Adapting the ssl Function
Change-Id: Id545424443408fd91c793aba605aebd0a2fb84e0
diff --git a/mbtk/libmbtk_lib/net/mbtk_sock2.c b/mbtk/libmbtk_lib/net/mbtk_sock2.c
index 6d2c7fb..a5eb174 100755
--- a/mbtk/libmbtk_lib/net/mbtk_sock2.c
+++ b/mbtk/libmbtk_lib/net/mbtk_sock2.c
@@ -11,33 +11,6 @@
#include <fcntl.h>
#include <netdb.h>
#include <pthread.h>
-
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
-#include <polarssl/net.h>
-#include <polarssl/ssl.h>
-#include <polarssl/entropy.h>
-#include <polarssl/ctr_drbg.h>
-#include <polarssl/certs.h>
-#include <polarssl/x509.h>
-#include <polarssl/error.h>
-#include <polarssl/debug.h>
-#include <polarssl/config.h>
-#else
-#include <resolv.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-//#define SSL_VERIFY_PEER 0x01
-//#define SSL_FILETYPE_PEM 0x01
-//#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-
-#define DFL_CA_FILE "/ca.crt"
-#define DFL_CRT_FILE "/client.crt"
-#define DFL_KEY_FILE "/client.key"
-#endif
-#endif
-
#include <sys/ioctl.h>
#ifdef LOG_TAG
@@ -51,6 +24,10 @@
#include "mbtk_str.h"
//#include "mbtk_openssl.h"
+#define DFL_CA_FILE "/ca.crt"
+#define DFL_CRT_FILE "/client.crt"
+#define DFL_KEY_FILE "/client.key"
+
#define SA struct sockaddr
// Must define LOG_TAG in the first.
@@ -248,6 +225,39 @@
}
}
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+static int mbtk_sock_openssl_init(int fd, bool ingnore_cert, mbtk_openssl_info_s *inter_info)
+{
+ if(NULL == inter_info)
+ {
+ LOGE("[%s] inter_info [NULL]", __func__);
+ return -1;
+ }
+
+ mbtk_openssl_result_e mbtk_ssl_ret = MBTK_OPENSSL_RESULT_SUCCESS;
+ mbtk_openssl_options_s opt = {0};
+
+ mbtk_openssl_options_default(&opt);
+ if(!ingnore_cert)
+ {
+ opt.load_cert = true;
+ opt.ca_file = DFL_CA_FILE;
+ opt.crt_file = DFL_CRT_FILE;
+ opt.key_file = DFL_KEY_FILE;
+ opt.safety_level = MBTK_OPENSSL_SAFETY_LEVEL_0;
+ }
+
+ mbtk_ssl_ret = mbtk_openssl_init(fd, &opt, inter_info);
+ if(MBTK_OPENSSL_RESULT_SUCCESS != mbtk_ssl_ret)
+ {
+ LOGE("[%s] mbtk_openssl_init() fail", __func__);
+ return -1;
+ }
+
+ return 0;
+}
+#endif
+
extern mbtk_sock_handle mbtk_sock_init(mbtk_init_info *info)
{
mbtk_sock_handle handle = 0;
@@ -294,376 +304,6 @@
return handle;
}
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
-static int mbtk_polarssl_open(int fd ,bool ingnore_cert,mbtk_sock_inter_info_s* inter_info)
-{
- LOGE("8\n");
- int ret = 0, len, tail_len, i, written, frags;
- unsigned char buf[SSL_MAX_CONTENT_LEN + 1];
- const char *pers = "ssl_client";
- opt.server_name = DFL_SERVER_NAME;
- opt.server_addr = DFL_SERVER_ADDR;
- opt.server_port = DFL_SERVER_PORT;
- opt.debug_level = DFL_DEBUG_LEVEL;
- opt.nbio = DFL_NBIO;
- opt.request_page = DFL_REQUEST_PAGE;
- opt.request_size = DFL_REQUEST_SIZE;
- opt.ca_file = DFL_CA_FILE;
- opt.ca_path = DFL_CA_PATH;
- opt.crt_file = DFL_CRT_FILE;
- opt.key_file = DFL_KEY_FILE;
- opt.psk = DFL_PSK;
- opt.psk_identity = DFL_PSK_IDENTITY;
- opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
- opt.renegotiation = DFL_RENEGOTIATION;
- opt.allow_legacy = DFL_ALLOW_LEGACY;
- opt.renegotiate = DFL_RENEGOTIATE;
- opt.exchanges = DFL_EXCHANGES;
- opt.min_version = DFL_MIN_VERSION;
- opt.max_version = DFL_MAX_VERSION;
- opt.auth_mode = DFL_AUTH_MODE;
- opt.mfl_code = DFL_MFL_CODE;
- opt.trunc_hmac = DFL_TRUNC_HMAC;
- opt.reconnect = DFL_RECONNECT;
- opt.reco_delay = DFL_RECO_DELAY;
- opt.tickets = DFL_TICKETS;
- opt.alpn_string = DFL_ALPN_STRING;
-
- entropy_context entropy;
- ctr_drbg_context ctr_drbg;
- ssl_context ssl;
- ssl_session saved_session;
- x509_crt cacert;
- x509_crt clicert;
- pk_context pkey;
