diff options
| author | luwenpeng <[email protected]> | 2021-01-11 23:06:19 +0600 |
|---|---|---|
| committer | luwenpeng <[email protected]> | 2021-01-11 23:06:19 +0600 |
| commit | f99cfe9c1c09645753a1035a077cf979c09f55ed (patch) | |
| tree | 5a5c2d7278478c5b46934b606d00933eb0b8f17f | |
| parent | 933f9e3b025f0b735d859a81c738c2f2fb0dd1c6 (diff) | |
TSG-5246 拦截状态下,使用未装根证书的 firefox 访问 twitter.com 时,功能端未检测出 Pinning 特征
| -rw-r--r-- | platform/include/internal/ssl_stream_core.h | 6 | ||||
| -rw-r--r-- | platform/src/ssl_stream.cpp | 2 | ||||
| -rw-r--r-- | platform/src/tcp_stream.cpp | 16 |
3 files changed, 19 insertions, 5 deletions
diff --git a/platform/include/internal/ssl_stream_core.h b/platform/include/internal/ssl_stream_core.h index 6be60e6..e2d1601 100644 --- a/platform/include/internal/ssl_stream_core.h +++ b/platform/include/internal/ssl_stream_core.h @@ -24,8 +24,10 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section void ssl_manager_set_new_upstream_cb(struct ssl_mgr * mgr, ssl_stream_new_hook* new_upstream_cb, void* u_para); void ssl_manager_destroy(struct ssl_mgr * mgr); unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr); -void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* mgr); - +void ssl_stream_process_error(struct ssl_stream * s_stream, unsigned long sslerr, struct ssl_mgr* mgr); +const char* ssl_stream_get_error_string(enum ssl_stream_error error); +void ssl_stream_set_cmsg_string(struct ssl_stream *stream, enum tfe_cmsg_tlv_type type, const char *value_str); +void ssl_stream_process_zero_eof(struct ssl_stream *s_stream, struct ssl_mgr *mgr); enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result); struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result); diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index 32c4aa1..67e3a41 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -1072,7 +1072,7 @@ const char* ssl_stream_dump_info(struct ssl_stream *stream, char* buffer, size_t stream->dir==CONN_DIR_UPSTREAM ? stream->up_parts.client_hello->sni:NULL); return buffer; } -static void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, const char* value_str) +void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, const char* value_str) { struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream); UNUSED int ret=tfe_cmsg_set(cmsg, type, (const unsigned char*)value_str, (uint16_t)strlen(value_str)); diff --git a/platform/src/tcp_stream.cpp b/platform/src/tcp_stream.cpp index 13faccb..7c7054c 100644 --- a/platform/src/tcp_stream.cpp +++ b/platform/src/tcp_stream.cpp @@ -826,8 +826,20 @@ static void __stream_bev_eventcb(struct bufferevent * bev, short events, void * { if (_stream->session_type == STREAM_PROTO_SSL) { - ssl_stream_log_error(bev, __bev_dir(_stream, bev), _stream->ssl_mgr); - } + unsigned long sslerr = ssl_stream_log_error(bev, __bev_dir(_stream, bev), _stream->ssl_mgr); + if (sslerr) + { + TFE_LOG_ERROR(g_default_logger, "%s %s connection error at tcp layer, ssl layer is unavailable", _stream->str_stream_addr, str_conn_dir); + enum ssl_stream_error error = SSL_STREAM_R_SERVER_PROTOCOL_ERROR; + if (__bev_dir(_stream, bev) == CONN_DIR_DOWNSTREAM) + { + error = SSL_STREAM_R_CLIENT_PROTOCOL_ERROR; + } + + ssl_stream_set_cmsg_string(*ref_this_ssl_stream, TFE_CMSG_SSL_ERROR, ssl_stream_get_error_string(error)); + ssl_stream_process_error(*ref_this_ssl_stream, sslerr, _stream->ssl_mgr); + } + } else if (errno) { TFE_LOG_INFO(g_default_logger, "%s %s connection error, errno = %d, %s", |