Add get_version() to get the current SSL's version.

Author: zhengshuxin

lib_acl_cpp/include/acl_cpp/stream/mbedtls_io.hpp

@@ -49,6 +49,9 @@ class ACL_CPP_API mbedtls_io : public sslbase_io {
 	 */
 	bool check_peer();
 
+	// @override sslbase_io
+	int get_version() const;
+
 protected:
 	~mbedtls_io();
 

lib_acl_cpp/include/acl_cpp/stream/openssl_io.hpp

@@ -24,6 +24,9 @@ class ACL_CPP_API openssl_io : public sslbase_io {
 	 */
 	bool handshake();
 
+	// @override sslbase_io
+	int get_version() const;
+
 protected:
 	~openssl_io();
 

lib_acl_cpp/include/acl_cpp/stream/sslbase_conf.hpp

@@ -21,11 +21,12 @@ class ACL_CPP_API ssl_sni_checker {
 };
 
 enum {
-    ssl_ver_3_0,  // Not support.
-    tls_ver_1_0,  // Not support.
-    tls_ver_1_1,  // Not support.
-    tls_ver_1_2,
-    tls_ver_1_3,
+	ssl_ver_unknown,
+	ssl_ver_3_0,  // Not support.
+	tls_ver_1_0,  // Not support.
+	tls_ver_1_1,  // Not support.
+	tls_ver_1_2,
+	tls_ver_1_3,
 };
 
 class ACL_CPP_API sslbase_conf : public noncopyable {

lib_acl_cpp/include/acl_cpp/stream/sslbase_io.hpp

@@ -28,6 +28,14 @@ class ACL_CPP_API sslbase_io : public stream_hook {
 	 */
 	virtual bool handshake() = 0;
 
+	/**
+	 * 获得当前连接的 SSL 版本，定义参考 sslbase_conf.hpp 中.
+	 * @return 0 表示无法获得
+	 */
+	virtual int get_version() const {
+		return 0;
+	}
+
 	/**
 	 * 设置套接字为阻塞模式/非阻塞模式
 	 * @param yes {bool} 当为 false 时则设为阻塞模式，否则设为非阻塞模式

lib_acl_cpp/src/stream/mbedtls_io.cpp

@@ -357,6 +357,25 @@ bool mbedtls_io::handshake()
 #endif
 }
 
+int mbedtls_io::get_version() const
+{
+# if MBEDTLS_VERSION_MAJOR==3
+	if (ssl_ == NULL) {
+		return ssl_ver_unknown;
+	}
+
+	mbedtls_ssl_protocol_version v = mbedtls_ssl_get_version_number(
+		(const mbedtls_ssl_context*) ssl_);
+	if (v == MBEDTLS_SSL_VERSION_TLS1_2) {
+		return tls_ver_1_2;
+	}
+	if (v == MBEDTLS_SSL_VERSION_TLS1_3) {
+		return tls_ver_1_3;
+	}
+#endif
+	return ssl_ver_unknown;
+}
+
 bool mbedtls_io::check_peer()
 {
 #ifdef HAS_MBEDTLS

lib_acl_cpp/src/stream/openssl_io.cpp

@@ -85,6 +85,10 @@ static ssl_read_fn __ssl_read;
 typedef int (*ssl_write_fn)(SSL*, const void*, int);
 static ssl_write_fn __ssl_write;
 
+# define SSL_VERSION			"SSL_version"
+typedef int (*ssl_version_fn)(const SSL*);
+static ssl_version_fn __ssl_version;
+
 extern ACL_DLL_HANDLE __openssl_ssl_dll;  // defined in openssl_conf.cpp
 extern ACL_DLL_HANDLE __openssl_crypto_dll;  // defined in openssl_conf.cpp
 
@@ -128,6 +132,7 @@ bool openssl_load_io(void)
 	LOAD(SSL_SHUTDOWN, ssl_shutdown_fn, __ssl_shutdown);
 	LOAD(SSL_READ, ssl_read_fn, __ssl_read);
 	LOAD(SSL_WRITE, ssl_write_fn, __ssl_write);
+	LOAD(SSL_VERSION, ssl_version_fn, __ssl_version);
 
 	return true;
 }
@@ -150,6 +155,7 @@ bool openssl_load_io(void)
 # define __ssl_shutdown			SSL_shutdown
 # define __ssl_read			SSL_read
 # define __ssl_write			SSL_write
+# define __ssl_version			SSL_version
 
 #endif // !HAS_OPENSSL_DLL
 
@@ -277,6 +283,22 @@ bool openssl_io::open(ACL_VSTREAM* s)
 #endif
 }
 
+int openssl_io::get_version() const {
+#ifdef HAS_OPENSSL
+	if (ssl_ == NULL) {
+		return ssl_ver_unknown;
+	}
+	int v = __ssl_version(ssl_);
+	if (v == TLS1_2_VERSION) {
+		return tls_ver_1_2;
+	}
+	if (v == TLS1_3_VERSION) {
+		return tls_ver_1_3;
+	}
+#endif
+	return ssl_ver_unknown;
+}
+
 bool openssl_io::handshake()
 {
 	if (handshake_ok_) {