Example TLS client with wolfSSL, with cert
Dependencies: EthernetInterface NTPClient SDFileSystem mbed-rtos mbed wolfSSL
Diff: client-tls.cpp
- Revision:
- 3:25d42ccf2f12
- Parent:
- 2:53d82dd5e556
- Child:
- 4:ebcf8e2d846a
--- a/client-tls.cpp Mon Jul 20 08:39:55 2015 +0000 +++ b/client-tls.cpp Tue Jul 21 11:38:01 2015 +0000 @@ -21,18 +21,25 @@ #include "mbed.h" #include "EthernetInterface.h" +#include "NTPClient.h" #include "SDFileSystem.h" #include <stdio.h> #include <stdlib.h> #include <string.h> #include <wolfssl/ssl.h> /* wolfSSL security library */ +#include <wolfssl/wolfcrypt/error-crypt.h> #include <user_settings.h> #define MAXDATASIZE (1024*4) -#ifndef WOLFSSL_NO_VERIFYSERVER -SDFileSystem sdCard(PTE3, PTE1, PTE2, PTE4, "sd"); -const char* cert = "/sd/cert-file.crt"; +#if !defined(WOLFSSL_NO_VERIFYSERVER) + #if defined(NO_FILESYSTEM) + #define USE_CERT_BUFFERS_2048 + #include <wolfssl/certs_test.h> + #else + SDFileSystem sdCard(PTE3, PTE1, PTE2, PTE4, "sd"); + const char* certFile = "/sd/ca-cert.pem"; + #endif #endif static int SocketReceive(WOLFSSL* ssl, char *buf, int sz, void *sock) @@ -100,16 +107,16 @@ if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) < 0) { /* the message is not able to send, or error trying */ ret = wolfSSL_get_error(ssl, 0); - printf("Write error: Error: %i\n", ret); + printf("Write error[%d]\n", ret, wc_GetErrorString(ret)); return EXIT_FAILURE; } printf("Recieved:\n"); while(1) { - if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff))) < 0) { + if ((ret = wolfSSL_read(ssl, rcvBuff, sizeof(rcvBuff)-1)) < 0) { if(ret == 0)break ; /* the server failed to send data, or error trying */ ret = wolfSSL_get_error(ssl, 0); - printf("Read error. Error: %i\n", ret); + printf("Read error[%d], %s\n", ret, wc_GetErrorString(ret)); return EXIT_FAILURE; } rcvBuff[ret] = '\0' ; @@ -140,7 +147,18 @@ wolfSSL_SetIORecv(ctx, SocketReceive) ; wolfSSL_SetIOSend(ctx, SocketSend) ; +#ifdef WOLFSSL_NO_VERIFYSERVER wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); +#else + #ifndef NO_FILESYSTEM + if (wolfSSL_CTX_load_verify_locations(ctx, certFile,0) != SSL_SUCCESS) + printf("can't load ca file\n"); + #else + if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS) + printf("can't load ca data"); + #endif +#endif if ((ssl = wolfSSL_new(ctx)) == NULL) { printf("wolfSSL_new error.\n"); @@ -156,7 +174,7 @@ ret = ClientGreet(socket, ssl); } else { ret = wolfSSL_get_error(ssl, 0); - printf("TLS Connect error. Error: %i\n", ret); + printf("TLS Connect error[%d], %s\n", ret, wc_GetErrorString(ret)); } /* frees all data before client termination */ wolfSSL_free(ssl); @@ -173,21 +191,29 @@ { char server_addr[40] ; char server_port[10] ; - + + wolfSSL_Init(); /* initialize wolfSSL */ + /* wolfSSL_Debugging_ON(); */ EthernetInterface eth; TCPSocketConnection socket; - - wolfSSL_Init(); /* initialize wolfSSL */ eth.init(); //Use DHCP eth.connect(); printf("Client Addr: %s\n", eth.getIPAddress()); +#ifndef WOLFSSL_NO_VERIFYSERVER + NTPClient ntp; + if(ntp.setTime("ntp.jst.mfeed.ad.jp") != 0){ + printf("NTP Error\n") ; + return ; + } +#endif + getline("Server Addr: ", server_addr, sizeof(server_addr)) ; getline("Server Port: ", server_port, sizeof(server_port)) ; while (socket.connect(server_addr, atoi(server_port)) < 0) { - printf("Unable to connect to (%s) on port (%d)\n", server_addr, server_port); - wait(1.0); + printf("Unable to connect to (%s) on port (%s)\n", server_addr, server_port); + wait(1.0) ; } printf("TCP Connected\n") ;