Nuvoton
NuMaker connection with AWS IoT thru MQTT/HTTPS
Dependencies: MQTT
my-tlssocket/MyTLSSocket.cpp@41:b878d7cd7035, 2020-03-27 (annotated)
- Committer:
- ccli8
- Date:
- Fri Mar 27 14:32:06 2020 +0800
- Revision:
- 41:b878d7cd7035
- Parent:
- 25:edf568984d27
Make code work across mbed-os 5.15/6.x
1. Replace deprecated API
2. Re-implement MyTLSSocket with Mbed OS internal TLSSocket
3. Fix PRNG driver calling code with M480 BSP update
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| ccli8 |
25:edf568984d27 | 1 | #include "mbed.h" |
| ccli8 |
25:edf568984d27 | 2 | #include "MyTLSSocket.h" |
| ccli8 |
25:edf568984d27 | 3 | |
| ccli8 |
41:b878d7cd7035 | 4 | MyTLSSocket::MyTLSSocket() |
| ccli8 |
25:edf568984d27 | 5 | { |
| ccli8 |
41:b878d7cd7035 | 6 | /* TLSSocket prints debug message thru mbed-trace. We override it and print thru STDIO. */ |
| ccli8 |
41:b878d7cd7035 | 7 | #if MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL > 0 |
| ccli8 |
41:b878d7cd7035 | 8 | mbedtls_ssl_conf_verify(get_ssl_config(), my_verify, this); |
| ccli8 |
41:b878d7cd7035 | 9 | mbedtls_ssl_conf_dbg(get_ssl_config(), my_debug, this); |
| ccli8 |
41:b878d7cd7035 | 10 | mbedtls_debug_set_threshold(MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL); |
| ccli8 |
41:b878d7cd7035 | 11 | #endif |
| ccli8 |
25:edf568984d27 | 12 | |
| ccli8 |
41:b878d7cd7035 | 13 | /* Enable RFC 6066 max_fragment_length extension in SSL */ |
| ccli8 |
41:b878d7cd7035 | 14 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && (MBED_CONF_MY_TLSSOCKET_TLS_MAX_FRAG_LEN > 0) |
| ccli8 |
41:b878d7cd7035 | 15 | mbedtls_ssl_conf_max_frag_len(get_ssl_config(), MBED_CONF_MY_TLSSOCKET_TLS_MAX_FRAG_LEN); |
| ccli8 |
41:b878d7cd7035 | 16 | #endif |
| ccli8 |
25:edf568984d27 | 17 | } |
| ccli8 |
25:edf568984d27 | 18 | |
| ccli8 |
25:edf568984d27 | 19 | MyTLSSocket::~MyTLSSocket() |
| ccli8 |
25:edf568984d27 | 20 | { |
| ccli8 |
25:edf568984d27 | 21 | } |
| ccli8 |
25:edf568984d27 | 22 | |
| ccli8 |
25:edf568984d27 | 23 | int MyTLSSocket::read(unsigned char* buffer, int len, int timeout) |
| ccli8 |
25:edf568984d27 | 24 | { |
| ccli8 |
25:edf568984d27 | 25 | set_timeout(timeout); |
| ccli8 |
41:b878d7cd7035 | 26 | |
| ccli8 |
25:edf568984d27 | 27 | int rc = recv(buffer, len); |
| ccli8 |
41:b878d7cd7035 | 28 | if (rc >= 0) { |
| ccli8 |
41:b878d7cd7035 | 29 | return rc; |
| ccli8 |
41:b878d7cd7035 | 30 | } else if (rc == NSAPI_ERROR_WOULD_BLOCK) { |
| ccli8 |
41:b878d7cd7035 | 31 | return 0; |
| ccli8 |
41:b878d7cd7035 | 32 | } else { |
| ccli8 |
41:b878d7cd7035 | 33 | printf("TLSSocket recv(%d) failed with %d\n", len, rc); |
| ccli8 |
41:b878d7cd7035 | 34 | return -1; |
| ccli8 |
41:b878d7cd7035 | 35 | } |
| ccli8 |
25:edf568984d27 | 36 | } |
| ccli8 |
25:edf568984d27 | 37 | |
| ccli8 |
25:edf568984d27 | 38 | int MyTLSSocket::write(unsigned char* buffer, int len, int timeout) |
| ccli8 |
25:edf568984d27 | 39 | { |
| ccli8 |
