1 /*
2 * Copyright (C) 2015-2020 Alibaba Group Holding Limited
3 */
4
5 #include <stdio.h>
6 #include <string.h>
7 #include <stdlib.h>
8 #include <string.h>
9
10 #include "uvoice_os.h"
11
12 #ifndef LINKKIT_SSL_ENABLE
13
14 #include "mbedtls/config.h"
15 #include "mbedtls/error.h"
16 #include "mbedtls/ssl.h"
17 #include "mbedtls/net.h"
18 #include "mbedtls/x509_crt.h"
19 #include "mbedtls/pk.h"
20 #include "mbedtls/debug.h"
21 #include "mbedtls/platform.h"
22
23 #define SEND_TIMEOUT_SECONDS (10)
24
25 typedef struct _TLSDataParams
26 {
27 mbedtls_ssl_context ssl; /**< mbed TLS control context. */
28 mbedtls_net_context fd; /**< mbed TLS network context. */
29 mbedtls_ssl_config conf; /**< mbed TLS configuration context. */
30 mbedtls_x509_crt cacertl; /**< mbed TLS CA certification. */
31 mbedtls_x509_crt clicert; /**< mbed TLS Client certification. */
32 mbedtls_pk_context pkey; /**< mbed TLS Client key. */
33 } TLSDataParams_t, *TLSDataParams_pt;
34
35
36 #define DEBUG_LEVEL 1
37
_avRandom()38 static unsigned int _avRandom()
39 {
40 uint64_t time_ms;
41
42 time_ms = aos_now_ms();
43 srandom((unsigned int)time_ms);
44
45 return (((unsigned int)rand() << 16) + rand());
46 }
47
_ssl_random(void * p_rng,unsigned char * output,size_t output_len)48 static int _ssl_random(void *p_rng, unsigned char *output, size_t output_len)
49 {
50 uint32_t rnglen = output_len;
51 uint8_t rngoffset = 0;
52
53 while (rnglen > 0) {
54 *(output + rngoffset) = (unsigned char)_avRandom();
55 rngoffset++;
56 rnglen--;
57 }
58 return 0;
59 }
60
_ssl_debug(void * ctx,int level,const char * file,int line,const char * str)61 static void _ssl_debug(void *ctx, int level, const char *file, int line,
62 const char *str)
63 {
64 ((void)level);
65 if (NULL != ctx) {
66 #if 0
67 fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
68 fflush((FILE *) ctx);
69 #endif
70 M_LOGI("%s\n", str);
71 }
72 }
73
_real_confirm(int verify_result)74 static int _real_confirm(int verify_result)
75 {
76 M_LOGI("certificate verification result: 0x%02x\n", verify_result);
77
78 #if defined(FORCE_SSL_VERIFY)
79 if ((verify_result & MBEDTLS_X509_BADCERT_EXPIRED) != 0) {
80 M_LOGE("! fail ! ERROR_CERTIFICATE_EXPIRED\n");
81 return -1;
82 }
83
84 if ((verify_result & MBEDTLS_X509_BADCERT_REVOKED) != 0) {
85 M_LOGE("! fail ! server certificate has been revoked\n");
86 return -1;
87 }
88
89 if ((verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) != 0) {
90 M_LOGE("! fail ! CN mismatch\n");
91 return -1;
92 }
93
94 if ((verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) != 0) {
95 M_LOGE("! fail ! self-signed or not signed by a trusted CA\n");
96 return -1;
97 }
98 #endif
99
100 return 0;
101 }
102
_ssl_client_init(mbedtls_ssl_context * ssl,mbedtls_net_context * tcp_fd,mbedtls_ssl_config * conf,mbedtls_x509_crt * crt509_ca,const char * ca_crt,size_t ca_len,mbedtls_x509_crt * crt509_cli,const char * cli_crt,size_t cli_len,mbedtls_pk_context * pk_cli,const char * cli_key,size_t key_len,const char * cli_pwd,size_t pwd_len)103 static int _ssl_client_init(mbedtls_ssl_context *ssl,
