SSL version can be set and get.

zhengshuxin · zhengshuxin · commit 50309bdedb0f · 2025-11-13T15:05:15.000+08:00
diff --git a/lib_acl_cpp/include/acl_cpp/stream/mbedtls_io.hpp b/lib_acl_cpp/include/acl_cpp/stream/mbedtls_io.hpp
@@ -49,7 +49,7 @@ class ACL_CPP_API mbedtls_io : public sslbase_io {
 	 */
 	bool check_peer();
 
-	// @override sslbase_io
+	// @override sslbase_io, Ŀǰ��֧��mbedtls3.x.xϵ��.
 	int get_version() const;
 
 protected:
diff --git a/lib_acl_cpp/include/acl_cpp/stream/sslbase_conf.hpp b/lib_acl_cpp/include/acl_cpp/stream/sslbase_conf.hpp
@@ -4,6 +4,7 @@
 
 namespace acl {
 
+class string;
 class sslbase_io;
 
 class ACL_CPP_API ssl_sni_checker {
@@ -53,6 +54,27 @@ class ACL_CPP_API sslbase_conf : public noncopyable {
 		return false;
 	}
 
+	/**
+	 * ���汾��תΪ�ַ���
+	 * @param v {int}
+	 * @return {const char*}
+	 */
+	static const char* version_s(int v) {
+		switch (v) {
+		case ssl_ver_3_0:
+			return "ssl_ver_3_0";
+		case tls_ver_1_0:
+			return "tls_ver_1_0";
+		case tls_ver_1_1:
+			return "tls_ver_1_1";
+		case tls_ver_1_2:
+			return "tls_ver_1_2";
+		case tls_ver_1_3:
+			return "tls_ver_1_3";
+		default:
+			return "ssl_ver_unknown";
+		}
+	}
 //public:
 	/**
 	 * ���� CA ��֤��(ÿ������ʵ��ֻ�����һ�α�����)
diff --git a/lib_acl_cpp/include/acl_cpp/stream/sslbase_io.hpp b/lib_acl_cpp/include/acl_cpp/stream/sslbase_io.hpp
@@ -36,6 +36,12 @@ class ACL_CPP_API sslbase_io : public stream_hook {
 		return 0;
 	}
 
+	/**
+	 * ��õ�ǰ���ӵ� SSL �汾,���ַ�����ʾ
+	 * @return {const char*} ���طǿհ汾�ַ���
+	 */
+	const char* get_version_s() const;
+
 	/**
 	 * �����׽���Ϊ����ģʽ/������ģʽ
 	 * @param yes {bool} ��Ϊ false ʱ����Ϊ����ģʽ��������Ϊ������ģʽ
diff --git a/lib_acl_cpp/samples/ssl/https_server/http_servlet.cpp b/lib_acl_cpp/samples/ssl/https_server/http_servlet.cpp
@@ -67,7 +67,7 @@ bool http_servlet::doPost(acl::HttpServletRequest& req,
 	acl::string buf;
 	body.build_xml(buf);
 
-	printf(">>>buf: %s\r\n", buf.c_str());
+	//printf(">>>buf: %s\r\n", buf.c_str());
 
 	bool keep_alive = req.isKeepAlive();
 
@@ -79,6 +79,6 @@ bool http_servlet::doPost(acl::HttpServletRequest& req,
 	// ���� http ��Ӧ�壬��Ϊ������ chunk ����ģʽ��������Ҫ�����һ��
 	// res.write ������������Ϊ 0 �Ա�ʾ chunk �������ݽ���
 	bool ret = res.write(buf) && res.write(NULL, 0) && keep_alive;
-	printf(">>>write %s\r\n", ret ? "ok":"error");
+	//printf(">>>write %s\r\n", ret ? "ok":"error");
 	return ret;
 }
diff --git a/lib_acl_cpp/samples/ssl/https_server/master_service.cpp b/lib_acl_cpp/samples/ssl/https_server/master_service.cpp
@@ -93,8 +93,7 @@ static acl::sslbase_io* setup_ssl(acl::socket_stream& conn, acl::sslbase_conf& c
 		return NULL;
 	}
 
-	logger("handshake_ok");
-
+	//logger("handshake ok, ssl version: %s", ssl->get_version_s());
 	return ssl;
 }
 
