Skip to content

Commit 0fa695d

Browse files
committed
TLS 버전을 알아서 처리하도록 수정함
HTTP 서버에서 APLN 기능으로 h2 선택하는 기능을 추가함
1 parent 2293fca commit 0fa695d

7 files changed

Lines changed: 45 additions & 26 deletions

File tree

HttpStack/Http2Client.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ bool CHttp2Client::Connect( const char * pszIp, int iPort, const char * pszClien
7373

7474
CLog::Print( LOG_NETWORK, "TcpConnect(%s:%d) success", szIp, iPort );
7575

76-
m_psttCtx = SSLClientStart( pszClientPemFileName, E_TLS_1_2 );
76+
m_psttCtx = SSLClientStart( pszClientPemFileName );
7777
if( m_psttCtx == NULL )
7878
{
7979
CLog::Print( LOG_ERROR, "%s SSLClientStart(%s) error", __FUNCTION__, pszClientPemFileName );

TcpStack/TcpStack.cpp

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,11 @@ bool CTcpStack::Start( CTcpStackSetup * pclsSetup, ITcpStackCallBack * pclsCallB
5656
CLog::Print( LOG_ERROR, "SSLServerStart error" );
5757
return false;
5858
}
59+
60+
if( pclsSetup->m_bUseHttp2 )
61+
{
62+
SSLServerSetHttp2();
63+
}
5964
}
6065

6166
if( pclsSetup->m_strListenIp.empty() )

TcpStack/TcpStackSetup.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
CTcpStackSetup::CTcpStackSetup() : m_iListenPort(0)
2525
, m_iThreadInitCount(1), m_iThreadMaxCount(10), m_iMaxSocketPerThread(10)
2626
, m_iTcpRecvTimeout(3600), m_iTcpNoPacketTimeout(10), m_iTcpConnectTimeout(10)
27-
, m_bUseTls(false), m_bUseThreadPipe(true)
27+
, m_bUseTls(false), m_bUseThreadPipe(true), m_bUseHttp2(false)
2828
{
2929
}
3030

TcpStack/TcpStackSetup.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,9 @@ class CTcpStackSetup
6767
/** 쓰레드와 통신에 pipe 를 사용할 것인지 설정한다. 쓰레드와 통신을 pipe 로 한다는 것은 thread pool 을 사용한다는 것을 의미한다.
6868
thread pool 을 이용할 경우 true 로 입력하고 그렇지 않으면 false 로 입력한다. */
6969
bool m_bUseThreadPipe;
70+
71+
/** HTTP/2 를 사용하면 true 를 입력하고 그렇지 않으면 false 를 입력한다. */
72+
bool m_bUseHttp2;
7073
};
7174

7275
#endif

TcpStack/TlsFunction.cpp

Lines changed: 25 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -153,14 +153,14 @@ bool SSLServerStart( const char * szCertFile )
153153
SSL_load_error_strings();
154154
SSLeay_add_ssl_algorithms();
155155

156-
gpsttServerMeth = TLSv1_server_method();
156+
gpsttServerMeth = SSLv23_server_method();
157157
if( (gpsttServerCtx = SSL_CTX_new( gpsttServerMeth )) == NULL )
158158
{
159159
CLog::Print( LOG_ERROR, "SSL_CTX_new error - server" );
160160
}
161161
else
162162
{
163-
gpsttClientMeth = TLSv1_client_method();
163+
gpsttClientMeth = SSLv23_client_method();
164164
if( (gpsttClientCtx = SSL_CTX_new( gpsttClientMeth )) == NULL )
165165
{
166166
CLog::Print( LOG_ERROR, "SSL_CTX_new error - client" );
@@ -235,7 +235,7 @@ bool SSLClientStart( )
235235
SSL_load_error_strings();
236236
SSLeay_add_ssl_algorithms();
237237

238-
gpsttClientMeth = TLSv1_client_method();
238+
gpsttClientMeth = SSLv23_client_method();
239239

