test/acl
1
0
Fork 0
mirror of https://gitee.com/acl-dev/acl.git synced 2024-11-29 18:37:41 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

make ssl module more easy

Browse Source
This commit is contained in:
shuxin   zheng 2020-01-12 19:41:29 +08:00
parent 6a0e5d59b7
commit 6a13e7c3a2
31 changed files with 490 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib_acl_cpp/changes.txt
View File

@ -1,5 +1,8 @@
修改历史列表:
598) 2020.1.12
598.1) workaround: 简化 acl::sslconf::open() 接口
597) 2020.1.2
597.1) feature: 完成对 mbedtls 新版本的功能支持及测试!

8
lib_acl_cpp/include/acl_cpp/stream/mbedtls_conf.hpp
View File

@ -31,8 +31,10 @@ public:
*
* @param server_side {bool} true
*
* @param verify_mode {mbedtls_verify_t} SSL Ö¤ÊéУÑé¼±ð
*/
mbedtls_conf(bool server_side);
mbedtls_conf(bool server_side = false,
mbedtls_verify_t verify_mode = MBEDTLS_VERIFY_NONE);
~mbedtls_conf(void);
/**
@ -96,7 +98,7 @@ public:
public:
// @override sslbase_conf
sslbase_io* open(bool server_side, bool nblock);
sslbase_io* open(bool nblock);
private:
friend class mbedtls_io;
@ -105,7 +107,7 @@ private:
unsigned cert_status_;
thread_mutex lock_;
bool server_side_;
bool server_side_;
void* conf_;
void* entropy_;

12
lib_acl_cpp/include/acl_cpp/stream/polarssl_conf.hpp
View File

@ -27,7 +27,14 @@ class polarssl_io;
class ACL_CPP_API polarssl_conf : public sslbase_conf
{
public:
polarssl_conf(void);
/**
*
* @param server_side {bool} true
*
* @param verify_mode {polarssl_verify_t} SSL
*/
polarssl_conf(bool server_side = false,
polarssl_verify_t verify_mode = POLARSSL_VERIFY_NONE);
virtual ~polarssl_conf(void);
/**
@ -89,7 +96,7 @@ public:
public:
// @override sslbase_conf
sslbase_io* open(bool server_side, bool nblock);
sslbase_io* open(bool nblock);
private:
friend class polarssl_io;
@ -97,6 +104,7 @@ private:
bool has_inited_;
thread_mutex lock_;
bool server_side_;
void* entropy_;
void* cacert_;
void* pkey_;

4
lib_acl_cpp/include/acl_cpp/stream/sslbase_conf.hpp
View File

@ -15,12 +15,10 @@ public:
/**
* SSL IO
* @param server_side {bool}
*
* @param nblock {bool}
* @return {sslbase_io*}
*/
virtual sslbase_io* open(bool server_side, bool nblock) = 0;
virtual sslbase_io* open(bool nblock) = 0;
public:
/**

2
lib_acl_cpp/samples/aio/aio_client_ssl/main.cpp
View File

@ -234,7 +234,7 @@ public:
// 设置 SSL 方式
if (__ssl_conf) {
acl::sslbase_io* ssl = __ssl_conf->open(false, true);
acl::sslbase_io* ssl = __ssl_conf->open(true);
if (client_->setup_hook(ssl) == ssl) {
std::cout << "open ssl error!" << std::endl;
ssl->destroy();

2
lib_acl_cpp/samples/ssl/aio_client/main.cpp
View File

@ -214,7 +214,7 @@ private:
bool setup_ssl(acl::sslbase_conf& ssl_conf)
{
acl::sslbase_io* ssl = ssl_conf.open(false, true);
acl::sslbase_io* ssl = ssl_conf.open(true);
// 将 SSL IO 过程注册至异步流中
if (client_->setup_hook(ssl) == ssl) {

2
lib_acl_cpp/samples/ssl/aio_server/main.cpp
View File

@ -198,7 +198,7 @@ public:
// SSL 模式下,等待客户端发送握手信息
if (__ssl_conf != NULL) {
acl::sslbase_io* ssl = __ssl_conf->open(true, true);
acl::sslbase_io* ssl = __ssl_conf->open(true);
// 注册 SSL IO 过程的钩子
if (client->setup_hook(ssl) == ssl) {