104 mbedtls_net_context *tcp_fd,
105 mbedtls_ssl_config * conf,
106 mbedtls_x509_crt *crt509_ca, const char *ca_crt,
107 size_t ca_len, mbedtls_x509_crt *crt509_cli,
108 const char *cli_crt, size_t cli_len,
109 mbedtls_pk_context *pk_cli, const char *cli_key,
110 size_t key_len, const char *cli_pwd, size_t pwd_len)
111 {
112 int ret = -1;
113
114 /*
115 * 0. Initialize the RNG and the session data
116 */
117 #if defined(MBEDTLS_DEBUG_C)
118 #if !defined(VOICELOUDER_APP)
119 //mbedtls_debug_set_threshold((int)DEBUG_LEVEL);
120 #endif
121 #endif
122 mbedtls_net_init(tcp_fd);
123 mbedtls_ssl_init(ssl);
124 mbedtls_ssl_config_init(conf);
125 mbedtls_x509_crt_init(crt509_ca);
126
127 /*verify_source->trusted_ca_crt==NULL
128 * 0. Initialize certificates
129 */
130
131 M_LOGI("Loading the CA root certificate ...\n");
132 if (NULL != ca_crt) {
133 if (0 != (ret = mbedtls_x509_crt_parse(
134 crt509_ca, (const unsigned char *)ca_crt, ca_len))) {
135 M_LOGE(" failed ! x509parse_crt returned -0x%04x\n", -ret);
136 return ret;
137 }
138 }
139 M_LOGI(" ok (%d skipped)\n", ret);
140
141
142 /* Setup Client Cert/Key */
143 #if defined(MBEDTLS_X509_CRT_PARSE_C)
144 #if defined(MBEDTLS_CERTS_C)
145 mbedtls_x509_crt_init(crt509_cli);
146 mbedtls_pk_init(pk_cli);
147 #endif
148 if (cli_crt != NULL && cli_key != NULL) {
149 #if defined(MBEDTLS_CERTS_C)
150 M_LOGI("start prepare client cert .\n");
151 ret = mbedtls_x509_crt_parse(crt509_cli, (const unsigned char *)cli_crt,
152 cli_len);
153 #else
154 {
155 ret = 1;
156 M_LOGE("MBEDTLS_CERTS_C not defined.\n");
157 }
158 #endif
159 if (ret != 0) {
160 M_LOGE("failed ! mbedtls_x509_crt_parse returned -0x%x\n",
161 -ret);
162 return ret;
163 }
164
165 #if defined(MBEDTLS_CERTS_C)
166 M_LOGI("start mbedtls_pk_parse_key[%s]\n", cli_pwd);
167 ret =
168 mbedtls_pk_parse_key(pk_cli, (const unsigned char *)cli_key, key_len,
169 (const unsigned char *)cli_pwd, pwd_len);
170 #else
171 {
172 ret = 1;
173 M_LOGE("MBEDTLS_CERTS_C not defined.\n");
174 }
175 #endif
176
177 if (ret != 0) {
178 M_LOGE("failed ! mbedtls_pk_parse_key returned -0x%x\n",
179 -ret);
180 return ret;
181 }
182 }
183 #endif /* MBEDTLS_X509_CRT_PARSE_C */
184
185 return 0;
186 }
187
188 #if defined(_PLATFORM_IS_LINUX_)
net_prepare(void)189 static int net_prepare(void)
190 {
191 #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
192 !defined(EFI32)
193 WSADATA wsaData;
194 static int wsa_init_done = 0;
195
196 if (wsa_init_done == 0) {
197 if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) {
198 return (MBEDTLS_ERR_NET_SOCKET_FAILED);
199 }
200
201 wsa_init_done = 1;
202 }
203 #else
204 #if !defined(EFIX64) && !defined(EFI32)
205 signal(SIGPIPE, SIG_IGN);
206 #endif
207 #endif
208 return (0);
209 }
210
211
mbedtls_net_connect_timeout(mbedtls_net_context * ctx,const char * host,const char * port,int proto,unsigned int timeout)212 static int mbedtls_net_connect_timeout(mbedtls_net_context *ctx,
213 const char *host, const char *port,
214 int proto, unsigned int timeout)
215 {
216 int ret;
217 struct addrinfo hints, *addr_list, *cur;
