feat(examples): Modify examples to make mbedtls and wolfssl compatible

2025-08-06 07:00:05 +08:00 · 2018-05-18 17:31:35 +08:00
parent ac5a210287
commit 271e2c7bfa
6 changed files with 144 additions and 77 deletions
--- a/examples/protocols/openssl_client/main/openssl_client_example_main.c
+++ b/examples/protocols/openssl_client/main/openssl_client_example_main.c
@ -22,6 +22,10 @@
 #include <sys/socket.h>
 #include <netdb.h>

+#if CONFIG_SSL_USING_WOLFSSL
+#include "lwip/apps/sntp.h"
+#endif
+
 #include "openssl/ssl.h"

 #define OPENSSL_CLIENT_THREAD_NAME "openssl_client"
@ -59,6 +63,40 @@ static int send_bytes = sizeof(send_data);

 static char recv_buf[OPENSSL_CLIENT_RECV_BUF_LEN];

+#if CONFIG_SSL_USING_WOLFSSL
+static void get_time()
+{
+    struct timeval now;
+    int sntp_retry_cnt = 0;
+    int sntp_retry_time = 0;
+
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, "pool.ntp.org");
+    sntp_init();
+
+    while (1) {
+        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
+            vTaskDelay(100 / portTICK_RATE_MS);
+            gettimeofday(&now, NULL);
+        }
+
+        if (now.tv_sec < 1525952900) {
+            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
+
+            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
+                sntp_retry_cnt ++;
+            }
+
+            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
+            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
+        } else {
+            printf("SNTP get time success\n");
+            break;
+        }
+    }
+}
+#endif
+
 static void openssl_client_thread(void* p)
 {
    int ret;
@ -73,6 +111,11 @@ static void openssl_client_thread(void* p)

    printf("OpenSSL client thread start...\n");

+#if CONFIG_SSL_USING_WOLFSSL
+    /* CA date verification need system time */
+    get_time();
+#endif
+
    /*get addr info for hostname*/
    do {
        entry = gethostbyname(CONFIG_TARGET_DOMAIN);
@ -90,10 +133,9 @@ static void openssl_client_thread(void* p)
    printf("OK\n");

    printf("load ca crt ......");
-    X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start);
+    ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);

-    if (cacrt) {
-        SSL_CTX_add_client_CA(ctx, cacrt);
+    if (ret) {
        printf("OK\n");
    } else {
        printf("failed\n");
@ -123,17 +165,6 @@ static void openssl_client_thread(void* p)
    printf("set verify mode verify peer\n");
    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);

-    printf("set SSL context read buffer size ......");
-    SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_CLIENT_FRAGMENT_SIZE);
-    ret = 0;
-
-    if (ret) {
-        printf("failed, return %d\n", ret);
-        goto failed2;
-    }
-
-    printf("OK\n");
-
    printf("create socket ......");
    socket = socket(AF_INET, SOCK_STREAM, 0);