15
lib_acl_cpp/samples/ssl/client/Makefile Normal file
View File

@ -0,0 +1,15 @@
base_path = ../../..
include ../../Makefile.in
#Path for SunOS
ifeq ($(findstring SunOS, $(UNIXNAME)), SunOS)
EXTLIBS = -liconv
endif
ifeq ($(findstring FreeBSD, $(UNIXNAME)), FreeBSD)
EXTLIBS = -L/usr/local/lib -liconv
endif
ifeq ($(findstring Darwin, $(UNIXNAME)), Darwin)
EXTLIBS += -L/usr/lib -liconv
endif
PROG = client
EXTLIBS += -ldl -lz

173
lib_acl_cpp/samples/ssl/client/main.cpp Normal file
View File

@ -0,0 +1,173 @@
// main.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <assert.h>
#include "lib_acl.h"
#include "acl_cpp/lib_acl.hpp"
class echo_thread : public acl::thread {
public:
echo_thread(acl::sslbase_conf& ssl_conf, const char* addr, int count)
: ssl_conf_(ssl_conf), addr_(addr), count_(count) {}
~echo_thread(void) {}
private:
acl::sslbase_conf& ssl_conf_;
acl::string addr_;
int count_;
private:
// @override
void* run(void) {
acl::socket_stream conn;
conn.set_rw_timeout(60);
if (!conn.open(addr_, 10, 10)) {
printf("connect %s error %s\r\n",
addr_.c_str(), acl::last_serror());
return NULL;
}
// 给 socket 安装 SSL IO 过程
if (!setup_ssl(conn)) {
return NULL;
}
do_echo(conn);
return NULL;
}
bool setup_ssl(acl::socket_stream& conn) {
bool non_block = false;
acl::sslbase_io* ssl = ssl_conf_.open(non_block);
// 对于使用 SSL 方式的流对象,需要将 SSL IO 流对象注册至网络
// 连接流对象中,即用 ssl io 替换 stream 中默认的底层 IO 过程
if (conn.setup_hook(ssl) == ssl) {
printf("setup ssl IO hook error!\r\n");
ssl->destroy();
return false;
}
printf("ssl setup ok!\r\n");
return true;
}
void do_echo(acl::socket_stream& conn) {
const char* data = "hello world!\r\n";
int i;
for (i = 0; i < count_; i++) {
if (conn.write(data, strlen(data)) == -1) {
break;
}
char buf[4096];
int ret = conn.read(buf, sizeof(buf) - 1, false);
if (ret == -1) {
printf("read over, count=%d\r\n", i + 1);
break;
}
buf[ret] = 0;
if (i == 0) {
printf("read: %s", buf);
}
}
printf("thread-%lu: count=%d\n", acl::thread::self(), i);
}
};
static void start_clients(acl::sslbase_conf& ssl_conf, const acl::string addr,
int cocurrent, int count) {
std::vector<acl::thread*> threads;
for (int i = 0; i < cocurrent; i++) {
acl::thread* thr = new echo_thread(ssl_conf, addr, count);
threads.push_back(thr);
thr->start();
}
for (std::vector<acl::thread*>::iterator it = threads.begin();
it != threads.end(); ++it) {
(*it)->wait(NULL);
delete *it;
}
}
static void usage(const char* procname) {
printf("usage: %s -h [help]\r\n"
" -s listen_addr\r\n"
" -L ssl_libs_path\r\n"
" -c cocurrent\r\n"
" -n count\r\n"
, procname);
}
int main(int argc, char* argv[]) {
acl::string addr = "0.0.0.0|2443";
#if defined(__APPLE__)
acl::string ssl_lib = "../libmbedtls.dylib";
#elif defined(__linux__)
acl::string ssl_lib = "../libmbedtls.so";
#elif defined(_WIN32) || defined(_WIN64)
acl::string ssl_path = "../mbedtls.dll";
acl::acl_cpp_init();
#else
# error "unknown OS type"
#endif
int ch, cocurrent = 10, count = 10;
while ((ch = getopt(argc, argv, "hs:L:c:n:")) > 0) {
switch (ch) {
case 'h':
usage(argv[0]);
return 0;
case 's':
addr = optarg;
break;
case 'L':
ssl_lib = optarg;
break;
case 'c':
cocurrent = atoi(optarg);
break;
case 'n':
count = atoi(optarg);
break;
default:
break;
}
}
acl::log::stdout_open(true);
// 设置 MbedTLS 动态库路径
const std::vector<acl::string>& libs = ssl_lib.split2(",; \t");
if (libs.size() == 1) {
acl::mbedtls_conf::set_libpath(libs[0]);
} else if (libs.size() == 3) {
// libcrypto, libx509, libssl);
acl::mbedtls_conf::set_libpath(libs[0], libs[1], libs[2]);
} else {
printf("invalid ssl_lib=%s\r\n", ssl_lib.c_str());
return 1;
}
// 加载 MbedTLS 动态库
if (!acl::mbedtls_conf::load()) {
printf("load %s error\r\n", ssl_lib.c_str());
return 1;
}
// 初始化客户端模式下的全局 SSL 配置对象
bool server_side = false;
// SSL 证书校验级别
acl::mbedtls_verify_t verify_mode = acl::MBEDTLS_VERIFY_NONE;
acl::mbedtls_conf ssl_conf(server_side, verify_mode);
start_clients(ssl_conf, addr, cocurrent, count);
return 0;
}