218 struct timeval sendtimeout;
219
220 if ((ret = net_prepare()) != 0) {
221 return (ret);
222 }
223
224 /* Do name resolution with both IPv6 and IPv4 */
225 memset(&hints, 0, sizeof(hints));
226 hints.ai_family = AF_UNSPEC;
227 hints.ai_socktype =
228 proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
229 hints.ai_protocol =
230 proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
231 hints.ai_socktype &= ~SOCK_NONBLOCK;
232 if (getaddrinfo(host, port, &hints, &addr_list) != 0) {
233 return (MBEDTLS_ERR_NET_UNKNOWN_HOST);
234 }
235
236 /* Try the sockaddrs until a connection succeeds */
237 ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
238 for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
239 ctx->fd =
240 (int)socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol);
241 if (ctx->fd < 0) {
242 ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
243 continue;
244 }
245
246 sendtimeout.tv_sec = timeout;
247 sendtimeout.tv_usec = 0;
248
249 if (0 != setsockopt(ctx->fd, SOL_SOCKET, SO_SNDTIMEO, &sendtimeout,
250 sizeof(sendtimeout))) {
251 M_LOGE("setsockopt SO_SNDTIMEO error\n");
252 }
253
254 if (0 != setsockopt(ctx->fd, SOL_SOCKET, SO_RECVTIMEO, &sendtimeout,
255 sizeof(sendtimeout))) {
256 M_LOGE("setsockopt SO_RECVTIMEO error\n");
257 }
258
259 if (0 != setsockopt(ctx->fd, SOL_SOCKET, SO_SNDTIMEO, &sendtimeout,
260 sizeof(sendtimeout))) {
261 M_LOGE("setsockopt SO_SNDTIMEO error\n");
262 }
263
264 M_LOGI("setsockopt SO_SNDTIMEO SO_RECVTIMEO SO_SNDTIMEO timeout: %ds\n",
265 sendtimeout.tv_sec);
266
267 if (connect(ctx->fd, cur->ai_addr, cur->ai_addrlen) == 0) {
268 ret = 0;
269 break;
270 }
271
272 close(ctx->fd);
273 ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
274 }
275
276 freeaddrinfo(addr_list);
277
278 return (ret);
279 }
280 #endif
281
282
283 /**
284 * @brief This function connects to the specific SSL server with TLS, and
285 * returns a value that indicates whether the connection is create successfully
286 * or not. Call #NewNetwork() to initialize network structure before calling
287 * this function.
288 * @param[in] n is the the network structure pointer.
289 * @param[in] addr is the Server Host name or IP address.
290 * @param[in] port is the Server Port.
291 * @param[in] ca_crt is the Server's CA certification.
292 * @param[in] ca_crt_len is the length of Server's CA certification.
293 * @param[in] client_crt is the client certification.
294 * @param[in] client_crt_len is the length of client certification.
295 * @param[in] client_key is the client key.
296 * @param[in] client_key_len is the length of client key.
297 * @param[in] client_pwd is the password of client key.
298 * @param[in] client_pwd_len is the length of client key's password.
299 * @sa #NewNetwork();
300 * @return If the return value is 0, the connection is created successfully. If
301 * the return value is -1, then calling lwIP #socket() has failed. If the return
302 * value is -2, then calling lwIP #connect() has failed. Any other value
303 * indicates that calling lwIP #getaddrinfo() has failed.
