ESP8266 RTOS版SDK是否支持SSL/TLS？

[zsf518]

hi all，
请问ESP8266 RTOS版本的SDK的SSL/TLS是怎么应用的？
有没有对应的文档或者demo可以参考？

谢谢啦。

[zsf518]

使用论坛里面一个例子，这个例子本身也不正确。

unsigned char *default_certificate;
unsigned int default_certificate_len = 0;
unsigned char *default_private_key;
unsigned int default_private_key_len = 0;

void ICACHE_FLASH_ATTR
ssl_task( void *param )
{
int res;
//uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
uint32_t options = SSL_NO_DEFAULT_KEY|SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;

int sslclient_fd;
struct sockaddr_in sslserver_addr;

int reconnect = 5;
uint32_t sin_addr;

SSL_CTX *ssl_ctx;
SSL *ssl = NULL;
uint8_t session_id[SSL_SESSION_ID_SIZE];

struct ip_info ipconfig;

while (ipconfig.ip.addr == 0)
{
vTaskDelay(500 / portTICK_RATE_MS);
wifi_get_ip_info(STATION_IF, &ipconfig);
}
printf("ipconfig.ip.addr = %x\n",ipconfig.ip.addr);

// This is where the interesting stuff happens. Up until now we've
// just been setting up sockets etc. Now we do the SSL handshake.

sslclient_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

memset(&sslserver_addr, 0, sizeof(sslserver_addr));
sslserver_addr.sin_family = AF_INET;
sslserver_addr.sin_addr.s_addr = inet_addr("59.37.116.101"); //dnspod
sslserver_addr.sin_port = htons(443);

if (connect(sslclient_fd, (struct sockaddr *)&sslserver_addr,sizeof(sslserver_addr)) < 0)
{
printf("connect failed \n");
return;
}

printf("init ssl ctx\n");
if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
{
printf("Error: ssl_ctx_newt is invalid\n");
return;
}

printf("ready to ssl handshake \n");

tryagain:
// Try session resumption?
if (reconnect)
{
while (reconnect--)
{
ssl = ssl_client_new(ssl_ctx, sslclient_fd, session_id, sizeof(session_id));
printf("%x, %d, %d, %x, %d, %x, %d, %d \n",ssl->flag,
ssl->need_bytes,
ssl->got_bytes,
ssl->record_type,
ssl->version,
ssl->bm_read_index,
ssl->next_state,
ssl->hs_status);
if ((res = ssl_handshake_status(ssl)) != SSL_OK)
{
printf("ssl handshake failed res = %d\n", res);
ssl_free(ssl);
}

//display_session_id(ssl);
memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);

if (reconnect)
{
ssl_free(ssl);
close(sslclient_fd);

sslclient_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
connect(sslclient_fd, (struct sockaddr *)&sslserver_addr,sizeof(sslserver_addr));
}
}
}
else
{
ssl = ssl_client_new(ssl_ctx, sslclient_fd, NULL, 0);
if(ssl == NULL)
{
printf("ssl_client_new failed \n");
goto tryagain;
}
}

// check the return status
if ((res = ssl_handshake_status(ssl)) != SSL_OK)
{
printf("ssl handshake failed res = %d\n", res);
ssl_free(ssl);

//goto EXIT;
goto tryagain;
}

while(1)
{
uint8_t *read_buf;

res = ssl_read(ssl, &read_buf);
if (res > 0)
{
printf("read: %s \n", read_buf);
}


vTaskDelay(1000 / portTICK_RATE_MS);
}

ssl_ctx_free(ssl_ctx);
close(sslclient_fd);

}



打印错误信息：
260011, 4051, 0, 16, 50, 0, 11, -261
ssl handshake failed res = -261
260011, 4051, 0, 16, 50, 0, 11, -261
ssl handshake failed res = -261
260011, 4051, 0, 16, 50, 0, 11, -261
ssl handshake failed res = -261
260011, 4051, 0, 16, 50, 0, 11, -261
ssl handshake failed res = -261
260011, 4051, 0, 16, 50, 0, 11, -261
ssl handshake failed res = -261
ssl handshake failed res = -261
260011, 52992, 0, 0, 50, 0, 2, -261


请帮忙看看 RTOS SDK下怎么使用SSL/TLS。
谢谢啦

[zsf518]

错误打印信息：260011, 4051, 0, 16, 50, 0, 11, -261
最后的打印错误代码为 -261，SSL代码里面定义：
#define SSL_ERROR_INVALID_PROT_MSG -261

返回这个错误代码的地方（ssl_tls1.c）：
/* do we violate the spec with the message size? */
if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
{
ret = SSL_ERROR_INVALID_PROT_MSG;
goto error;
}

打印信息第二个就是ssl->need_bytes，这里是4051，大于RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET，所以出错。

具体原因是什么就不知道了。
请帮忙分析一下。
谢谢。

[zsf518]

如果设置 uint32_t options = 0；

ssl_ctx_new()这里立即崩溃：

init ssl ctx
Fatal exception (28):
epc1=0x4023704a
epc2=0x00000000
epc3=0x4020578b
epcvaddr=0x00000000
depc=0x00000000
rtn_add=0x40234abb


2nd boot version : 1.4(b1)
SPI Speed : 20MHz
SPI Mode : QIO
SPI Flash Size & Map: 32Mbit(512KB+512KB)
jump to run user1 @ 1000


ets Jan 8 2013,rst cause:1, boot mode:(3,7)

load 0x40100000, len 1396, room 16
tail 4
chksum 0x89
load 0x3ffe8000, len 776, room 4
tail 4
chksum 0xe8
load 0x3ffe8308, len 540, room 4
tail 8
chksum 0xc0
csum 0xc0

[hark]

Hi 请问你的问题解决了吗？