在ssl policy中处理keyring。

1 files changed, 4 insertions, 3 deletions

diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp
index dcbb12b..17c2d08 100644
--- a/plugin/business/ssl-policy/src/ssl_policy.cpp
+++ b/plugin/business/ssl-policy/src/ssl_policy.cpp
@@ -136,9 +136,8 @@ void intercept_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, v
 	param->ref_cnt--;
 	if(param->ref_cnt==0)
 	{
+		TFE_LOG_INFO(enforcer->logger, "Del intercept policy %d", param->policy_id);\
 		free(param);
-		TFE_LOG_INFO(enforcer->logger, "Del intercept policy %d", param->policy_id);
-		free(*ad);
 		*ad=NULL;
 	}
 }
@@ -193,6 +192,8 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
 	{
 		ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_BLOCK_FAKE_CERT, 1);
 	}
+	ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_ID, param->keyring);
+
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus);
 	assert(ret==1);
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_EV_CERT, &is_ev);
@@ -200,7 +201,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_MUTUAL_AUTH, &is_mauth);
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_CT_CERT, &is_ct);
 	assert(ret=1);
-	if( (pinning_staus>1 && param->bypass_pinning) ||
+	if( (pinning_staus==1 && param->bypass_pinning) ||
 		(is_mauth && param->bypass_mutual_auth) ||
 		(is_ev && param->bypass_ev_cert) ||
 		(is_ct && param->bypass_ct_cert) )