wolfssl-4.2.0-stable 移植到liteos后,使用https,执行到wolfSSL_connect出错,追踪底层代码,发现在执行SendClientKeyExchange函数时发生错误,
log打印:
into wolfSSL_connect....
wolfSSL error occurred, error = 111 line:11221 file:src/ssl.c
error = -111, mp_read error state
sslConnect failed!
wolfssl源码:
case FIRST_REPLY_FIRST :
#ifdef WOLFSSL_TLS13
printf("into WOLFSSL_TLS13 ..\n");
if (ssl->options.tls1_3)
return wolfSSL_connect_TLSv13(ssl);
#endif
if (!ssl->options.resuming) {
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error); //Error occurred !!
return WOLFSSL_FATAL_ERROR;
}
WOLFSSL_MSG("sent: client key exchange");
}
ssl->options.connectState = FIRST_REPLY_SECOND;
WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND");
FALL_THROUGH;
我的例程函数源码:
connection *sslConnect (void)
{
connection *c;
c = malloc (sizeof (connection));
c->sslHandle = NULL;
c->sslContext = NULL;
c->socket = tcpConnect ();
if (c->socket)
{
// Register the error strings for libcrypto & libssl
#if USE_OLD_OPENSSL_API //旧版本使用
wolfSSL_load_error_strings ();
#else
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
#endif
// Register the available ciphers and digests
#if USE_OLD_OPENSSL_API //旧版本使用
wolfSSL_library_init ();
wolfSSL_add_all_algorithms();
#else
OPENSSL_init_ssl(0, NULL);
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
#endif
// New context saying we are a client, and using SSL 2 or 3
c->sslContext = wolfSSL_CTX_new (wolfSSLv23_client_method ());
if (c->sslContext == NULL)
{
wolfSSL_ERR_dump_errors_fp (stderr);
if(c) free(c);
return NULL;
}
/* Load client certificates into WOLFSSL_CTX */
int ret;
char buffer[128] = {0};
//设置不校验证书,Liteos上进行校验就会通不过(底层不兼容)
wolfSSL_CTX_set_verify(c->sslContext,SSL_VERIFY_NONE,NULL);
#if 1
ret = wolfSSL_CTX_load_verify_locations(c->sslContext, CA_CERT_FILE, NULL);
if (ret != SSL_SUCCESS)
{
wolfSSL_ERR_dump_errors_fp (stderr);
int err = wolfSSL_get_error(c->sslHandle, ret);
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",CA_CERT_FILE);
return NULL;
}
//加载buffer使用:wolfSSL_CTX_load_verify_buffer
ret = wolfSSL_CTX_use_certificate_file(c->sslContext, CLI_CERT_FILE,WOLFSSL_FILETYPE_PEM);
if(ret != WOLFSSL_SUCCESS)
{
wolfSSL_ERR_dump_errors_fp (stderr);
int err = wolfSSL_get_error(c->sslHandle, ret);
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",CLI_CERT_FILE);
return NULL;
}
ret = wolfSSL_CTX_use_PrivateKey_file(c->sslContext, CLI_KEY_FILE,WOLFSSL_FILETYPE_PEM);
if(ret != WOLFSSL_SUCCESS)
{
wolfSSL_ERR_dump_errors_fp (stderr);
int err = wolfSSL_get_error(c->sslHandle, ret);
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",CLI_KEY_FILE);
return NULL;
}
#endif
// Create an SSL struct for the connection
c->sslHandle = wolfSSL_new (c->sslContext);
if (c->sslHandle == NULL)
{
wolfSSL_ERR_dump_errors_fp (stderr);
if(c) free(c);
return NULL;
}
/*---#新添加------------------------------------------------------------*/
/* keep handshakre resources for re-using WOLFSSL obj */
wolfSSL_KeepArrays(c->sslHandle);
if(wolfSSL_KeepHandshakeResources(c->sslHandle)) {
/* err_sys("SSL_KeepHandshakeResources failed"); */
if(c) free(c);
return NULL;
}
if (wolfSSL_use_certificate_file(c->sslHandle, CLI_CERT_FILE,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
if(c) free(c);
return NULL;
}
if (wolfSSL_use_PrivateKey_file(c->sslHandle, CLI_KEY_FILE,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
if(c) free(c);
return NULL;
}
/*---#------------------------------------------------------------*/
// Connect the SSL struct to our connection
if (!wolfSSL_set_fd (c->sslHandle, c->socket))
{
wolfSSL_ERR_dump_errors_fp (stderr);
if(c) free(c);
return NULL;
}
printf("into wolfSSL_connect....\n");
// Initiate SSL handshake
ret = wolfSSL_connect(c->sslHandle);
if (ret != SSL_SUCCESS)
{
ERR_print_errors_fp (stderr);
int err = wolfSSL_get_error(c->sslHandle, ret);
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
if(c) free(c);
return NULL;
}
printf("SSL_connect success!\n");
}
else
{
perror ("Connect failed!\n");
if(c) free(c);
return NULL;
}
return c;
}
哪位大神给点指导,谢谢