1. 暴露ssl_stream.h给业务层；2. 将ssl policy功能放到业务层插件目录。

platform/src/ssl_stream.cpp

@@ -266,6 +266,46 @@ struct fs_spec
 	enum ssl_stream_stat id;
 	const char* name;
 };
+int sslver_str2num(const char * version_str)
+{
+	int sslversion = -1;
+
+	assert(OPENSSL_VERSION_NUMBER >= 0x10100000L);
+
+	/*
+	 * Support for SSLv2 and the corresponding SSLv2_method(),
+	 * SSLv2_server_method() and SSLv2_client_method() functions were
+	 * removed in OpenSSL 1.1.0.
+	 */
+	if (!strcmp(version_str, "ssl3"))
+	{
+		sslversion = SSL3_VERSION;
+	}
+	else if (!strcmp(version_str, "tls10") || !strcmp(version_str, "tls1"))
+	{
+		sslversion = TLS1_VERSION;
+	}
+	else if (!strcmp(version_str, "tls11"))
+	{
+		sslversion = TLS1_1_VERSION;
+	}
+	else if (!strcmp(version_str, "tls12"))
+	{
+		sslversion = TLS1_2_VERSION;
+	}
+	else if (!strcmp(version_str, "tls13"))
+	{
+		sslversion = TLS1_3_VERSION;
+	}
+
+	else
+	{
+		sslversion = -1;
+	}
+
+	return sslversion;
+}
+
 /*
  * Garbage collection handler.
  */
@@ -411,7 +451,6 @@ struct ssl_stream * ssl_stream_new(struct ssl_mgr * mgr, evutil_socket_t fd, enu
 {
 
 	UNUSED int ret = 0;
-	const unsigned char* selected_alpn=peer->alpn_selected;
 
 	struct ssl_stream * s_stream = ALLOC(struct ssl_stream, 1);
 	s_stream->dir = dir;
@@ -427,7 +466,7 @@ struct ssl_stream * ssl_stream_new(struct ssl_mgr * mgr, evutil_socket_t fd, enu
 			assert(peer!=NULL);
 			ATOMIC_INC(&(s_stream->mgr->stat_val[SSL_DOWN_NEW]));
 			s_stream->down_parts.keyring = kyr;
-			s_stream->ssl = downstream_ssl_create(mgr, kyr, peer->negotiated_version, selected_alpn);
+			s_stream->ssl = downstream_ssl_create(mgr, kyr, peer->negotiated_version, peer->alpn_selected);
 			break;
 		case CONN_DIR_UPSTREAM:
 			ATOMIC_INC(&(s_stream->mgr->stat_val[SSL_UP_NEW]));