My code:
#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
"Content-Type: text/html\r\n" \
"Content-Length: 98\r\n\r\n" \
"<html>\r\n" \
"<head>\r\n" \
"<title>OpenSSL demo</title></head><body>\r\n" \
"OpenSSL server demo!\r\n" \
"</body>\r\n" \
"</html>\r\n" \
"\r\n"
#define OPENSSL_DEMO_FRAGMENT_SIZE 8192
#define TAG "SSL_DEMO"
#define OPENSSL_DEMO_THREAD_NAME "OpenSSL_demo"
#define OPENSSL_DEMO_THREAD_STACK_WORDS 10240
#define OPENSSL_DEMO_THREAD_PRORIOTY 8
#define OPENSSL_DEMO_RECV_BUF_LEN 1024
#define OPENSSL_DEMO_LOCAL_TCP_PORT 443
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_DEMO_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
static void openssl_demo_thread(void *p)
{
int ret;
SSL_CTX *ctx;
SSL *ssl;
int socket, new_socket;
socklen_t addr_len;
struct sockaddr_in sock_addr;
char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
const char send_data[] = OPENSSL_DEMO_SERVER_ACK;
const int send_bytes = sizeof(send_data);
os_printf("SSL server context create ......");
/* For security reasons, it is best if you can use
TLSv1_2_server_method() here instead of TLS_server_method().
However some old browsers may not support TLS v1.2.
*/
ctx = SSL_CTX_new(TLSv1_2_server_method());
if (!ctx) {
os_printf("failed");
goto failed1;
}
os_printf("OK");
os_printf("CRT length: %d, PRV length: %d\n", demo_crt_len, demo_key_len);
os_printf("demo_crt: %s", demo_crt);
os_printf("SSL server context set own certification......");
ret = SSL_CTX_use_certificate_ASN1(ctx, demo_crt_len, demo_crt);
if (!ret) {
os_printf("failed");
goto failed2;
}
os_printf("OK");
os_printf("SSL server context set private key......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, demo_key, demo_key_len);
if (!ret) {
os_printf("failed");
goto failed2;
}
os_printf("OK");
os_printf("SSL server create socket ......");
socket = socket(AF_INET, SOCK_STREAM, 0);
if (socket < 0) {
os_printf("failed");
goto failed2;
}
os_printf("OK");
os_printf("SSL server socket bind ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
os_printf("failed");
goto failed3;
}
os_printf("OK");
os_printf("SSL server socket listen ......");
ret = listen(socket, 32);
if (ret) {
os_printf("failed");
goto failed3;
}
os_printf("OK");
reconnect:
os_printf("SSL server create ......");
ssl = SSL_new(ctx);
if (!ssl) {
os_printf("failed");
goto failed3;
}
os_printf("OK");
os_printf("SSL server socket accept client ......");
new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len);
if (new_socket < 0) {
os_printf("failed" );
goto failed4;
}
os_printf("OK");
SSL_set_fd(ssl, new_socket);
os_printf("SSL server accept client ......");
ret = SSL_accept(ssl);
if (!ret) {
os_printf("failed");
goto failed5;
}
os_printf("OK");
os_printf("SSL server read message ......");
do {
memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN);
ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
os_printf("SSL read: %s", recv_buf);
if (strstr(recv_buf, "GET ") &&
strstr(recv_buf, " HTTP/1.1")) {
os_printf("SSL get matched message");
os_printf("SSL write message");
ret = SSL_write(ssl, send_data, send_bytes);
if (ret > 0) {
os_printf("OK");
} else {
os_printf("error");
}
break;
}
} while (1);
SSL_shutdown(ssl);
failed5:
close(new_socket);
new_socket = -1;
failed4:
SSL_free(ssl);
ssl = NULL;
goto reconnect;
failed3:
close(socket);
socket = -1;
failed2:
SSL_CTX_free(ctx);
ctx = NULL;
failed1:
vTaskDelete(NULL);
return ;
}
It fails on "SSL_CTX_use_certificate_ASN1". No real fail, fails with an exception, just get the printf before it, no printf afterwords for "OK" or "failed".
Surprisingly this code works flawless on the esp32, same cert (handled via same .h file definitions).