diff options
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/business/ssl-policy/src/ssl_policy.cpp | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp index 856c0e7..1d77389 100644 --- a/plugin/business/ssl-policy/src/ssl_policy.cpp +++ b/plugin/business/ssl-policy/src/ssl_policy.cpp @@ -279,7 +279,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_p ssl_stream_set_cmsg_string(upstream, TFE_CMSG_SSL_PASSTHROUGH_REASON, "Invalid Decryption Param"); return SSL_ACTION_PASSTHROUGH; } - int pinning_staus = 0, is_ev = 0, is_ct = 0, is_mauth = 0, has_error = 0, ja3_pinning_status = 0; + int pinning_staus = 0, is_ev = 0, is_ct = 0, is_mauth = 0, has_error = 0, is_app_not_pinning = 0; if (!profile_param->mirror_client_version) { ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MIN_VERSION, profile_param->ssl_min_version); @@ -311,7 +311,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_p assert(ret == 0); ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus); assert(ret == 0); - ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_JA3_PINNING_STATUS, &ja3_pinning_status); + ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_APP_STATUS, &is_app_not_pinning); assert(ret == 0); ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_EV_CERT, &is_ev); assert(ret == 0); @@ -322,13 +322,13 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_p ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_HAS_PROTOCOL_ERRORS, &has_error); assert(ret == 0); - if (pinning_staus == 1 && ja3_pinning_status == JA3_PINNING_STATUS_NOT_PINNING && profile_param->bypass_uninstall_cert_traffic) + if (pinning_staus == 1 && is_app_not_pinning == 1 && profile_param->bypass_uninstall_cert_traffic) { action = SSL_ACTION_PASSTHROUGH; ssl_stream_set_cmsg_string(upstream, TFE_CMSG_SSL_PASSTHROUGH_REASON, "Certificate Not Installed"); TFE_LOG_DEBUG(g_default_logger, "%s %s enforce policy %s, action PASSTHROUGH due to Certificate Not Installed", addr_string, sni, rule_uuid_str); } - else if ((pinning_staus == 1 || ja3_pinning_status == JA3_PINNING_STATUS_IS_PINNING) && ja3_pinning_status != JA3_PINNING_STATUS_NOT_PINNING && profile_param->bypass_pinning) + else if (pinning_staus == 1 && is_app_not_pinning == 0 && profile_param->bypass_pinning) { action = SSL_ACTION_PASSTHROUGH; ssl_stream_set_cmsg_string(upstream, TFE_CMSG_SSL_PASSTHROUGH_REASON, "Certificate Pinning"); @@ -366,4 +366,4 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_p profile_param_free(profile_param); profile_param = NULL; return action; -} +}
\ No newline at end of file |