-
- memset( &ssl, 0, sizeof( ssl_context ) );
- memset( &saved_session, 0, sizeof( ssl_session ) );
- x509_crt_init( &cacert );
- x509_crt_init( &clicert );
- pk_init( &pkey );
- LOGE("9\n");
- /*
- * 0. Initialize the RNG and the session data
- */
-
- entropy_init( &entropy );
- if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
- {
- LOGE( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
- return -1;
- }
- if(!ingnore_cert)
- {
- LOGE("10\n");
- /*
- * 1.1. Load the trusted CA
- */
- //ret = x509_crt_parse(&cacert,ca1_cert,strlen(ca1_cert));
- ret = x509_crt_parse_file( &cacert, opt.ca_path );
- if( ret < 0 )
- {
- LOGE( " failed\n ! ca x509_crt_parse returned -0x%x\n\n", -ret );
- return -1;
- }
-
- /*
- * 1.2. Load own certificate and private key
- *
- * (can be skipped if client authentication is not required)
- */
-
- ret = x509_crt_parse_file( &clicert, opt.crt_file );
- if( ret != 0 )
- {
- LOGE( " failed\n ! crt x509_crt_parse returned -0x%x\n\n", -ret );
- return -1;
- }
-
- ret = pk_parse_keyfile( &pkey, opt.key_file, NULL);
- if( ret != 0 )
- {
- LOGE( " failed\n ! key x509_crt_parse returned -0x%x\n\n", -ret );
- return -1;
- }
- }
- /*
- * 2. Setup stuff
- */
- LOGE( " . Setting up the SSL/TLS structure..." );
-
- if( ( ret = ssl_init( &ssl ) ) != 0 )
- {
- LOGE( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
- return -1;
- }
-
- ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
- if(ingnore_cert)
- {
- opt.auth_mode = SSL_VERIFY_OPTIONAL;
- }
- else
- {
- opt.auth_mode = SSL_VERIFY_REQUIRED;
- }
-
- ssl_set_authmode( &ssl, opt.auth_mode );
-
- ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
-
- ssl_set_bio( &ssl, net_recv, &fd, net_send, &fd );
-
- ssl_set_renegotiation( &ssl, opt.renegotiation );
- ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
-
- ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
- if(!ingnore_cert)
- {
- if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
- {
- LOGE( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
- return -1;
- }
- }
- if( opt.min_version != -1 )
- ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
- if( opt.max_version != -1 )
- ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
- /*
- * 3. Handshake
- */
- LOGE( " . Performing the SSL/TLS handshake..." );
-
- while( ( ret = ssl_handshake( &ssl ) ) != 0 )
- {
- if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
- {
- LOGE( " failed\n ! ssl_handshake returned -0x%x\n", -ret );
- if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
- LOGE(
- " Unable to verify the server's certificate. "
- "Either it is invalid,\n"
- " or you didn't set ca_file or ca_path "
- "to an appropriate value.\n"
- " Alternatively, you may want to use "
- "auth_mode=optional for testing purposes.\n" );
- LOGE( "\n" );
- return -1;;
- }
- }
-
- LOGE( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
- printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
-
- /*
- * 4. Verify the server certificate
- */
- LOGE( " . Verifying peer X.509 certificate..." );
-
- if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
- {
- LOGE( " failed\n" );
-
- if( ( ret & BADCERT_EXPIRED ) != 0 )
- LOGE( " ! server certificate has expired\n" );
-
- if( ( ret & BADCERT_REVOKED ) != 0 )
- LOGE( " ! server certificate has been revoked\n" );
-
- if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
- LOGE( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
-
- if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
- LOGE( " ! self-signed or not signed by a trusted CA\n" );
-
- }
-
- if( ssl_get_peer_cert( &ssl ) != NULL )
- {