@@ -119,8 +118,7 @@ bool master_service::thread_on_read(acl::socket_stream* conn)
 
 bool master_service::thread_on_accept(acl::socket_stream* conn)
 {
-	logger("connect from %s, fd: %d", conn->get_peer(true),
-		conn->sock_handle());
+	//logger("connect from %s, fd: %d", conn->get_peer(true), conn->sock_handle());
 
 	conn->set_rw_timeout(var_cfg_io_timeout);
 
@@ -139,8 +137,7 @@ bool master_service::thread_on_timeout(acl::socket_stream* conn)
 
 void master_service::thread_on_close(acl::socket_stream* conn)
 {
-	logger("disconnect from %s, fd: %d", conn->get_peer(),
-		conn->sock_handle());
+	//logger("disconnect from %s, fd: %d", conn->get_peer(), conn->sock_handle());
 
 	http_servlet* servlet = (http_servlet*) conn->get_ctx();
 	delete servlet;
@@ -194,6 +191,8 @@ void master_service::proc_on_init()
 		exit (1);
 	}
 
+	//var_cfg_tls_1_3_force = 1;
+
 	if (var_cfg_tls_1_2_force) {
 		conf_->set_version(acl::tls_ver_1_2, acl::tls_ver_1_2);
 	} else if (var_cfg_tls_1_3_force) {
diff --git a/lib_acl_cpp/samples/ssl/ssl_client2/ssl_client.cpp b/lib_acl_cpp/samples/ssl/ssl_client2/ssl_client.cpp
@@ -92,7 +92,14 @@ static void usage(const char* procname)
 int main(int argc, char* argv[])
 {
 	int   ch, max_loop = 10, max_connections = 10;
-	acl::string addr("127.0.0.1:9001"), libpath("../libpolarssl.so");
+	acl::string addr("127.0.0.1:9800");
+#ifdef __linux__
+	acl::string libpath("../libmbedcrypto.so;../libmbedx509.so;../libmbedtls.so");
+#elif defined(APPLE)
+	acl::string libpath("../libmbedcrypto.dylib;../libmbedx509.dylib;../libmbedtls.dylib");
+#else
+# error "Not supported!"
+#endif
 
 	acl::acl_cpp_init();
 
@@ -139,6 +146,8 @@ int main(int argc, char* argv[])
 		__ssl_conf = new acl::polarssl_conf;
 	}
 
+	//__ssl_conf->set_version(acl::tls_ver_1_3, acl::tls_ver_1_3);
+
 	if (max_connections <= 0) {
 		max_connections = 100;
 	}
diff --git a/lib_acl_cpp/samples/ssl/ssl_client2/valgrind.sh b/lib_acl_cpp/samples/ssl/ssl_client2/valgrind.sh
diff --git a/lib_acl_cpp/samples/ssl/ssl_server2/master_service.cpp b/lib_acl_cpp/samples/ssl/ssl_server2/master_service.cpp
@@ -75,7 +75,8 @@ static acl::sslbase_io* setup_ssl(acl::socket_stream& conn,
 		return NULL;
 	}
 
-	logger("setup hook ok, tid: %lu", acl::thread::thread_self());
+	logger("setup hook ok, tid: %lu, ssl version: %s",
+		acl::thread::thread_self(), ssl->get_version_s());
 	return ssl;
 }
 
@@ -199,6 +200,8 @@ void master_service::proc_on_init()
 		conf_ = new acl::polarssl_conf();
 	}
 
+	//conf_->set_version(acl::tls_ver_1_3, acl::tls_ver_1_3);
+
 	// ��������˵� SSL �Ự���湦��
 	conf_->enable_cache(var_cfg_session_cache);
 
diff --git a/lib_acl_cpp/src/stream/sslbase_io.cpp b/lib_acl_cpp/src/stream/sslbase_io.cpp
@@ -27,6 +27,11 @@ sslbase_io::~sslbase_io()
 	delete refers_;
 }
 
+const char* sslbase_io::get_version_s() const
+{
+	return sslbase_conf::version_s(this->get_version());
+}
+
 void sslbase_io::set_non_blocking(bool yes)
 {
 	// 此处仅设置非阻塞 IO 标志位，至于套接字是否被设置了非阻塞模式