304 */
_TLSConnectNetwork(TLSDataParams_t * pTlsData,const char * addr,const char * port,const char * ca_crt,size_t ca_crt_len,const char * client_crt,size_t client_crt_len,const char * client_key,size_t client_key_len,const char * client_pwd,size_t client_pwd_len)305 static int _TLSConnectNetwork(TLSDataParams_t *pTlsData, const char *addr,
306 const char *port, const char *ca_crt,
307 size_t ca_crt_len, const char *client_crt,
308 size_t client_crt_len, const char *client_key,
309 size_t client_key_len, const char *client_pwd,
310 size_t client_pwd_len)
311 {
312 int ret = -1;
313 /*
314 * 0. Init
315 */
316 if (0 != (ret = _ssl_client_init(
317 &(pTlsData->ssl), &(pTlsData->fd), &(pTlsData->conf),
318 &(pTlsData->cacertl), ca_crt, ca_crt_len, &(pTlsData->clicert),
319 client_crt, client_crt_len, &(pTlsData->pkey), client_key,
320 client_key_len, client_pwd, client_pwd_len))) {
321 M_LOGE(" failed ! ssl_client_init returned -0x%04x\n", -ret);
322 return ret;
323 }
324
325 /*
326 * 1. Start the connection
327 */
328 M_LOGI("Connecting to /%s/%s...\n", addr, port);
329 #if defined(_PLATFORM_IS_LINUX_)
330 if (0 != (ret = mbedtls_net_connect_timeout(&(pTlsData->fd), addr, port,
331 MBEDTLS_NET_PROTO_TCP,
332 SEND_TIMEOUT_SECONDS))) {
333 M_LOGE(" failed ! net_connect returned -0x%04x\n", -ret);
334 return ret;
335 }
336 #else
337 if (0 != (ret = mbedtls_net_connect(&(pTlsData->fd), addr, port,
338 MBEDTLS_NET_PROTO_TCP))) {
339 M_LOGE(" failed ! net_connect returned -0x%04x\n", -ret);
340 return ret;
341 }
342 #endif
343 M_LOGI(" ok\n");
344
345 /*
346 * 2. Setup stuff
347 */
348 M_LOGI(" . Setting up the SSL/TLS structure...\n");
349 if ((ret = mbedtls_ssl_config_defaults(
350 &(pTlsData->conf), MBEDTLS_SSL_IS_CLIENT,
351 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
352 M_LOGE(" failed! mbedtls_ssl_config_defaults returned %d\n", ret);
353 return ret;
354 }
355
356 mbedtls_ssl_conf_max_version(&pTlsData->conf, MBEDTLS_SSL_MAJOR_VERSION_3,
357 MBEDTLS_SSL_MINOR_VERSION_3);
358 mbedtls_ssl_conf_min_version(&pTlsData->conf, MBEDTLS_SSL_MAJOR_VERSION_3,
359 MBEDTLS_SSL_MINOR_VERSION_3);
360
361 M_LOGI(" ok\n");
362
363 /* OPTIONAL is not optimal for security, but makes interop easier in this
364 * simplified example */
365 if (ca_crt != NULL) {
366 #if defined(FORCE_SSL_VERIFY)
367 mbedtls_ssl_conf_authmode(&(pTlsData->conf),
368 MBEDTLS_SSL_VERIFY_REQUIRED);
369 #else
370 mbedtls_ssl_conf_authmode(&(pTlsData->conf),
371 MBEDTLS_SSL_VERIFY_OPTIONAL);
372 #endif
373 } else {
374 mbedtls_ssl_conf_authmode(&(pTlsData->conf), MBEDTLS_SSL_VERIFY_NONE);
375 }
376
377 #if defined(MBEDTLS_X509_CRT_PARSE_C)
378 mbedtls_ssl_conf_ca_chain(&(pTlsData->conf), &(pTlsData->cacertl), NULL);
379
380 if ((ret = mbedtls_ssl_conf_own_cert(
381 &(pTlsData->conf), &(pTlsData->clicert), &(pTlsData->pkey))) != 0) {
382 M_LOGE(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n",
383 ret);
384 return ret;
385 }
386 #endif
387 mbedtls_ssl_conf_rng(&(pTlsData->conf), _ssl_random, NULL);
388 mbedtls_ssl_conf_dbg(&(pTlsData->conf), _ssl_debug, NULL);
389 /* mbedtls_ssl_conf_dbg( &(pTlsData->conf), _ssl_debug, stdout ); */
390
391 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
