy_obj->id)), sizeof(int), pxy_obj); keyring->sum_cnt++; }else{ |