未完成：在ssl_stream_free中检测pinning。

author: zhengchao <[email protected]> 2019-06-10 21:27:27 +0800
committer: zhengchao <[email protected]> 2019-06-11 15:26:16 +0800
commit: a396bec43422a4fde38e21791cb356bc7d918514 (patch)
tree: bc483daf07c90b67895d97ec784fea50469e210e /plugin/business/ssl-policy/src/ssl_policy.cpp
parent: f18c5efdb173da7b8dbff72aa19b461d87970132 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp
index dbc5a6e..0448fd8 100644
--- a/plugin/business/ssl-policy/src/ssl_policy.cpp
+++ b/plugin/business/ssl-policy/src/ssl_policy.cpp
@@ -132,6 +132,11 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin
 			if(item && item->type==cJSON_String) param->ssl_min_version=sslver_str2num(item->valuestring);
 			item=cJSON_GetObjectItem(ssl_ver, "max");	
 			if(item && item->type==cJSON_String) param->ssl_max_version=sslver_str2num(item->valuestring);
+			if(param->ssl_min_version<0||param->ssl_max_version<0)
+			{
+				param->mirror_client_version=1;
+				TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: ssl version = %s", item->valuestring);
+			}
 		}
 		item=cJSON_GetObjectItem(ssl_ver, "allow_http2"); 
 		if(item && item->type==cJSON_Number) param->allow_http2=item->valueint;
author	zhengchao <[email protected]>	2019-06-10 21:27:27 +0800
committer	zhengchao <[email protected]>	2019-06-11 15:26:16 +0800
commit	a396bec43422a4fde38e21791cb356bc7d918514 (patch)
tree	bc483daf07c90b67895d97ec784fea50469e210e /plugin/business/ssl-policy/src/ssl_policy.cpp
parent	f18c5efdb173da7b8dbff72aa19b461d87970132 (diff)