bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; int32_t caCertsLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates //SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
static void* client_thread(void* args) { /* set up client */ WOLFSSL_CTX* cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (cli_ctx == NULL) err_sys("bad client ctx new"); int ret = wolfSSL_CTX_load_verify_locations(cli_ctx, cacert, NULL); if (ret != SSL_SUCCESS) err_sys("bad ca load"); wolfSSL_SetIOSend(cli_ctx, ClientSend); wolfSSL_SetIORecv(cli_ctx, ClientRecv); WOLFSSL* cli_ssl = wolfSSL_new(cli_ctx); if (cli_ctx == NULL) err_sys("bad client new"); ret = wolfSSL_connect(cli_ssl); if (ret != SSL_SUCCESS) err_sys("bad client tls connect"); printf("wolfSSL client success!\n"); ret = wolfSSL_write(cli_ssl, "hello memory wolfSSL!", 21); /* clean up */ wolfSSL_free(cli_ssl); wolfSSL_CTX_free(cli_ctx); return NULL; }
/* Create a new wolfSSL client with a server CA certificate. */ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) { int ret = 0; WOLFSSL_CTX* client_ctx = NULL; WOLFSSL* client_ssl = NULL; /* Create and initialize WOLFSSL_CTX */ if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(), HEAP_HINT_CLIENT)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; } if (ret == 0) { /* Load CA certificates into WOLFSSL_CTX */ if (wolfSSL_CTX_load_verify_buffer(client_ctx, CA_CERTS, CA_CERTS_LEN, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR: failed to load CA certificate\n"); ret = -1; } } if (ret == 0) { /* Register callbacks */ wolfSSL_SetIORecv(client_ctx, recv_client); wolfSSL_SetIOSend(client_ctx, send_client); } if (ret == 0) { /* Create a WOLFSSL object */ if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) { printf("ERROR: failed to create WOLFSSL object\n"); ret = -1; } } if (ret == 0) { /* make wolfSSL object nonblocking */ wolfSSL_set_using_nonblock(client_ssl, 1); } if (ret == 0) { *ctx = client_ctx; *ssl = client_ssl; } else { if (client_ssl != NULL) wolfSSL_free(client_ssl); if (client_ctx != NULL) wolfSSL_CTX_free(client_ctx); } return ret; }
int Client(const char* ip, word16 port) { int n; char msg[] = "hello wolfssl"; char reply[MAXSZ]; int msgSz = strlen(msg); SOCKET_T fd; WOLFSSL_CTX* ctx; WOLFSSL* ssl; if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) err_sys("Error in setting client ctx\n"); if (wolfSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("trouble loading client cert"); /*sets the IO callback methods*/ wolfSSL_SetIORecv(ctx, CbIORecv); wolfSSL_SetIOSend(ctx, CbIOSend); if ((ssl = wolfSSL_new(ctx)) == NULL) err_sys("issue when creating ssl"); tcp_connect(&fd, ip, port, 0); wolfSSL_set_fd(ssl, fd); if (wolfSSL_connect(ssl) != SSL_SUCCESS) err_sys("client connect failed"); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) err_sys("client write failed"); memset(reply, 0, MAXSZ); if ((n = wolfSSL_read(ssl, reply, MAXSZ - 1)) > 0) { reply[n] = '\0'; } else { printf("client read returned %d\n", n); return -1; } printf("Server sent : %s\n", reply); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); return 0; }
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; int32_t caCertsLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientKey, strlen((char *)appData.clientKey), SSL_FILETYPE_PEM) != SSL_SUCCESS) { // Couldn't load the private key wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Loading the client cert so that the server can authenticate us (client authentication)) if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, (unsigned char *)appData.clientCert, strlen((char *)appData.clientCert), SSL_FILETYPE_PEM) != SSL_SUCCESS) { // Couldn't load the client certificate wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn off verification, because SNTP is usually blocked by a firewall wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }
int main() { /* set up server */ WOLFSSL_CTX* srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); if (srv_ctx == NULL) err_sys("bad server ctx new"); int ret = wolfSSL_CTX_use_PrivateKey_file(srv_ctx, key, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server key file load"); ret = wolfSSL_CTX_use_certificate_file(srv_ctx, cert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("bad server cert file load"); wolfSSL_SetIOSend(srv_ctx, ServerSend); wolfSSL_SetIORecv(srv_ctx, ServerRecv); WOLFSSL* srv_ssl = wolfSSL_new(srv_ctx); if (srv_ctx == NULL) err_sys("bad server new"); /* start client thread */ pthread_t tid; pthread_create(&tid, 0, client_thread, NULL); /* accept tls connection without tcp sockets */ ret = wolfSSL_accept(srv_ssl); if (ret != SSL_SUCCESS) err_sys("bad server tls accept"); printf("wolfSSL accept success!\n"); /* read msg post handshake from client */ unsigned char buf[80]; memset(buf, 0, sizeof(buf)); ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1); printf("client msg = %s\n", buf); /* clean up */ wolfSSL_free(srv_ssl); wolfSSL_CTX_free(srv_ctx); return 0; }