8
lib_acl_cpp/samples/ssl/client/stdafx.cpp Normal file
View File

@ -0,0 +1,8 @@
// stdafx.cpp : 只包括标准包含文件的源文件
// ssl_server.pch 将成为预编译头
// stdafx.obj 将包含预编译类型信息
#include "stdafx.h"
// TODO: 在 STDAFX.H 中
//引用任何所需的附加头文件,而不是在此文件中引用

10
lib_acl_cpp/samples/ssl/client/stdafx.h Normal file
View File

@ -0,0 +1,10 @@
// stdafx.h : 标准系统包含文件的包含文件,
// 或是常用但不常更改的项目特定的包含文件
//
#pragma once
#include <iostream>
// TODO: 在此处引用程序要求的附加头文件

9
lib_acl_cpp/samples/ssl/client/t.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
os=$(echo `uname -s`)
if [ $os == "Darwin" ]; then
./client -s "0.0.0.0|2443" -L "../libmbedcrypto.dylib;../libmbedx509.dylib;../libmbedtls.dylib" -c 10 -n 100
elif [ $os == "Linux" ]; then
./client -s "0.0.0.0|2443" -L "../libmbedcrypto.so;../libmbedx509.so;../libmbedtls.so" -c 10 -n 100
else
echo "unknown os=$os"
fi

3
lib_acl_cpp/samples/ssl/client/valgrind.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
valgrind --tool=memcheck --leak-check=yes --show-reachable=yes -v ./client

2
lib_acl_cpp/samples/ssl/https_client/https_client.cpp
View File

@ -42,7 +42,7 @@ bool https_client::connect_server(acl::http_client& client)
{
logger("begin open ssl");
acl::sslbase_io* ssl = ssl_conf_->open(false, false);
acl::sslbase_io* ssl = ssl_conf_->open(false);
if (client.get_stream().setup_hook(ssl) == ssl)
{
logger_error("open ssl client error");

2
lib_acl_cpp/samples/ssl/https_proxy/https_client.cpp
View File

@ -36,7 +36,7 @@ bool https_client::connect_server(const acl::string& server_addr,
if (ssl_conf_) {
logger_debug(DEBUG, 1, "begin open ssl");
acl::sslbase_io* ssl = ssl_conf_->open(false, false);
acl::sslbase_io* ssl = ssl_conf_->open(false);
if (client.get_stream().setup_hook(ssl) == ssl) {
out_.puts("open ssl client error");
ssl->destroy();

2
lib_acl_cpp/samples/ssl/https_proxy/master_service.cpp
View File

@ -73,7 +73,7 @@ acl::sslbase_io* master_service::setup_ssl(acl::socket_stream& conn,
out_.puts("begin setup ssl hook...");
// 采用阻塞 SSL 握手方式
acl::sslbase_io* ssl = conf.open(true, false);
acl::sslbase_io* ssl = conf.open(false);
if (conn.setup_hook(ssl) == ssl) {
logger_error("setup_hook error!");
ssl->destroy();

2
lib_acl_cpp/samples/ssl/https_server/master_service.cpp
View File

@ -72,7 +72,7 @@ static acl::sslbase_io* setup_ssl(acl::socket_stream& conn, acl::sslbase_conf& c
//logger("begin setup ssl hook...");
// 采用阻塞 SSL 握手方式
acl::sslbase_io* ssl = conf.open(true, false);
acl::sslbase_io* ssl = conf.open(false);
if (conn.setup_hook(ssl) == ssl) {
logger_error("setup_hook error!");
ssl->destroy();

