diff options
| author | luwenpeng <[email protected]> | 2019-10-14 11:12:01 +0800 |
|---|---|---|
| committer | 卢文朋 <[email protected]> | 2019-10-23 11:09:22 +0800 |
| commit | 8cf94539803ccc11d1d205122d87a422e7a8f469 (patch) | |
| tree | 1895634ca2d5e3154059a537d7562ad488632654 | |
| parent | e79b52af16d61f2b0a508ec8f51a4079d8737b2e (diff) | |
修改拦截策略拦截动作时user_region表的json参数变更:v4.3.20-202011v4.2.0-20191206release-4.2
1)exclusions修正为dynamic_bypass;
2)pinning修正为cert_pinning;
3)client_cert_req修正为mutual_authentication;
4)cert_verify修正为certificate_checks;
5)fail_method修正为fail_action;
6)ssl_ver修正为protocol_version。
| -rw-r--r-- | plugin/business/ssl-policy/src/ssl_policy.cpp | 12 | ||||
| -rw-r--r-- | resource/pangu/pangu_http.json | 4 |
2 files changed, 8 insertions, 8 deletions
diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp index dff2f9a..8489ffb 100644 --- a/plugin/business/ssl-policy/src/ssl_policy.cpp +++ b/plugin/business/ssl-policy/src/ssl_policy.cpp @@ -97,22 +97,22 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin } } - exclusions=cJSON_GetObjectItem(json, "exclusions"); + exclusions=cJSON_GetObjectItem(json, "dynamic_bypass"); if(exclusions) { item=cJSON_GetObjectItem(exclusions, "ev_cert"); if(item && item->type==cJSON_Number) param->bypass_ev_cert=item->valueint; item=cJSON_GetObjectItem(exclusions, "cert_transparency"); if(item && item->type==cJSON_Number) param->bypass_ct_cert=item->valueint; - item=cJSON_GetObjectItem(exclusions, "client_cert_req"); + item=cJSON_GetObjectItem(exclusions, "mutual_authentication"); if(item && item->type==cJSON_Number) param->bypass_mutual_auth=item->valueint; - item=cJSON_GetObjectItem(exclusions, "pinning"); + item=cJSON_GetObjectItem(exclusions, "cert_pinning"); if(item && item->type==cJSON_Number) param->bypass_pinning=item->valueint; item=cJSON_GetObjectItem(exclusions, "protocol_errors"); if(item && item->type==cJSON_Number) param->bypass_protocol_errors=item->valueint; } - cert_verify=cJSON_GetObjectItem(json, "cert_verify"); + cert_verify=cJSON_GetObjectItem(json, "certificate_checks"); if(cert_verify) { approach=cJSON_GetObjectItem(cert_verify, "approach"); @@ -127,7 +127,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin item=cJSON_GetObjectItem(approach, "expiration"); if(item && item->type==cJSON_Number && item->valueint==0) param->no_verify_expry_date=1; } - item=cJSON_GetObjectItem(cert_verify, "fail_method"); + item=cJSON_GetObjectItem(cert_verify, "fail_action"); if(item && item->type==cJSON_String) { if(0==strcasecmp(item->valuestring, "Fail-Close")) @@ -136,7 +136,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin } } } - ssl_ver=cJSON_GetObjectItem(json, "ssl_ver"); + ssl_ver=cJSON_GetObjectItem(json, "protocol_version"); if(ssl_ver) { item=cJSON_GetObjectItem(ssl_ver, "mirror_client"); diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index 6c90056..b2a3b15 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -315,8 +315,8 @@ { "table_name": "PXY_INTERCEPT_COMPILE", "table_content": [ - "0\t0\t2\t1\t1\t{}\t{\"keyring\":765,\"exclusions\":{\"ev_cert\":0,\"cert_transparency\":0,\"client_cert_req\":1,\"pinning\":1,\"protocol_errors\":1},\"cert_verify\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_method\":\"pass-through\"},\"ssl_ver\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", - "1\t0\t2\t1\t1\t{}\t{\"keyring\":0,\"exclusions\":{\"ev_cert\":0,\"cert_transparency\":0,\"client_cert_req\":1,\"pinning\":1},\"cert_verify\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_method\":\"pass-through\"},\"ssl_ver\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2" + "0\t0\t2\t1\t1\t{}\t{\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", + "1\t0\t2\t1\t1\t{}\t{\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2" ] } ] |