wolf SSL
Example TLS client with wolfSSL, with cert
Dependencies: EthernetInterface NTPClient SDFileSystem mbed-rtos mbed wolfSSL
Diff: client-tls.cpp
- Revision:
- 3:25d42ccf2f12
- Parent:
- 2:53d82dd5e556
- Child:
- 4:ebcf8e2d846a
--- a/client-tls.cpp Mon Jul 20 08:39:55 2015 +0000
+++ b/client-tls.cpp Tue Jul 21 11:38:01 2015 +0000
@@ -21,18 +21,25 @@
#include "mbed.h"
#include "EthernetInterface.h"
+#include "NTPClient.h"
#include "SDFileSystem.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <wolfssl/ssl.h> /* wolfSSL security library */
+#include <wolfssl/wolfcrypt/error-crypt.h>
#include <user_settings.h>
#define MAXDATASIZE (1024*4)
-#ifndef WOLFSSL_NO_VERIFYSERVER
-SDFileSystem sdCard(PTE3, PTE1, PTE2, PTE4, "sd");
-const char* cert = "/sd/cert-file.crt";
+#if !defined(WOLFSSL_NO_VERIFYSERVER)
+ #if defined(NO_FILESYSTEM)
+ #define USE_CERT_BUFFERS_2048
+ #include <wolfssl/certs_test.h>
+ #else
+ SDFileSystem sdCard(PTE3, PTE1, PTE2, PTE4, "sd");
+ const char* certFile = "/sd/ca-cert.pem";
+ #endif
#endif
static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock)
@@ -100,16 +107,16 @@
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) < 0) {
/* the message is not able to send, or error trying */
ret = wolfSSL_get_error(ssl, 0);
- printf("Write error: Error: %i\n", ret);
+ printf("Write error[%d]\n", ret, wc_GetErrorString(ret));
return EXIT_FAILURE;
}
printf("Recieved:\n");
while(1) {
- if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff))) < 0) {
+ if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff)-1)) < 0) {
if(ret == 0)break ;
/* the server failed to send data, or error trying */
ret = wolfSSL_get_error(ssl, 0);
- printf("Read error. Error: %i\n", ret);
+ printf("Read error[%d], %s\n", ret, wc_GetErrorString(ret));
return EXIT_FAILURE;
}
rcvBuff[ret] = '\0' ;
@@ -140,7 +147,18 @@
wolfSSL_SetIORecv(ctx, SocketReceive) ;
wolfSSL_SetIOSend(ctx, SocketSend) ;
+#ifdef WOLFSSL_NO_VERIFYSERVER
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+#else
+ #ifndef NO_FILESYSTEM
+ if (wolfSSL_CTX_load_verify_locations(ctx, certFile,0) != SSL_SUCCESS)
+ printf("can't load ca file\n");
+ #else
+ if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
+ sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
+ printf("can't load ca data");
+ #endif
+#endif
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
@@ -156,7 +174,7 @@
ret = ClientGreet(socket, ssl);
} else {
ret = wolfSSL_get_error(ssl, 0);
- printf("TLS Connect error. Error: %i\n", ret);
+ printf("TLS Connect error[%d], %s\n", ret, wc_GetErrorString(ret));
}
/* frees all data before client termination */
wolfSSL_free(ssl);
@@ -173,21 +191,29 @@
{
char server_addr[40] ;
char server_port[10] ;
-
+
+ wolfSSL_Init(); /* initialize wolfSSL */
+ /* wolfSSL_Debugging_ON(); */
EthernetInterface eth;
TCPSocketConnection socket;
-
- wolfSSL_Init(); /* initialize wolfSSL */
eth.init(); //Use DHCP
eth.connect();
printf("Client Addr: %s\n", eth.getIPAddress());
+#ifndef WOLFSSL_NO_VERIFYSERVER
+ NTPClient ntp;
+ if(ntp.setTime("ntp.jst.mfeed.ad.jp") != 0){
+ printf("NTP Error\n") ;
+ return ;
+ }
+#endif
+
getline("Server Addr: ", server_addr, sizeof(server_addr)) ;
getline("Server Port: ", server_port, sizeof(server_port)) ;
while (socket.connect(server_addr, atoi(server_port)) < 0) {
- printf("Unable to connect to (%s) on port (%d)\n", server_addr, server_port);
- wait(1.0);
+ printf("Unable to connect to (%s) on port (%s)\n", server_addr, server_port);
+ wait(1.0) ;
}
printf("TCP Connected\n") ;