@@ -153,14 +153,14 @@ bool SSLServerStart( const char * szCertFile )
153153 SSL_load_error_strings ();
154154 SSLeay_add_ssl_algorithms ();
155155
156- gpsttServerMeth = TLSv1_server_method ();
156+ gpsttServerMeth = SSLv23_server_method ();
157157 if ( (gpsttServerCtx = SSL_CTX_new ( gpsttServerMeth )) == NULL )
158158 {
159159 CLog::Print ( LOG_ERROR , " SSL_CTX_new error - server" );
160160 }
161161 else
162162 {
163- gpsttClientMeth = TLSv1_client_method ();
163+ gpsttClientMeth = SSLv23_client_method ();
164164 if ( (gpsttClientCtx = SSL_CTX_new ( gpsttClientMeth )) == NULL )
165165 {
166166 CLog::Print ( LOG_ERROR , " SSL_CTX_new error - client" );
@@ -235,7 +235,7 @@ bool SSLClientStart( )
235235 SSL_load_error_strings ();
236236 SSLeay_add_ssl_algorithms ();
237237
238- gpsttClientMeth = TLSv1_client_method ();
238+ gpsttClientMeth = SSLv23_client_method ();
239239
240240 if ( (gpsttClientCtx = SSL_CTX_new ( gpsttClientMeth )) == NULL )
241241 {
@@ -284,22 +284,15 @@ bool SSLClientStop( )
284284 * @param eTlsVersion TLS 버전
285285 * @returns 성공하면 SSL_CTX 를 리턴하고 그렇지 않으면 NULL 을 리턴한다.
286286 */
287- SSL_CTX * SSLClientStart ( const char * szCertFile, ETlsVersion eTlsVersion )
287+ SSL_CTX * SSLClientStart ( const char * szCertFile )
288288{
289289 if ( SSLStart () == false ) return NULL ;
290290
291291 const SSL_METHOD * psttClientMeth;
292292 SSL_CTX * pCtx;
293293 int n;
294294
295- if ( eTlsVersion == E_TLS_1_2 )
296- {
297- psttClientMeth = TLSv1_2_client_method ();
298- }
299- else
300- {
301- psttClientMeth = TLSv1_client_method ();
302- }
295+ psttClientMeth = SSLv23_client_method ();
303296
304297 if ( (pCtx = SSL_CTX_new ( psttClientMeth )) == NULL )
305298 {
@@ -582,6 +575,26 @@ bool SSLClose( SSL * ssl )
582575 return true ;
583576}
584577
578+ int SSLAlpnCallBack ( SSL * ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg )
579+ {
580+ for ( unsigned int i = 0 ; i < inlen; i += 1 + in[i] )
581+ {
582+ if ( ( in[i] == 2 && !strncmp ( (char *)in + i + 1 , " h2" , 2 ) ) || ( in[i] == 8 && !strncmp ( (char *)in + i + 1 , " http/1.1" , 8 ) ) )
583+ {
584+ *out = &in[i+1 ];
585+ *outlen = in[i];
586+ return 0 ;
587+ }
588+ }
589+
590+ return -1 ;
591+ }
592+
593+ void SSLServerSetHttp2 ()
594+ {
595+ SSL_CTX_set_alpn_select_cb ( gpsttServerCtx, SSLAlpnCallBack, NULL );
596+ }
597+
585598/* *
586599 * @ingroup TcpStack
587600 * @brief SSL 서버에서 사용되는 cipher list 를 로그로 출력한다.
0 commit comments