转SSL相关

int ret;//
const char *pers = "ssl_client1";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;


void ssl_int(void)
{
    mbedtls_ssl_close_notify( &ssl );
    mbedtls_ssl_free( &ssl );
    mbedtls_ssl_config_free( &conf );
    mbedtls_ctr_drbg_free( &ctr_drbg );
    mbedtls_entropy_free( &entropy );
    
    //    mbedtls_debug_set_threshold( 1 );//
    mbedtls_ssl_init( &ssl );
    mbedtls_ssl_config_init( &conf );
    mbedtls_ctr_drbg_init( &ctr_drbg );
    mbedtls_entropy_init( &entropy );

    printf( "\n  . Seeding the random number generator..." );
    //DRBG---->Deterministic Random Bit Generators 伪随机数产生器
    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                                                         (const unsigned char *) pers,
                                                         strlen( pers ) ) ) != 0 )
    {
            printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
    }
    
    
    //MBEDTLS_SSL_IS_CLIENT 表示配置为客户端
    //MBEDTLS_SSL_TRANSPORT_STREAM 表示传输方式为TLS
    //设置版本， MBEDTLS_SSL_PRESET_DEFAULT 表示 TLS1.0
    if( ( ret = mbedtls_ssl_config_defaults( &conf,
                                    MBEDTLS_SSL_IS_CLIENT,
                                    MBEDTLS_SSL_TRANSPORT_STREAM,
                                    MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
    {
            printf( " failed\n  ! mbedtls_ssl_config_defaults returned %d\r\n", ret );
    }
 
 
    /*设置数字证书检查模式 
    *  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
    *                        (default on server)
    *                        (insecure on client)
    *
    *  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
    *                        handshake continues even if verification failed;
    *                        mbedtls_ssl_get_verify_result() can be called after the
    *                        handshake is complete.
    *
    *  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
    *                        handshake is aborted if verification failed.
    *                        (default on client)
    */
    mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
    // 配置随机数生成器的回调函数
    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
    // 配置调试回调函数
    //    mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
    
    // 根据conf设置ssl结构
    if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
    {
            mbedtls_printf( " failed\n  ! mbedtls_ssl_setup returned 0x%x\r\n", -ret );
    }

    // 设置host name 用到动态内存分配
    if( ( ret = mbedtls_ssl_set_hostname( &ssl, "替换自己的域名" ) ) != 0 )
    {
            mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\r\n", ret );
    }
    // 设置发送和接收接口
    mbedtls_ssl_set_bio( &ssl, NULL, custom_ssl_send, custom_ssl_recv, NULL );
}