修改pinning判断条件v4.0.3-20190628

author: 崔一鸣 <[email protected]> 2019-06-28 12:05:47 +0600
committer: 崔一鸣 <[email protected]> 2019-06-28 12:05:47 +0600
commit: 53f537397f3534d59c024b08d73f49fda1e4a219 (patch)
tree: 80474a4d4ad5e3fcd300d731ba9ef9bf82cac5a9
parent: 65e0ac29d5dff00652f2ed7a5c5da982f36d1417 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index c821ab1..52fd29e 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -1163,9 +1163,13 @@ void ssl_stream_process_error(struct ssl_stream * s_stream, unsigned long sslerr
 	{
 		case	CONN_DIR_DOWNSTREAM:
 			 s_upstream= &(s_stream->peer->up_parts);
-			if(sslerr==SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN && 
-				s_upstream->is_server_cert_verify_passed && 
-				s_upstream->verify_result.is_hostmatched)
+			if( (sslerr==SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ||
+				 sslerr==SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ||
+				 sslerr==SSL_R_TLSV1_ALERT_UNKNOWN_CA ||
+				 sslerr==SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE ||
+				 sslerr==SSL_R_UNKNOWN_CERTIFICATE_TYPE ||)
+				&& s_upstream->is_server_cert_verify_passed
+				&& s_upstream->verify_result.is_hostmatched)
 			{
 				s_upstream->svc_status.pinning_status=PINNING_ST_PINNING;
 				ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
author	崔一鸣 <[email protected]>	2019-06-28 12:05:47 +0600
committer	崔一鸣 <[email protected]>	2019-06-28 12:05:47 +0600
commit	53f537397f3534d59c024b08d73f49fda1e4a219 (patch)
tree	80474a4d4ad5e3fcd300d731ba9ef9bf82cac5a9
parent	65e0ac29d5dff00652f2ed7a5c5da982f36d1417 (diff)