25:edf568984d27 | 40 | set_timeout(timeout); |
| ccli8 |
41:b878d7cd7035 | 41 | |
| ccli8 |
25:edf568984d27 | 42 | int rc = send(buffer, len); |
| ccli8 |
41:b878d7cd7035 | 43 | if (rc >= 0) { |
| ccli8 |
41:b878d7cd7035 | 44 | return rc; |
| ccli8 |
41:b878d7cd7035 | 45 | } else if (rc == NSAPI_ERROR_WOULD_BLOCK) { |
| ccli8 |
41:b878d7cd7035 | 46 | return 0; |
| ccli8 |
41:b878d7cd7035 | 47 | } else { |
| ccli8 |
41:b878d7cd7035 | 48 | printf("TLSSocket send(%d) failed with %d\n", len, rc); |
| ccli8 |
41:b878d7cd7035 | 49 | return -1; |
| ccli8 |
41:b878d7cd7035 | 50 | } |
| ccli8 |
25:edf568984d27 | 51 | } |
| ccli8 |
25:edf568984d27 | 52 | |
| ccli8 |
25:edf568984d27 | 53 | #if MBED_CONF_MY_TLSSOCKET_TLS_DEBUG_LEVEL > 0 |
| ccli8 |
25:edf568984d27 | 54 | void MyTLSSocket::my_debug(void *ctx, int level, const char *file, int line, |
| ccli8 |
25:edf568984d27 | 55 | const char *str) |
| ccli8 |
25:edf568984d27 | 56 | { |
| ccli8 |
25:edf568984d27 | 57 | const char *p, *basename; |
| ccli8 |
25:edf568984d27 | 58 | MyTLSSocket *tlssocket = static_cast<MyTLSSocket *>(ctx); |
| ccli8 |
25:edf568984d27 | 59 | |
| ccli8 |
25:edf568984d27 | 60 | /* Extract basename from file */ |
| ccli8 |
25:edf568984d27 | 61 | for (p = basename = file; *p != '\0'; p++) { |
| ccli8 |
25:edf568984d27 | 62 | if (*p == '/' || *p == '\\') { |
| ccli8 |
25:edf568984d27 | 63 | basename = p + 1; |
| ccli8 |
25:edf568984d27 | 64 | } |
| ccli8 |
25:edf568984d27 | 65 | } |
| ccli8 |
25:edf568984d27 | 66 | |
| ccli8 |
41:b878d7cd7035 | 67 | mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str); |
| ccli8 |
25:edf568984d27 | 68 | } |
| ccli8 |
25:edf568984d27 | 69 | |
| ccli8 |
25:edf568984d27 | 70 | int MyTLSSocket::my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) |
| ccli8 |
25:edf568984d27 | 71 | { |
| ccli8 |
25:edf568984d27 | 72 | const uint32_t buf_size = 1024; |
| ccli8 |
25:edf568984d27 | 73 | char *buf = new char[buf_size]; |
| ccli8 |
25:edf568984d27 | 74 | MyTLSSocket *tlssocket = static_cast<MyTLSSocket *>(data); |
| ccli8 |
25:edf568984d27 | 75 | |
| ccli8 |
41:b878d7cd7035 | 76 | printf("\nVerifying certificate at depth %d:\n", depth); |
| ccli8 |
25:edf568984d27 | 77 | mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt); |
| ccli8 |
41:b878d7cd7035 | 78 | printf("%s", buf); |
| ccli8 |
41:b878d7cd7035 | 79 | |
| ccli8 |
25:edf568984d27 | 80 | if (*flags == 0) { |
| ccli8 |
41:b878d7cd7035 | 81 | printf("No verification issue for this certificate\n"); |
| ccli8 |
41:b878d7cd7035 | 82 | } else { |
| ccli8 |
25:edf568984d27 | 83 | mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags); |
| ccli8 |
41:b878d7cd7035 | 84 | printf("%s\n", buf); |
| ccli8 |
25:edf568984d27 | 85 | } |
| ccli8 |
25:edf568984d27 | 86 | |
| ccli8 |
25:edf568984d27 | 87 | delete[] buf; |
| ccli8 |
41:b878d7cd7035 | 88 | |
| ccli8 |
25:edf568984d27 | 89 | return 0; |
| ccli8 |
25:edf568984d27 | 90 | } |
| ccli8 |
25:edf568984d27 | 91 | #endif |