240240
if( (gpsttClientCtx = SSL_CTX_new( gpsttClientMeth )) == NULL )
241241
{
@@ -284,22 +284,15 @@ bool SSLClientStop( )
284284
* @param eTlsVersion TLS 버전
285285
* @returns 성공하면 SSL_CTX 를 리턴하고 그렇지 않으면 NULL 을 리턴한다.
286286
*/
287-
SSL_CTX * SSLClientStart( const char * szCertFile, ETlsVersion eTlsVersion )
287+
SSL_CTX * SSLClientStart( const char * szCertFile )
288288
{
289289
if( SSLStart() == false ) return NULL;
290290

291291
const SSL_METHOD * psttClientMeth;
292292
SSL_CTX * pCtx;
293293
int n;
294294

295-
if( eTlsVersion == E_TLS_1_2 )
296-
{
297-
psttClientMeth = TLSv1_2_client_method();
298-
}
299-
else
300-
{
301-
psttClientMeth = TLSv1_client_method();
302-
}
295+
psttClientMeth = SSLv23_client_method();
303296

304297
if( (pCtx = SSL_CTX_new( psttClientMeth )) == NULL )
305298
{
@@ -582,6 +575,26 @@ bool SSLClose( SSL * ssl )
582575
return true;
583576
}
584577

578+
int SSLAlpnCallBack( SSL * ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg )
579+
{
580+
for( unsigned int i = 0; i < inlen; i += 1 + in[i] )
581+
{
582+
if( ( in[i] == 2 && !strncmp( (char *)in + i + 1, "h2", 2 ) ) || ( in[i] == 8 && !strncmp( (char *)in + i + 1, "http/1.1", 8 ) ) )
583+
{
584+
*out = &in[i+1];
585+
*outlen = in[i];
586+
return 0;
587+
}
588+
}
589+
590+
return -1;
591+
}
592+
593+
void SSLServerSetHttp2()
594+
{
595+
SSL_CTX_set_alpn_select_cb( gpsttServerCtx, SSLAlpnCallBack, NULL );
596+
}
597+
585598
/**
586599
* @ingroup TcpStack
587600
* @brief SSL 서버에서 사용되는 cipher list 를 로그로 출력한다.

TcpStack/TlsFunction.h

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -31,20 +31,14 @@
3131
#include "openssl/ssl.h"
3232
#include "openssl/err.h"
3333

34-
enum ETlsVersion
35-
{
36-
E_TLS_1_0 = 0,
37-
E_TLS_1_2
38-
};
39-
4034
bool SSLServerStart( const char * szCertFile );
41-
bool SSLServerStop( );
35+
bool SSLServerStop();
4236
void SSLFinal();
4337

44-
bool SSLClientStart( );
45-
bool SSLClientStop( );
38+
bool SSLClientStart();
39+
bool SSLClientStop();
4640

47-
SSL_CTX * SSLClientStart( const char * szCertFile, ETlsVersion eTlsVersion );
41+
SSL_CTX * SSLClientStart( const char * szCertFile );
4842

4943
bool SSLConnect( Socket iFd, SSL ** ppsttSsl );
5044
bool SSLConnect( SSL_CTX * pCtx, Socket iFd, SSL ** ppsttSsl );
@@ -53,7 +47,9 @@ int SSLSend( SSL * ssl, const char * szBuf, int iBufLen );
5347
int SSLRecv( SSL * ssl, char * szBuf, int iBufLen );
5448
bool SSLClose( SSL * ssl );
5549

56-
void SSLPrintLogServerCipherList( );
57-
void SSLPrintLogClientCipherList( );
50+
void SSLServerSetHttp2();
51+
52+
void SSLPrintLogServerCipherList();
53+
void SSLPrintLogClientCipherList();
5854

5955
#endif

TestHttpStack/Main.cpp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,9 @@ int main( int argc, char * argv[] )
6464
if( argc >= 3 )
6565
{
6666
clsSetup.m_iListenPort = 8443;
67+
clsSetup.m_bUseTls = true;
6768
clsSetup.m_strCertFile = argv[2];
69+
clsSetup.m_bUseHttp2 = true;
6870
}
6971

7072
if( CDirectory::IsDirectory( clsServer.m_strDocumentRoot.c_str() ) == false )

0 commit comments

Comments
 (0)