- LOGE( " . Peer certificate information ...\n" );
- x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
- ssl_get_peer_cert( &ssl ) );
- LOGE( "%s\n", buf );
- }
-
- inter_info->cacert = &cacert;
- inter_info->clicert = &clicert;
- inter_info->ctr_drbg = &ctr_drbg;
- inter_info->entropy = &entropy;
- inter_info->pkey = &pkey;
- inter_info->saved_session = &saved_session;
- inter_info->ssl = &ssl;
-
- return 0;
-}
-
-static int mbtk_polarssl_close(mbtk_sock_inter_info_s *inter_info)
-{
- if (inter_info == NULL)
- {
- return -1;
- }
-
- int ret = -1;
- while( ( ret = ssl_close_notify( inter_info->ssl ) ) < 0 )
- {
- if( ret == POLARSSL_ERR_NET_CONN_RESET )
- {
- LOGE( " ok (already closed by peer)\n" );
- ret = 0;
- return -1;
- }
-
- if( ret != POLARSSL_ERR_NET_WANT_READ &&
- ret != POLARSSL_ERR_NET_WANT_WRITE )
- {
- LOGE( " failed\n ! ssl_close_notify returned %d\n\n", ret );
- return -1;
- }
- }
-
- x509_crt_free( inter_info->clicert );
- x509_crt_free( inter_info->cacert );
- pk_free( inter_info->pkey );
- ssl_session_free( inter_info->saved_session );
- ssl_free( inter_info->ssl );
- ctr_drbg_free( inter_info->ctr_drbg );
- entropy_free( inter_info->entropy );
- return 0;
-}
-
-static int mbtk_polarssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
-{
- return ssl_write(ssl, buf, len);
-}
-
-static int mbtk_polarssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
-{
- return ssl_read(ssl, buf, len);
-}
-
-#else
-
-void ShowCerts(SSL * ssl)
-{
- X509 *cert;
- char *line;
-
- cert = SSL_get_peer_certificate(ssl);
- // SSL_get_verify_result()是重点,SSL_CTX_set_verify()只是配置启不启用并没有执行认证,调用该函数才会真证进行证书认证
- // 如果验证不通过,那么程序抛出异常中止连接
- if(SSL_get_verify_result(ssl) == X509_V_OK){
- printf("证书验证通过\n");
- }
- if (cert != NULL) {
- printf("数字证书信息:\n");
- line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
- printf("证书: %s\n", line);
- free(line);
- line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
- printf("颁发者: %s\n", line);
- free(line);
- X509_free(cert);
- } else
- printf("无证书信息!\n");
-}
-
-static int mbtk_openssl_open(int fd ,bool ingnore_cert,mbtk_sock_inter_info_s* inter_info)
-{
- SSL_CTX *ctx;
- SSL *ssl;
-
- /* SSL 库初始化,参看 ssl-server.c 代码 */
- SSL_library_init();
- OpenSSL_add_all_algorithms();
- SSL_load_error_strings();
- ctx = SSL_CTX_new(SSLv23_client_method());
- if (ctx == NULL) {
- ERR_print_errors_fp(stdout);
- return -1;
- }
-
- if(!ingnore_cert)
- {
- // 双向验证
- // SSL_VERIFY_PEER---要求对证书进行认证,没有证书也会放行
- // SSL_VERIFY_FAIL_IF_NO_PEER_CERT---要求客户端需要提供证书,但验证发现单独使用没有证书也会放行
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
- // 设置信任根证书
- if (SSL_CTX_load_verify_locations(ctx, "/ca.crt",NULL)<=0){
- ERR_print_errors_fp(stdout);
- printf("fail SSL_CTX_load_verify_locations()\n");
- return -1;
- }
-
- /* 载入用户的数字证书, 此证书用来发送给客户端。 证书里包含有公钥 */
- if (SSL_CTX_use_certificate_file(ctx, DFL_CRT_FILE, SSL_FILETYPE_PEM) <= 0) {
- ERR_print_errors_fp(stdout);
- printf("fail SSL_CTX_use_certificate_file()\n");
- return -1;
- }
- /* 载入用户私钥 */
- if (SSL_CTX_use_PrivateKey_file(ctx, DFL_KEY_FILE, SSL_FILETYPE_PEM) <= 0) {
- ERR_print_errors_fp(stdout);
- printf("fail SSL_CTX_use_PrivateKey_file()\n");
- return -1;
- }
- /* 检查用户私钥是否正确 */
- if (!SSL_CTX_check_private_key(ctx)) {
- ERR_print_errors_fp(stdout);
- printf("fail SSL_CTX_check_private_key()\n");
- return -1;
- }
-
- }
-
- /* 基于 ctx 产生一个新的 SSL */
- ssl = SSL_new(ctx);
- SSL_set_fd(ssl, fd);
- /* 建立 SSL 连接 */
- if (SSL_connect(ssl) == -1)
- ERR_print_errors_fp(stderr);
- else {
- printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
- if(!ingnore_cert)
- {
- ShowCerts(ssl);