static int create_wolfssl_instance(TLS_IO_INSTANCE* tls_io_instance) { int result; if (add_certificate_to_store(tls_io_instance) != 0) { wolfSSL_CTX_free(tls_io_instance->ssl_context); result = __LINE__; } else { tls_io_instance->ssl = wolfSSL_new(tls_io_instance->ssl_context); if (tls_io_instance->ssl == NULL) { wolfSSL_CTX_free(tls_io_instance->ssl_context); result = __LINE__; } else { tls_io_instance->socket_io_read_bytes = NULL; tls_io_instance->socket_io_read_byte_count = 0; tls_io_instance->on_send_complete = NULL; tls_io_instance->on_send_complete_callback_context = NULL; wolfSSL_set_using_nonblock(tls_io_instance->ssl, 1); wolfSSL_SetIOSend(tls_io_instance->ssl_context, on_io_send); wolfSSL_SetIORecv(tls_io_instance->ssl_context, on_io_recv); wolfSSL_SetHsDoneCb(tls_io_instance->ssl, on_handshake_done, tls_io_instance); wolfSSL_SetIOWriteCtx(tls_io_instance->ssl, tls_io_instance); wolfSSL_SetIOReadCtx(tls_io_instance->ssl, tls_io_instance); tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN; result = 0; } } return result; }
int MqttSocket_Connect(MqttClient *client, const char* host, word16 port, int timeout_ms, int use_tls, MqttTlsCb cb) { int rc; /* Validate arguments */ if (client == NULL || client->net == NULL || client->net->connect == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } /* Validate port */ if (port == 0) { port = (use_tls) ? MQTT_SECURE_PORT : MQTT_DEFAULT_PORT; } /* Connect to host */ rc = client->net->connect(client->net->context, host, port, timeout_ms); if (rc != 0) { return rc; } client->flags |= MQTT_CLIENT_FLAG_IS_CONNECTED; #ifdef ENABLE_MQTT_TLS if (use_tls) { /* Setup the WolfSSL library */ wolfSSL_Init(); /* Issue callback to allow setup of the wolfSSL_CTX and cert verification settings */ rc = SSL_SUCCESS; if (cb) { rc = cb(client); } if (rc == SSL_SUCCESS) { /* Create and initialize the WOLFSSL_CTX structure */ if (client->tls.ctx == NULL) { /* Use defaults */ client->tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); if (client->tls.ctx) { wolfSSL_CTX_set_verify(client->tls.ctx, SSL_VERIFY_NONE, 0); } } if (client->tls.ctx) { /* Seutp the async IO callbacks */ wolfSSL_SetIORecv(client->tls.ctx, MqttSocket_TlsSocketReceive); wolfSSL_SetIOSend(client->tls.ctx, MqttSocket_TlsSocketSend); client->tls.ssl = wolfSSL_new(client->tls.ctx); if (client->tls.ssl) { wolfSSL_SetIOReadCtx(client->tls.ssl, (void *)client); wolfSSL_SetIOWriteCtx(client->tls.ssl, (void *)client); rc = wolfSSL_connect(client->tls.ssl); if (rc == SSL_SUCCESS) { client->flags |= MQTT_CLIENT_FLAG_IS_TLS; rc = MQTT_CODE_SUCCESS; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: wolfSSL_new error!\n"); #endif rc = -1; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: wolfSSL_CTX_new error!\n"); #endif rc = -1; } } else { #ifndef WOLFMQTT_NO_STDIO printf("MqttSocket_TlsConnect: TLS callback error!\n"); #endif rc = -1; } /* Handle error case */ if (rc) { #ifndef WOLFMQTT_NO_STDIO const char* errstr = NULL; int errnum = 0; if (client->tls.ssl) { errnum = wolfSSL_get_error(client->tls.ssl, 0); errstr = wolfSSL_ERR_reason_error_string(errnum); } printf("MqttSocket_TlsConnect Error %d: Num %d, %s\n", rc, errnum, errstr); #endif /* Make sure we cleanup on error */ MqttSocket_Disconnect(client); rc = MQTT_CODE_ERROR_TLS_CONNECT; } } #else (void)cb; #endif /* ENABLE_MQTT_TLS */ #ifdef WOLFMQTT_DEBUG_SOCKET printf("MqttSocket_Connect: Rc=%d\n", rc); #endif /* Check for error */ if (rc < 0) { rc = MQTT_CODE_ERROR_NETWORK; } return rc; }