15
lib_acl_cpp/samples/ssl/server/Makefile Normal file
View File

@ -0,0 +1,15 @@
base_path = ../../..
include ../../Makefile.in
#Path for SunOS
ifeq ($(findstring SunOS, $(UNIXNAME)), SunOS)
EXTLIBS = -liconv
endif
ifeq ($(findstring FreeBSD, $(UNIXNAME)), FreeBSD)
EXTLIBS = -L/usr/local/lib -liconv
endif
ifeq ($(findstring Darwin, $(UNIXNAME)), Darwin)
EXTLIBS += -L/usr/lib -liconv
endif
PROG = server
EXTLIBS += -ldl -lz

185
lib_acl_cpp/samples/ssl/server/main.cpp Normal file
View File

@ -0,0 +1,185 @@
// main.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <assert.h>
#include "lib_acl.h"
#include "acl_cpp/lib_acl.hpp"
class echo_thread : public acl::thread {
public:
echo_thread(acl::sslbase_conf& ssl_conf, acl::socket_stream* conn)
: ssl_conf_(ssl_conf), conn_(conn) {}
private:
acl::sslbase_conf& ssl_conf_;
acl::socket_stream* conn_;
~echo_thread(void) { delete conn_; }
// @override
void* run(void) {
conn_->set_rw_timeout(60);
// 给 socket 安装 SSL IO 过程
if (!setup_ssl()) {
return NULL;
}
do_echo();
delete this;
return NULL;
}
bool setup_ssl(void) {
bool non_block = false;
acl::sslbase_io* ssl = ssl_conf_.open(non_block);
// 对于使用 SSL 方式的流对象,需要将 SSL IO 流对象注册至网络
// 连接流对象中,即用 ssl io 替换 stream 中默认的底层 IO 过程
if (conn_->setup_hook(ssl) == ssl) {
printf("setup ssl IO hook error!\r\n");
ssl->destroy();
return false;
}
return true;
}
void do_echo(void) {
char buf[4096];
while (true) {
int ret = conn_->read(buf, sizeof(buf), false);
if (ret == -1) {
break;
}
if (conn_->write(buf, ret) == -1) {
break;
}
}
}
};
static void start_server(const acl::string addr, acl::sslbase_conf& ssl_conf) {
acl::server_socket ss;
if (!ss.open(addr)) {
printf("listen %s error %s\r\n", addr.c_str(), acl::last_serror());
return;
}
while (true) {
acl::socket_stream* conn = ss.accept();
if (conn == NULL) {
printf("accept error %s\r\n", acl::last_serror());
break;
}
acl::thread* thr = new echo_thread(ssl_conf, conn);
thr->set_detachable(true);
thr->start();
}
}
static bool ssl_init(const acl::string& ssl_crt, const acl::string& ssl_key,
acl::mbedtls_conf& ssl_conf) {
ssl_conf.enable_cache(true);
// 加载 SSL 证书
if (!ssl_conf.add_cert(ssl_crt)) {
printf("add ssl crt=%s error\r\n", ssl_crt.c_str());
return false;
}
// 设置 SSL 证书私钥
if (!ssl_conf.set_key(ssl_key)) {
printf("set ssl key=%s error\r\n", ssl_key.c_str());
return false;
}
return true;
}
static void usage(const char* procname) {
printf("usage: %s -h [help]\r\n"
" -s listen_addr\r\n"
" -L ssl_libs_path\r\n"
" -c ssl_crt\r\n"
" -k ssl_key\r\n"
, procname);
}
int main(int argc, char* argv[]) {
acl::string addr = "0.0.0.0|2443";
#if defined(__APPLE__)
acl::string ssl_lib = "../libmbedtls.dylib";
#elif defined(__linux__)
acl::string ssl_lib = "../libmbedtls.so";
#elif defined(_WIN32) || defined(_WIN64)
acl::string ssl_path = "../mbedtls.dll";
acl::acl_cpp_init();
#else
# error "unknown OS type"
#endif
acl::string ssl_crt = "../ssl_crt.pem", ssl_key = "../ssl_key.pem";
int ch;
while ((ch = getopt(argc, argv, "hs:L:c:k:")) > 0) {
switch (ch) {
case 'h':
usage(argv[0]);
return 0;
case 's':
addr = optarg;
break;
case 'L':
ssl_lib = optarg;
break;
case 'c':
ssl_crt = optarg;
break;
case 'k':
ssl_key = optarg;
break;
default:
break;
}
}
acl::log::stdout_open(true);
// 设置 MbedTLS 动态库路径
const std::vector<acl::string>& libs = ssl_lib.split2(",; \t");
if (libs.size() == 1) {
acl::mbedtls_conf::set_libpath(libs[0]);
} else if (libs.size() == 3) {
// libcrypto, libx509, libssl);
acl::mbedtls_conf::set_libpath(libs[0], libs[1], libs[2]);
} else {
printf("invalid ssl_lib=%s\r\n", ssl_lib.c_str());
return 1;
}
// 加载 MbedTLS 动态库
if (!acl::mbedtls_conf::load()) {
printf("load %s error\r\n", ssl_lib.c_str());
return 1;
}
// 初始化服务端模式下的全局 SSL 配置对象
bool server_side = true;
// SSL 证书校验级别
acl::mbedtls_verify_t verify_mode = acl::MBEDTLS_VERIFY_NONE;
acl::mbedtls_conf ssl_conf(server_side, verify_mode);
if (!ssl_init(ssl_crt, ssl_key, ssl_conf)) {
printf("ssl_init failed\r\n");
return 1;
}
start_server(addr, ssl_conf);
return 0;
}