- }
- }
-
- inter_info->ctx = ctx;
-
- inter_info->ssl = ssl;
-
- return 0;
-}
-
-static int mbtk_openssl_close(mbtk_sock_inter_info_s *inter_info)
-{
- SSL_shutdown(inter_info->ssl);
- SSL_free(inter_info->ssl);
-// close(sockfd);
- SSL_CTX_free(inter_info->ctx);
- return 0;
-}
-
-static int mbtk_openssl_write( SSL *ssl, const unsigned char *buf, size_t len )
-{
- return SSL_write(ssl, buf, len);
-}
-
-static int mbtk_openssl_read( SSL *ssl, unsigned char *buf, size_t len )
-{
- return SSL_read(ssl, buf, len);
-}
-
-#endif
-#endif
-
extern mbtk_sock_session mbtk_sock_open(mbtk_sock_handle handle,mbtk_sock_info *info,
unsigned int timeout,
int *mbtk_errno)
@@ -855,21 +495,16 @@
}
#endif
if(info->is_support_ssl){
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- if(mbtk_polarssl_open(mbtk_sock[handle]->inter_infos[index_free].fd,info->ingnore_cert,&mbtk_sock[handle]->inter_infos[index_free]) == -1){
- LOGE("mbtk_openssl_init fail");
- goto result_fail_with_close;
- }
-#else
- if(mbtk_openssl_open(mbtk_sock[handle]->inter_infos[index_free].fd,info->ingnore_cert,&mbtk_sock[handle]->inter_infos[index_free]) == -1){
- LOGE("mbtk_openssl_init fail");
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ int ret = mbtk_sock_openssl_init(mbtk_sock[handle]->inter_infos[index_free].fd, info->ingnore_cert, &mbtk_sock[handle]->inter_infos[index_free].ssl_info);
+ if(0 != ret){
+ LOGE("mbtk_sock_openssl_init() fail");
goto result_fail_with_close;
}
-
-
-#endif
-
+ mbtk_sock[handle]->inter_infos[index_free].fd = mbtk_sock[handle]->inter_infos[index_free].ssl_info.fd;
+#else
+ LOGE("openssl nonsupport");
+ goto result_fail_with_close;
#endif
}
@@ -878,6 +513,10 @@
mbtk_sock[handle]->sock_num++;
return mbtk_sock[handle]->inter_infos[index_free].fd;
result_fail_with_close:
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ mbtk_openssl_deinit(&mbtk_sock[handle]->inter_infos[index_free].ssl_info);
+#endif
+
close(mbtk_sock[handle]->inter_infos[index_free].fd);
mbtk_sock[handle]->inter_infos[index_free].fd = -1;
result_fail:
@@ -899,16 +538,21 @@
break;
}
}
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- return mbtk_polarssl_open(mbtk_sock[handle]->inter_infos[index_free].fd,ingnore_cert,&mbtk_sock[handle]->inter_infos[index_free]);
+
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ int ret = mbtk_sock_openssl_init(mbtk_sock[handle]->inter_infos[index_free].fd, ingnore_cert, &mbtk_sock[handle]->inter_infos[index_free].ssl_info);
+ if(0 != ret){
+ LOGE("mbtk_sock_openssl_init() fail");
+ return -1;
+ }
+ mbtk_sock[handle]->inter_infos[index_free].fd = mbtk_sock[handle]->inter_infos[index_free].ssl_info.fd;
+ return 0;
#else
- return mbtk_openssl_open(mbtk_sock[handle]->inter_infos[index_free].fd,ingnore_cert,&mbtk_sock[handle]->inter_infos[index_free]);
-#endif
-#else
+ LOGE("openssl support");
return -1;
#endif
}
+
extern int mbtk_ssl_close_func(mbtk_sock_handle handle ,bool ingnore_cert,mbtk_sock_session fd)
{
int i=0;
@@ -922,18 +566,12 @@
break;
}
}
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- if(mbtk_sock[handle]->inter_infos[index_free].ssl!=NULL)
- printf("\nmbtk_sock[handle]->inter_infos[index_free].ssl not empty\n");
- return mbtk_polarssl_close(&mbtk_sock[handle]->inter_infos[index_free]);
+
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ mbtk_openssl_deinit(&mbtk_sock[handle]->inter_infos[index_free].ssl_info);
+ return 0;
#else
- if(mbtk_sock[handle]->inter_infos[index_free].ssl!=NULL)
- printf("\nmbtk_sock[handle]->inter_infos[index_free].ssl not empty\n");
- return mbtk_openssl_close(&mbtk_sock[handle]->inter_infos[index_free]);