int WolfSSLConnection::connect(const char* host, const int port) { int result; if(sslContext == NULL) { LogError("NULL SSL context\r\n"); result = __LINE__; } else { if (init_socket(SOCK_STREAM) < 0) { LogError("init_socket failed\r\n"); result = __LINE__; } else { if (set_address(host, port) != 0) { LogError("set_address failed\r\n"); result = __LINE__; } else if (lwip_connect(_sock_fd, (const struct sockaddr *) &_remoteHost, sizeof(_remoteHost)) < 0) { close(); LogError("lwip_connect failed\r\n"); result = __LINE__; } else { wolfSSL_SetIOSend(sslContext, &sendCallback); wolfSSL_SetIORecv(sslContext, &receiveCallback); ssl = wolfSSL_new(sslContext); if(ssl == NULL) { LogError("wolfssl new error\r\n"); result = __LINE__; } else { wolfSSL_set_fd(ssl, _sock_fd); result = wolfSSL_connect(ssl); if (result != SSL_SUCCESS) { LogError("wolfssl connect error=%d\r\n", result); result = __LINE__; } else { result = 0; isConnected = true; } } } } } return result; };
/* Create a new wolfSSL server with a certificate for authentication. */ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) { int ret = 0; WOLFSSL_CTX* server_ctx = NULL; WOLFSSL* server_ssl = NULL; /* Create and initialize WOLFSSL_CTX */ if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(), HEAP_HINT_SERVER)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; } if (ret == 0) { /* Load client certificates into WOLFSSL_CTX */ if (wolfSSL_CTX_use_certificate_buffer(server_ctx, SERVER_CERT, SERVER_CERT_LEN, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR: failed to load server certificate\n"); ret = -1; } } if (ret == 0) { /* Load client certificates into WOLFSSL_CTX */ if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, SERVER_KEY, SERVER_KEY_LEN, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { printf("ERROR: failed to load server key\n"); ret = -1; } } if (ret == 0) { /* Register callbacks */ wolfSSL_SetIORecv(server_ctx, recv_server); wolfSSL_SetIOSend(server_ctx, send_server); } if (ret == 0) { /* Create a WOLFSSL object */ if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) { printf("ERROR: failed to create WOLFSSL object\n"); ret = -1; } } if (ret == 0) { /* make wolfSSL object nonblocking */ wolfSSL_set_using_nonblock(server_ssl, 1); } if (ret == 0) { *ctx = server_ctx; *ssl = server_ssl; } else { if (server_ssl != NULL) wolfSSL_free(server_ssl); if (server_ctx != NULL) wolfSSL_CTX_free(server_ctx); } return ret; }
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject) { const uint8_t * caCertsPtr; const uint8_t * clientCertPtr; const uint8_t * clientKeyPtr; int32_t caCertsLen; int32_t clientCertLen; int32_t clientKeyLen; if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0)) { return false; } if (!NET_PRES_CertStoreGetClientCerts(&clientCertPtr, &clientCertLen, 0)) { return false; } if (!NET_PRES_CertStoreGetClientKey(&clientKeyPtr, &clientKeyLen, 0)) { return false; } if (_net_pres_wolfsslUsers == 0) { wolfSSL_Init(); _net_pres_wolfsslUsers++; } net_pres_wolfSSLInfoStreamClient0.transObject = transObject; net_pres_wolfSSLInfoStreamClient0.context = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (net_pres_wolfSSLInfoStreamClient0.context == 0) { return false; } wolfSSL_SetIORecv(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIORecv)&NET_PRES_EncGlue_StreamClientReceiveCb0); wolfSSL_SetIOSend(net_pres_wolfSSLInfoStreamClient0.context, (CallbackIOSend)&NET_PRES_EncGlue_StreamClientSendCb0); // Loading the rootCA cert so we can authenticate the server certificate given to us if (wolfSSL_CTX_load_verify_buffer(net_pres_wolfSSLInfoStreamClient0.context, caCertsPtr, caCertsLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the certificates //SYS_CONSOLE_MESSAGE("Something went wrong loading the certificates\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Loading the private key for client authentication use if(wolfSSL_CTX_use_PrivateKey_buffer(net_pres_wolfSSLInfoStreamClient0.context, clientKeyPtr, clientKeyLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the private key //SYS_CONSOLE_MESSAGE("Something went wrong loading the private key\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Loading the client cert so that the server can authenticate us (client authentication)) if(wolfSSL_CTX_use_certificate_buffer(net_pres_wolfSSLInfoStreamClient0.context, clientCertPtr, clientCertLen, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { // Couldn't load the client certificate //SYS_CONSOLE_MESSAGE("Something went wrong loading the client certificate\r\n"); wolfSSL_CTX_free(net_pres_wolfSSLInfoStreamClient0.context); return false; } // Turn on verification, ensure SNTP is not blocked by firewall // SSL_VERIFY_PEER: This option is turned on by default so technically this // is not needed wolfSSL_CTX_set_verify(net_pres_wolfSSLInfoStreamClient0.context, SSL_VERIFY_NONE, 0); net_pres_wolfSSLInfoStreamClient0.isInited = true; return true; }