392 if ((ret = mbedtls_ssl_conf_max_frag_len( &(pTlsData->conf), MBEDTLS_SSL_MAX_FRAG_LEN_NONE)) != 0) {
393 M_LOGE(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret);
394 return ret;
395 }
396 #endif
397
398 if ((ret = mbedtls_ssl_setup(&(pTlsData->ssl), &(pTlsData->conf))) != 0) {
399 M_LOGE("failed! mbedtls_ssl_setup returned %d\n", ret);
400 return ret;
401 }
402 mbedtls_ssl_set_hostname(&(pTlsData->ssl), addr);
403 mbedtls_ssl_set_bio(&(pTlsData->ssl), &(pTlsData->fd), mbedtls_net_send,
404 mbedtls_net_recv, mbedtls_net_recv_timeout);
405
406 /*
407 * 4. Handshake
408 */
409 M_LOGI("Performing the SSL/TLS handshake...\n");
410
411 while ((ret = mbedtls_ssl_handshake(&(pTlsData->ssl))) != 0) {
412 if ((ret != MBEDTLS_ERR_SSL_WANT_READ) &&
413 (ret != MBEDTLS_ERR_SSL_WANT_WRITE)) {
414 M_LOGE("failed ! mbedtls_ssl_handshake returned -0x%04x\n",
415 -ret);
416 return ret;
417 }
418 }
419 M_LOGI(" ok\n");
420 /*
421 * 5. Verify the server certificate
422 */
423 M_LOGI(" . Verifying peer X.509 certificate..\n");
424 if (0 != (ret = _real_confirm(
425 mbedtls_ssl_get_verify_result(&(pTlsData->ssl))))) {
426 M_LOGE(" failed ! verify result not confirmed.\n");
427 return ret;
428 }
429 /* n->my_socket = (int)((n->tlsdataparams.fd).fd); */
430 /* WRITE_IOT_DEBUG_LOG("my_socket=%d", n->my_socket); */
431
432 return 0;
433 }
434
_network_ssl_read(TLSDataParams_t * pTlsData,char * buffer,int len,int timeout_ms)435 static int _network_ssl_read(TLSDataParams_t *pTlsData, char *buffer, int len,
436 int timeout_ms)
437 {
438 uint32_t readLen = 0;
439 static int net_status = 0;
440 int ret = -1;
441 // char err_str[33] = {0};
442
443 mbedtls_ssl_conf_read_timeout(&(pTlsData->conf), timeout_ms);
444 while (readLen < len) {
445 ret = mbedtls_ssl_read(&(pTlsData->ssl),
446 (unsigned char *)(buffer + readLen),
447 (len - readLen));
448 if (ret > 0) {
449 readLen += ret;
450 net_status = 0;
451 } else if (ret == 0) {
452 /* if ret is 0 and net_status is -2, indicate the connection is
453 * closed during last call */
454 return (net_status == -2) ? net_status : readLen;
455 } else {
456 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret) {
457 // mbedtls_strerror(ret, err_str, sizeof(err_str));
458 M_LOGE("ssl recv error: code = %d\n", ret);
459 net_status = -2; /* connection is closed */
460 break;
461 } else if ((MBEDTLS_ERR_SSL_TIMEOUT == ret) ||
462 (MBEDTLS_ERR_SSL_CONN_EOF == ret) ||
463 (MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED == ret) ||
464 (MBEDTLS_ERR_SSL_WANT_READ == ret) ||
465 (MBEDTLS_ERR_SSL_NON_FATAL == ret)) {
466 /* read already complete */
467 /* if call mbedtls_ssl_read again, it will return 0 (means EOF)
468 */
469 return readLen;
470 }
471
472 else {
473 // mbedtls_strerror(ret, err_str, sizeof(err_str));
474 #ifdef CSP_LINUXHOST
475 if (MBEDTLS_ERR_SSL_WANT_READ == ret && errno == EINTR) {
476 continue;
477 }
478 #endif
479 M_LOGE("ssl recv error: code = %d\n", ret);
480 net_status = -1;
481 return -1; /* Connection error */
482 }
483 }
484 }
485
486 return (readLen > 0) ? readLen : net_status;
487 }
488
_network_ssl_write(TLSDataParams_t * pTlsData,const char * buffer,int len,int timeout_ms)489 static int _network_ssl_write(TLSDataParams_t *pTlsData, const char *buffer,