-#endif
-
-#else
+ LOGE("openssl nonsupport");
return -1;
#endif
}
@@ -983,16 +621,11 @@
if(mbtk_sock[handle]->infos[index].type == MBTK_SOCK_TCP) {
while(count < buf_len){
if(mbtk_sock[handle]->infos[index].is_support_ssl) {
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- len = mbtk_polarssl_write(inter_info->ssl,(const unsigned char*)buffer + count,buf_len - count);
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ len = mbtk_openssl_write(inter_info->ssl_info.ssl,(const unsigned char *)buffer + count,buf_len - count);
#else
- len = mbtk_openssl_write(inter_info->ssl,(const unsigned char *)buffer + count,buf_len - count);
-
-#endif
-
-#else
- return -1;
+ LOGE("openssl nonsupport");
+ return -1;
#endif
} else
len = write(inter_info->fd,(char*)buffer + count,buf_len - count);
@@ -1097,15 +730,11 @@
while(count < buf_len){
try_count++;
if(mbtk_sock[handle]->infos[index].is_support_ssl) {
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- len = mbtk_polarssl_read(inter_info->ssl,(unsigned char*)buffer + count,buf_len - count);
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ len = mbtk_openssl_read(inter_info->ssl_info.ssl,(unsigned char *)buffer + count,buf_len - count);
#else
- len = mbtk_openssl_read(inter_info->ssl,(unsigned char *)buffer + count,buf_len - count);
-
-#endif
-#else
- return -1;
+ LOGE("openssl nonsupport");
+ return -1;
#endif
} else
len = read(inter_info->fd,(char*)buffer + count,buf_len - count);
@@ -1277,13 +906,10 @@
while(count < buf_len){
try_count++;
if(mbtk_sock[handle]->infos[index].is_support_ssl) {
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- len = mbtk_polarssl_read(inter_info->ssl,(unsigned char*)buffer + count,buf_len - count);
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ len = mbtk_openssl_read(inter_info->ssl_info.ssl,(unsigned char*)buffer + count,buf_len - count);
#else
- len = mbtk_openssl_read(inter_info->ssl,(unsigned char*)buffer + count,buf_len - count);
-#endif
-#else
+ LOGE("openssl nonsupport");
return -1;
#endif
} else
@@ -1457,14 +1083,10 @@
memset(buffer,0x0,buf_len);
while(read_count < buf_len) {
if(mbtk_sock[handle]->infos[index].is_support_ssl) {
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- len = ssl_read(inter_info->ssl,(unsigned char*)buffer + read_count,buf_len - read_count);
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ len = mbtk_openssl_read(inter_info->ssl_info.ssl,(unsigned char*)buffer + read_count,buf_len - read_count);
#else
- len = mbtk_openssl_read(inter_info->ssl,(unsigned char*)buffer + read_count,buf_len - read_count);
-
-#endif
-#else
+ LOGE("openssl nonsupport");
return -1;
#endif
} else
@@ -1552,14 +1174,10 @@
TCP_READ_AGAIN:
memset(buffer,0x0,buf_len);
if(mbtk_sock[handle]->infos[index].is_support_ssl) {
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- len = ssl_read(inter_info->ssl,(unsigned char*)buffer,buf_len);
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ len = mbtk_openssl_read(inter_info->ssl_info.ssl,(unsigned char*)buffer,buf_len);
#else
- len = mbtk_openssl_read(inter_info->ssl,(unsigned char*)buffer,buf_len);
-
-#endif
-#else
+ LOGE("openssl nonsupport");
return -1;
#endif
} else
@@ -1655,21 +1273,8 @@
}
if(mbtk_sock[handle]->infos[index].is_support_ssl){
-#ifdef MBTK_SSL_SUPPORT
-#ifdef MBTK_POLARSSL_SUPPORT
- if(mbtk_polarssl_close(inter_info)== -1)
- {
- LOGE("close ssl fail");
- return -1;
- }
-#else
- if(mbtk_openssl_close(inter_info)== -1)
- {
- LOGE("close ssl fail");
- return -1;
- }
-
-#endif
+#ifdef MBTK_OPENSSL_V3_0_0_SUPPORT
+ mbtk_openssl_deinit(&inter_info->ssl_info);
#endif
}