-Original file line number
+Diff line change
 		return 0;
+	}
 +	/**
 +	 * 获得当前连接的 SSL 版本,以字符串表示
 +	 * @return {const char*} 返回非空版本字符串
 +	 */
 +	const char* get_version_s() const;
++
 	/**
 	 * 设置套接字为阻塞模式/非阻塞模式
 	 * @param yes {bool} 当为 false 时则设为阻塞模式，否则设为非阻塞模式
Original file line number	Diff line number	Diff line change
`@@ -93,8 +93,7 @@ static acl::sslbase_io* setup_ssl(acl::socket_stream& conn, acl::sslbase_conf& c`
`93`	`93`	`return NULL;`
`94`	`94`	`}`
`95`	`95`
`96`		`- logger("handshake_ok");`
`97`		`-`
	`96`	`+ //logger("handshake ok, ssl version: %s", ssl->get_version_s());`
`98`	`97`	`return ssl;`
`99`	`98`	`}`
`100`	`99`
`@@ -119,8 +118,7 @@ bool master_service::thread_on_read(acl::socket_stream* conn)`
`119`	`118`
`120`	`119`	`bool master_service::thread_on_accept(acl::socket_stream* conn)`
`121`	`120`	`{`
`122`		`- logger("connect from %s, fd: %d", conn->get_peer(true),`
`123`		`- conn->sock_handle());`
	`121`	`+ //logger("connect from %s, fd: %d", conn->get_peer(true), conn->sock_handle());`
`124`	`122`
`125`	`123`	`conn->set_rw_timeout(var_cfg_io_timeout);`
`126`	`124`
`@@ -139,8 +137,7 @@ bool master_service::thread_on_timeout(acl::socket_stream* conn)`
`139`	`137`
`140`	`138`	`void master_service::thread_on_close(acl::socket_stream* conn)`
`141`	`139`	`{`
`142`		`- logger("disconnect from %s, fd: %d", conn->get_peer(),`
`143`		`- conn->sock_handle());`
	`140`	`+ //logger("disconnect from %s, fd: %d", conn->get_peer(), conn->sock_handle());`
`144`	`141`
`145`	`142`	`http_servlet* servlet = (http_servlet*) conn->get_ctx();`
`146`	`143`	`delete servlet;`
`@@ -194,6 +191,8 @@ void master_service::proc_on_init()`
`194`	`191`	`exit (1);`
`195`	`192`	`}`
`196`	`193`
	`194`	`+ //var_cfg_tls_1_3_force = 1;`
	`195`	`+`
`197`	`196`	`if (var_cfg_tls_1_2_force) {`
`198`	`197`	`conf_->set_version(acl::tls_ver_1_2, acl::tls_ver_1_2);`
`199`	`198`	`} else if (var_cfg_tls_1_3_force) {`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,8 @@ static acl::sslbase_io* setup_ssl(acl::socket_stream& conn,`
`75`	`75`	`return NULL;`
`76`	`76`	`}`
`77`	`77`
`78`		`- logger("setup hook ok, tid: %lu", acl::thread::thread_self());`
	`78`	`+ logger("setup hook ok, tid: %lu, ssl version: %s",`
	`79`	`+ acl::thread::thread_self(), ssl->get_version_s());`
`79`	`80`	`return ssl;`
`80`	`81`	`}`
`81`	`82`
`@@ -199,6 +200,8 @@ void master_service::proc_on_init()`
`199`	`200`	`conf_ = new acl::polarssl_conf();`
`200`	`201`	`}`
`201`	`202`
	`203`	`+ //conf_->set_version(acl::tls_ver_1_3, acl::tls_ver_1_3);`
	`204`	`+`
`202`	`205`	`// 允许服务端的 SSL 会话缓存功能`
`203`	`206`	`conf_->enable_cache(var_cfg_session_cache);`
`204`	`207`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,11 @@ sslbase_io::~sslbase_io()`
`27`	`27`	`delete refers_;`
`28`	`28`	`}`
`29`	`29`
	`30`	`+const char* sslbase_io::get_version_s() const`
	`31`	`+{`
	`32`	`+ return sslbase_conf::version_s(this->get_version());`
	`33`	`+}`
	`34`	`+`
`30`	`35`	`void sslbase_io::set_non_blocking(bool yes)`
`31`	`36`	`{`
`32`	`37`	`// 此处仅设置非阻塞 IO 标志位，至于套接字是否被设置了非阻塞模式`