490 int len, int timeout_ms)
491 {
492 uint32_t writtenLen = 0;
493 int ret = -1;
494
495 while (writtenLen < len) {
496 ret = mbedtls_ssl_write(&(pTlsData->ssl),
497 (unsigned char *)(buffer + writtenLen),
498 (len - writtenLen));
499 if (ret > 0) {
500 writtenLen += ret;
501 continue;
502 } else if (ret == 0) {
503 M_LOGE("ssl write timeout\n");
504 return 0;
505 } else {
506 // mbedtls_strerror(ret, err_str, sizeof(err_str));
507 M_LOGE("ssl write fail, code=%d\n", ret);
508 return -1; /* Connnection error */
509 }
510 }
511
512 return writtenLen;
513 }
514
_network_ssl_disconnect(TLSDataParams_t * pTlsData)515 static void _network_ssl_disconnect(TLSDataParams_t *pTlsData)
516 {
517 mbedtls_ssl_close_notify(&(pTlsData->ssl));
518 mbedtls_net_free(&(pTlsData->fd));
519 #if defined(MBEDTLS_X509_CRT_PARSE_C)
520 mbedtls_x509_crt_free(&(pTlsData->cacertl));
521 if ((pTlsData->pkey).pk_info != NULL) {
522 M_LOGI("need release client crt&key\n");
523 #if defined(MBEDTLS_CERTS_C)
524 mbedtls_x509_crt_free(&(pTlsData->clicert));
525 mbedtls_pk_free(&(pTlsData->pkey));
526 #endif
527 }
528 #endif
529 mbedtls_ssl_free(&(pTlsData->ssl));
530 mbedtls_ssl_config_free(&(pTlsData->conf));
531 M_LOGI("ssl_disconnect\n");
532 }
533
534 #endif /* LINKKIT_SSL_ENABLE */
535
net_ssl_read(uintptr_t handle,char * buf,int len,int timeout_ms)536 int32_t net_ssl_read(uintptr_t handle, char *buf, int len, int timeout_ms)
537 {
538 #ifdef LINKKIT_SSL_ENABLE
539 return HAL_SSL_Read(handle, buf, len, timeout_ms);
540 #else
541 return _network_ssl_read((TLSDataParams_t *)handle, buf, len, timeout_ms);
542 #endif
543 }
544
net_ssl_write(uintptr_t handle,const char * buf,int len,int timeout_ms)545 int32_t net_ssl_write(uintptr_t handle, const char *buf, int len,
546 int timeout_ms)
547 {
548 #ifdef LINKKIT_SSL_ENABLE
549 return HAL_SSL_Write(handle, buf, len, timeout_ms);
550 #else
551 return _network_ssl_write((TLSDataParams_t *)handle, buf, len, timeout_ms);
552 #endif
553 }
554
net_ssl_disconnect(uintptr_t handle)555 int32_t net_ssl_disconnect(uintptr_t handle)
556 {
557 #ifdef LINKKIT_SSL_ENABLE
558 return HAL_SSL_Destroy(handle);
559 #else
560 if ((uintptr_t)NULL == handle) {
561 M_LOGE("handle is NULL\n");
562 return 0;
563 }
564
565 _network_ssl_disconnect((TLSDataParams_t *)handle);
566 snd_free((void *)handle);
567 return 0;
568 #endif
569 }
570
net_ssl_connect(const char * host,uint16_t port,const char * ca_crt,size_t ca_crt_len)571 uintptr_t net_ssl_connect(const char *host, uint16_t port, const char *ca_crt,
572 size_t ca_crt_len)
573 {
574 #ifdef LINKKIT_SSL_ENABLE
575 return HAL_SSL_Establish(host, port, ca_crt, ca_crt_len);
576 #else
577 char port_str[6];
578 TLSDataParams_pt pTlsData;
579
580 pTlsData = snd_zalloc(sizeof(TLSDataParams_t), AFM_MAIN);
581 if (NULL == pTlsData) {
582 return (uintptr_t)NULL;
583 }
584 memset(pTlsData, 0x0, sizeof(TLSDataParams_t));
585
586 sprintf(port_str, "%u", port);
587
588 if (0 != _TLSConnectNetwork(pTlsData, host, port_str, ca_crt, ca_crt_len,
589 NULL, 0, NULL, 0, NULL, 0)) {
590 M_LOGE("tls connect failed !\n");
591 _network_ssl_disconnect(pTlsData);
592 snd_free(pTlsData);
593 return (uintptr_t)NULL;
594 }
595
596 return (uintptr_t)pTlsData;
597 #endif
598 }
599