|
33 | 33 | #include "lwip/sockets.h" |
34 | 34 | #include "lwip/dns.h" |
35 | 35 | #include "lwip/netdb.h" |
| 36 | +#include "lwipsocket.h" |
36 | 37 |
|
37 | 38 |
|
38 | 39 | #define WLAN_MAX_RX_SIZE 2048 |
@@ -162,42 +163,12 @@ int lwipsocket_socket_connect(mod_network_socket_obj_t *s, byte *ip, mp_uint_t p |
162 | 163 | // printf("Connected.\n"); |
163 | 164 |
|
164 | 165 | if (s->sock_base.is_ssl && (ret == 0)) { |
165 | | - mp_obj_ssl_socket_t *ss = (mp_obj_ssl_socket_t *)s; |
166 | | - |
167 | | - if ((ret = mbedtls_net_set_block(&ss->context_fd)) != 0) { |
168 | | - // printf("failed! net_set_(non)block() returned -0x%x\n", -ret); |
169 | | - *_errno = errno; |
170 | | - return -1; |
171 | | - } |
172 | | - |
173 | | - mbedtls_ssl_set_bio(&ss->ssl, &ss->context_fd, mbedtls_net_send, NULL, mbedtls_net_recv_timeout); |
174 | | - |
175 | | - // printf("Performing the SSL/TLS handshake...\n"); |
176 | | - |
177 | | - while ((ret = mbedtls_ssl_handshake(&ss->ssl)) != 0) |
178 | | - { |
179 | | - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_TIMEOUT) |
180 | | - { |
181 | | - // printf("mbedtls_ssl_handshake returned -0x%x\n", -ret); |
182 | | - *_errno = errno; |
183 | | - return -1; |
184 | | - } |
185 | | - } |
186 | | - |
187 | | - // printf("Verifying peer X.509 certificate...\n"); |
188 | 166 |
|
189 | | - if ((ret = mbedtls_ssl_get_verify_result(&ss->ssl)) != 0) { |
190 | | - /* In real life, we probably want to close connection if ret != 0 */ |
191 | | - // printf("Failed to verify peer certificate!\n"); |
192 | | - *_errno = errno; |
193 | | - return -1; |
194 | | - } else { |
195 | | - // printf("Certificate verified.\n"); |
196 | | - } |
| 167 | + ret = lwipsocket_socket_setup_ssl(s, _errno); |
197 | 168 | } |
198 | 169 |
|
199 | 170 | s->sock_base.connected = true; |
200 | | - return 0; |
| 171 | + return ret; |
201 | 172 | } |
202 | 173 |
|
203 | 174 | int lwipsocket_socket_send(mod_network_socket_obj_t *s, const byte *buf, mp_uint_t len, int *_errno) { |
@@ -392,3 +363,45 @@ int lwipsocket_socket_ioctl (mod_network_socket_obj_t *s, mp_uint_t request, mp_ |
392 | 363 | } |
393 | 364 | return ret; |
394 | 365 | } |
| 366 | + |
| 367 | +int lwipsocket_socket_setup_ssl(mod_network_socket_obj_t *s, int *_errno) |
| 368 | +{ |
| 369 | + int ret; |
| 370 | + uint32_t count = 0; |
| 371 | + mp_obj_ssl_socket_t *ss = (mp_obj_ssl_socket_t *)s; |
| 372 | + |
| 373 | + if ((ret = mbedtls_net_set_block(&ss->context_fd)) != 0) { |
| 374 | + // printf("failed! net_set_(non)block() returned -0x%x\n", -ret); |
| 375 | + *_errno = ret; |
| 376 | + return -1; |
| 377 | + } |
| 378 | + |
| 379 | + mbedtls_ssl_set_bio(&ss->ssl, &ss->context_fd, mbedtls_net_send, NULL, mbedtls_net_recv_timeout); |
| 380 | + |
| 381 | + // printf("Performing the SSL/TLS handshake...\n"); |
| 382 | + |
| 383 | + while ((ret = mbedtls_ssl_handshake(&ss->ssl)) != 0) |
| 384 | + { |
| 385 | + if ((ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_TIMEOUT ) || count >= ss->read_timeout) |
| 386 | + { |
| 387 | + // printf("mbedtls_ssl_handshake returned -0x%x\n", -ret); |
| 388 | + *_errno = ret; |
| 389 | + return -1; |
| 390 | + } |
| 391 | + if(ret == MBEDTLS_ERR_SSL_TIMEOUT) |
| 392 | + { |
| 393 | + count++; |
| 394 | + } |
| 395 | + } |
| 396 | + |
| 397 | + // printf("Verifying peer X.509 certificate...\n"); |
| 398 | + |
| 399 | + if ((ret = mbedtls_ssl_get_verify_result(&ss->ssl)) != 0) { |
| 400 | + /* In real life, we probably want to close connection if ret != 0 */ |
| 401 | + // printf("Failed to verify peer certificate!\n"); |
| 402 | + *_errno = ret; |
| 403 | + return -1; |
| 404 | + } |
| 405 | + // printf("Certificate verified.\n"); |
| 406 | + return 0; |
| 407 | +} |
0 commit comments