Close #116 去除根据ClientHello镜像上游SSL版本的功能，增加在连接摘要日志记录SSL版本和SNI的功能

platform/src/ssl_stream.cpp

@@ -124,6 +124,7 @@ struct ssl_mgr
 	unsigned int no_alpn;
 	unsigned int no_cert_verify;
 	unsigned int no_mirror_client_cipher_suite;
+
 	CONST_SSL_METHOD * (* sslmethod)(void);        //Parameter of SSL_CTX_new
 	int ssl_min_version, ssl_max_version;
 	char ssl_session_context[8];
@@ -133,22 +134,18 @@ struct ssl_mgr
 
 	struct sess_cache * down_sess_cache;
 	struct sess_cache * up_sess_cache;
-
 	struct session_ticket_key ticket_key;
 
-
 	char default_ciphers[TFE_SYMBOL_MAX];
 	DH * dh;
 	char * ecdhcurve;
 	char * crl_url;
 
-	
 	struct cert_store_param cert_verify_param;
 	uint8_t ssl_mode_release_buffers;
 	char trusted_cert_file[TFE_PATH_MAX];
 	char trusted_cert_dir[TFE_PATH_MAX];
 
-
 	struct ssl_trusted_cert_storage * trust_CA_store;
 	struct key_keeper * key_keeper;
 	struct event_base * ev_base_gc;
@@ -582,21 +579,25 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 	MESA_load_profile_uint_def(ini_profile, section, "no_tls12", &(mgr->no_tls12), 0);
 	MESA_load_profile_string_def(ini_profile, section, "default_ciphers", mgr->default_ciphers, 
 		sizeof(mgr->default_ciphers), DFLT_CIPHERS);
+
 	MESA_load_profile_uint_def(ini_profile, section, "no_session_cache", &(mgr->no_sesscache), 0);
 	MESA_load_profile_uint_def(ini_profile, section, "no_session_ticket", &(mgr->no_sessticket), 0);
 	MESA_load_profile_uint_def(ini_profile, section, "no_alpn", &(mgr->no_alpn), 0);
 	MESA_load_profile_uint_def(ini_profile, section, "no_cert_verify", &(mgr->no_cert_verify), 0);
-	MESA_load_profile_uint_def(ini_profile, section, "no_mirror_client_cipher_suite", &(mgr->no_mirror_client_cipher_suite), 0);
 
-
-	MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024);
-	MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds", &(mgr->sess_expire_seconds), 30 * 60);
+	MESA_load_profile_uint_def(ini_profile, section, "no_mirror_client_cipher_suite",
+		&(mgr->no_mirror_client_cipher_suite), 0);
+	MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots",
+		&(mgr->cache_slots), 4 * 1024 * 1024);
+	MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds",
+		&(mgr->sess_expire_seconds), 30 * 60);
 
 	if(!mgr->no_sesscache)
 	{
 		mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM);
 		mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM);
 	}
+
 	//Reference to NGINX: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key
 	//Support key rotation in futher.
 	
@@ -775,6 +776,7 @@ static SSL * upstream_ssl_create(struct ssl_mgr * mgr, const struct ssl_chello *
 	sslctx = SSL_CTX_new(mgr->sslmethod());
 	sslctx_set_opts(sslctx, mgr);
 	int ret=0;
+
 	if(chello->cipher_suites!=NULL)
 	{
 		//SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher could be selected and 0 on complete failure.
@@ -789,19 +791,17 @@ static SSL * upstream_ssl_create(struct ssl_mgr * mgr, const struct ssl_chello *
 	{
 		ret=SSL_CTX_set_cipher_list(sslctx, mgr->default_ciphers);
 	}
-	if (mgr->ssl_min_version)
+
+	if (SSL_CTX_set_min_proto_version(sslctx, mgr->ssl_min_version) == 0 ||
+		SSL_CTX_set_max_proto_version(sslctx, mgr->ssl_max_version) == 0)
 	{
-		if (SSL_CTX_set_min_proto_version(sslctx, MAX(chello->min_version.ossl_format, mgr->ssl_min_version)) == 0 ||
-			SSL_CTX_set_max_proto_version(sslctx, MIN(chello->max_version.ossl_format, mgr->ssl_max_version)) == 0)
-		{
-			SSL_CTX_free(sslctx);
-			return NULL;
-		}
+		SSL_CTX_free(sslctx);
+		return NULL;
 	}
 
 	SSL_CTX_set_verify(sslctx, SSL_VERIFY_NONE, NULL);
 	ssl = SSL_new(sslctx);
-	SSL_CTX_free(sslctx);                            /* SSL_new() increments refcount */
+	SSL_CTX_free(sslctx);  /* SSL_new() increments refcount */
 
 	if (!ssl)
 	{