8
lib_acl_cpp/samples/ssl/server/stdafx.cpp Normal file
View File

@ -0,0 +1,8 @@
// stdafx.cpp : 只包括标准包含文件的源文件
// ssl_server.pch 将成为预编译头
// stdafx.obj 将包含预编译类型信息
#include "stdafx.h"
// TODO: 在 STDAFX.H 中
//引用任何所需的附加头文件,而不是在此文件中引用

10
lib_acl_cpp/samples/ssl/server/stdafx.h Normal file
View File

@ -0,0 +1,10 @@
// stdafx.h : 标准系统包含文件的包含文件,
// 或是常用但不常更改的项目特定的包含文件
//
#pragma once
#include <iostream>
// TODO: 在此处引用程序要求的附加头文件

9
lib_acl_cpp/samples/ssl/server/t.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
os=$(echo `uname -s`)
if [ $os == "Darwin" ]; then
./server -s "0.0.0.0|2443" -L "../libmbedcrypto.dylib;../libmbedx509.dylib;../libmbedtls.dylib" -c ../ssl_crt.pem -k ../ssl_key.pem
elif [ $os == "Linux" ]; then
./server -s "0.0.0.0|2443" -L "../libmbedcrypto.so;../libmbedx509.so;../libmbedtls.so" -c ../ssl_crt.pem -k ../ssl_key.pem
else
echo "unknown os=$os"
fi

2
lib_acl_cpp/samples/ssl/ssl_client2/ssl_client.cpp
View File

@ -16,7 +16,7 @@ static bool test(const char* addr, int k, int nloop)
exit (1);
}
acl::sslbase_io* ssl = __ssl_conf->open(false, false);
acl::sslbase_io* ssl = __ssl_conf->open(false);
if (client.setup_hook(ssl) == ssl) {
std::cout << "open ssl " << addr << " error!" << std::endl;
ssl->destroy();

2
lib_acl_cpp/samples/ssl/ssl_server/ssl_server.cpp
View File

@ -341,7 +341,7 @@ protected:
logger("begin setup ssl hook...");
acl::sslbase_io* ssl = conf_->open(true, false);
acl::sslbase_io* ssl = conf_->open(false);
if (stream->setup_hook(ssl) == ssl) {
logger_error("setup_hook error!");
ssl->destroy();

2
lib_acl_cpp/samples/ssl/ssl_server2/master_service.cpp
View File

@ -68,7 +68,7 @@ static acl::sslbase_io* setup_ssl(acl::socket_stream& conn,
//logger("begin setup ssl hook...");
// 采用非阻塞 SSL 握手方式
acl::sslbase_io* ssl = conf.open(true, true);
acl::sslbase_io* ssl = conf.open(true);
if (conn.setup_hook(ssl) == ssl) {
logger_error("setup_hook error!");
ssl->destroy();

2
lib_acl_cpp/src/http/http_aclient.cpp
View File

@ -183,7 +183,7 @@ bool http_aclient::handle_connect(const ACL_ASTREAM_CTX *ctx)
}
// 因为配置了 SSL 通信方式,所以需要创建 SSL IO 过程,开始 SSL 握手
sslbase_io* ssl_io = ssl_conf_->open(false, true);
sslbase_io* ssl_io = ssl_conf_->open(true);
if (conn_->setup_hook(ssl_io) == ssl_io || !ssl_io->handshake()) {
logger_error("open ssl failed");
conn_->remove_hook();

