summaryrefslogtreecommitdiff
path: root/plugin
diff options
context:
space:
mode:
authorluwenpeng <[email protected]>2022-11-08 10:53:05 +0800
committerluwenpeng <[email protected]>2022-11-08 11:18:53 +0800
commit87adce7cbf4e2c715776199228ac04ff396d33f7 (patch)
tree317a966126a33579218ccd37713799616a0de236 /plugin
parentd63b40db172908f429adf36bacb600369ef8ef09 (diff)
TSG-12548 TFE适配拦截策略的keyring_for_untrusted字段
* keyring拆分为keyring_for_trusted与keyring_for_untrusted
Diffstat (limited to 'plugin')
-rw-r--r--plugin/business/ssl-policy/src/ssl_policy.cpp34
1 files changed, 27 insertions, 7 deletions
diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp
index 3a41894..5ee9b3e 100644
--- a/plugin/business/ssl-policy/src/ssl_policy.cpp
+++ b/plugin/business/ssl-policy/src/ssl_policy.cpp
@@ -18,7 +18,8 @@ struct intercept_param
{
int policy_id;
int ref_cnt;
- int keyring;
+ int keyring_for_trusted;
+ int keyring_for_untrusted;
int decryption_profile_id;
};
@@ -99,23 +100,41 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin
param->bypass_pinning=1;
param->mirror_client_version=1;
*/
- param->keyring=1;
+ param->keyring_for_trusted=1;
+ param->keyring_for_untrusted=0;
param->decryption_profile_id=0;
- item=cJSON_GetObjectItem(json, "keyring");
+ item=cJSON_GetObjectItem(json, "keyring_for_trusted");
if(item)
{
if(item->type==cJSON_Number)
{
- param->keyring=item->valueint;
+ param->keyring_for_trusted=item->valueint;
}
else if(item->type==cJSON_String)
{
- param->keyring=atoi(item->valuestring);
+ param->keyring_for_trusted=atoi(item->valuestring);
}
else
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %d invalid keyring format", param->policy_id);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %d invalid keyring_for_trusted format", param->policy_id);
+ }
+ }
+
+ item=cJSON_GetObjectItem(json, "keyring_for_untrusted");
+ if(item)
+ {
+ if(item->type==cJSON_Number)
+ {
+ param->keyring_for_untrusted=item->valueint;
+ }
+ else if(item->type==cJSON_String)
+ {
+ param->keyring_for_untrusted=atoi(item->valuestring);
+ }
+ else
+ {
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %d invalid keyring_for_untrusted format", param->policy_id);
}
}
@@ -380,7 +399,8 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
{
ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_BLOCK_FAKE_CERT, 1);
}
- ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_ID, policy_param->keyring);
+ ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_FOR_TRUSTED, policy_param->keyring_for_trusted);
+ ret=ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED, policy_param->keyring_for_untrusted);
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus);
assert(ret==0);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 22:51:48 +0000