Additional modifications to the final submission (#149)

an-tao · web-flow · commit 8b26fd90bcbd · 2021-05-26T16:31:19.000+08:00
diff --git a/trantor/net/TcpClient.cc b/trantor/net/TcpClient.cc
@@ -202,13 +202,15 @@ void TcpClient::removeConnection(const TcpConnectionPtr &conn)
     }
 }
 
-void TcpClient::enableSSL(bool useOldTLS,
-                          bool validateCert,
-                          std::string hostname)
+void TcpClient::enableSSL(
+    bool useOldTLS,
+    bool validateCert,
+    std::string hostname,
+    const std::vector<std::pair<std::string, std::string>> &sslConfCmds)
 {
 #ifdef USE_OPENSSL
     /* Create a new OpenSSL context */
-    sslCtxPtr_ = newSSLContext(useOldTLS, validateCert, {});
+    sslCtxPtr_ = newSSLContext(useOldTLS, validateCert, sslConfCmds);
     validateCert_ = validateCert;
     if (!hostname.empty())
     {
diff --git a/trantor/net/TcpClient.h b/trantor/net/TcpClient.h
@@ -193,16 +193,20 @@ class TRANTOR_EXPORT TcpClient : NonCopyable
      * @brief Enable SSL encryption.
      * @param useOldTLS If true, the TLS 1.0 and 1.1 are supported by the
      * client.
-     * @param hostname The server hostname for SNI. If it is empty, the SNI is
-     * not used.
      * @param validateCert If true, we try to validate if the peer's SSL cert
      * is valid.
+     * @param hostname The server hostname for SNI. If it is empty, the SNI is
+     * not used.
+     * @param sslConfCmds The commands used to call the SSL_CONF_cmd function in
+     * OpenSSL.
      * @note It's well known that TLS 1.0 and 1.1 are not considered secure in
      * 2020. And it's a good practice to only use TLS 1.2 and above.
      */
     void enableSSL(bool useOldTLS = false,
                    bool validateCert = true,
-                   std::string hostname = "");
+                   std::string hostname = "",
+                   const std::vector<std::pair<std::string, std::string>>
+                       &sslConfCmds = {});
 
   private:
     /// Not thread safe, but in loop
diff --git a/trantor/net/TcpConnection.h b/trantor/net/TcpConnection.h
@@ -230,6 +230,8 @@ class TRANTOR_EXPORT TcpConnection
      * established.
      * @param hostname The server hostname for SNI. If it is empty, the SNI is
      * not used.
+     * @param sslConfCmds The commands used to call the SSL_CONF_cmd function in
+     * OpenSSL.
      */
     virtual void startClientEncryption(
         std::function<void()> callback,
diff --git a/trantor/net/TcpServer.h b/trantor/net/TcpServer.h
@@ -202,6 +202,8 @@ class TRANTOR_EXPORT TcpServer : NonCopyable
      * @param keyPath The path of the private key file.
      * @param useOldTLS If true, the TLS 1.0 and 1.1 are supported by the
      * server.
+     * @param sslConfCmds The commands used to call the SSL_CONF_cmd function in
+     * OpenSSL.
      * @note It's well known that TLS 1.0 and 1.1 are not considered secure in
      * 2020. And it's a good practice to only use TLS 1.2 and above.
      */

Original file line number	Diff line number	Diff line change
`@@ -202,13 +202,15 @@ void TcpClient::removeConnection(const TcpConnectionPtr &conn)`
`202`	`202`	`}`
`203`	`203`	`}`
`204`	`204`
`205`		`-void TcpClient::enableSSL(bool useOldTLS,`
`206`		`- bool validateCert,`
`207`		`- std::string hostname)`
	`205`	`+void TcpClient::enableSSL(`
	`206`	`+ bool useOldTLS,`
	`207`	`+ bool validateCert,`
	`208`	`+ std::string hostname,`
	`209`	`+ const std::vector<std::pair<std::string, std::string>> &sslConfCmds)`
`208`	`210`	`{`
`209`	`211`	`#ifdef USE_OPENSSL`
`210`	`212`	`/* Create a new OpenSSL context */`
`211`		`- sslCtxPtr_ = newSSLContext(useOldTLS, validateCert, {});`
	`213`	`+ sslCtxPtr_ = newSSLContext(useOldTLS, validateCert, sslConfCmds);`
`212`	`214`	`validateCert_ = validateCert;`
`213`	`215`	`if (!hostname.empty())`
`214`	`216`	`{`