2
lib_acl_cpp/src/http/http_request.cpp
View File

@ -155,7 +155,7 @@ bool http_request::try_open(bool* reuse_conn)
return true;
}
sslbase_io* ssl = ssl_conf_->open(false, false);
sslbase_io* ssl = ssl_conf_->open(false);
if (client_->get_stream().setup_hook(ssl) == ssl) {
logger_error("open client ssl error to: %s", addr_);
ssl->destroy();

2
lib_acl_cpp/src/redis/redis_client.cpp
View File

@ -113,7 +113,7 @@ bool redis_client::open(void)
// 如果 SSL 配置项非空,则自动进行 SSL 握手
if (ssl_conf_) {
sslbase_io* ssl = ssl_conf_->open(false, false);
sslbase_io* ssl = ssl_conf_->open(false);
if (conn_.setup_hook(ssl) == ssl) {
logger_error("open ssl failed, addr=%s", addr_);
ssl->destroy();

2
lib_acl_cpp/src/smtp/smtp_client.cpp
View File

@ -132,7 +132,7 @@ bool smtp_client::open(void)
// 如果设置了 SSL 通信方式,则需要打开 SSL 通信接口
if (ssl_conf_) {
sslbase_io* ssl = ssl_conf_->open(false, false);
sslbase_io* ssl = ssl_conf_->open(false);
if (stream_.setup_hook(ssl) == ssl) {
logger_error("open ssl client error!");
ssl->destroy();

11
lib_acl_cpp/src/stream/mbedtls_conf.cpp
View File

@ -643,10 +643,10 @@ bool mbedtls_conf::init_once(void)
#define CONF_OWN_CERT_OK 1
#define CONF_OWN_CERT_ERR 2
mbedtls_conf::mbedtls_conf(bool server_side)
mbedtls_conf::mbedtls_conf(bool server_side, mbedtls_verify_t verify_mode)
{
server_side_ = server_side;
#ifdef HAS_MBEDTLS
server_side_ = server_side;
init_status_ = CONF_INIT_NIL;
cert_status_ = CONF_OWN_CERT_NIL;
conf_ = acl_mycalloc(1, sizeof(mbedtls_ssl_config));
@ -657,8 +657,9 @@ mbedtls_conf::mbedtls_conf(bool server_side)
cache_ = NULL;
pkey_ = NULL;
verify_mode_ = MBEDTLS_VERIFY_NONE;
verify_mode_ = verify_mode;
#else
(void) server_side_;
(void) init_status_;
(void) cert_status_;
(void) conf_;
@ -920,9 +921,9 @@ bool mbedtls_conf::setup_certs(void* ssl)
#endif
}
sslbase_io* mbedtls_conf::open(bool server_side, bool nblock)
sslbase_io* mbedtls_conf::open(bool nblock)
{
return new mbedtls_io(*this, server_side, nblock);
return new mbedtls_io(*this, server_side_, nblock);
}
} // namespace acl

10
lib_acl_cpp/src/stream/polarssl_conf.cpp
View File

@ -288,9 +288,10 @@ void polarssl_conf::init_once(void)
lock_.unlock();
}
polarssl_conf::polarssl_conf(void)
polarssl_conf::polarssl_conf(bool server_side, polarssl_verify_t verify_mode)
{
#ifdef HAS_POLARSSL
server_side_ = server_side;
has_inited_ = false;
entropy_ = acl_mycalloc(1, sizeof(entropy_context));
cacert_ = NULL;
@ -298,8 +299,9 @@ polarssl_conf::polarssl_conf(void)
cache_ = NULL;
pkey_ = NULL;
verify_mode_ = POLARSSL_VERIFY_NONE;
verify_mode_ = verify_mode;
#else
(void) server_side_;
(void) entropy_;
(void) cacert_;
(void) cert_chain_;
@ -567,9 +569,9 @@ bool polarssl_conf::setup_certs(void* ssl_in, bool server_side)
#endif
}
sslbase_io* polarssl_conf::open(bool server_side, bool nblock)
sslbase_io* polarssl_conf::open(bool nblock)
{
return new polarssl_io(*this, server_side, nblock);
return new polarssl_io(*this, server_side_, nblock);
}
} // namespace acl