加入对非文件系统证书的支持，并且将例程改为默认使用非文件系统证书

examples/simple_ssl_server.c

@@ -13,6 +13,59 @@
 #include <stdio.h>
 #include "netserver.h"
 
+const char *server_cert_buffer =
+    "-----BEGIN CERTIFICATE-----\r\n"
+    "MIIDjTCCAnUCFCx0tlN5M0jcBAGjCMKf2DAS0hZKMA0GCSqGSIb3DQEBCwUAMIGB\r\n"
+    "MQswCQYDVQQGEwJDTjENMAsGA1UECAwEV3VYaTENMAsGA1UEBwwEV3VYaTEOMAwG\r\n"
+    "A1UECgwFV0tKYXkxDjAMBgNVBAsMBVdLSmF5MRQwEgYDVQQDDAsqLndramF5LmNv\r\n"
+    "bTEeMBwGCSqGSIb3DQEJARYPdW5yZWFsQHRlc3QuY29tMCAXDTIyMDcxMTA3NTcz\r\n"
+    "MloYDzIxMjIwNjE3MDc1NzMyWjCBgTELMAkGA1UEBhMCQ04xDTALBgNVBAgMBFd1\r\n"
+    "WGkxDTALBgNVBAcMBFd1WGkxDjAMBgNVBAoMBVdLSmF5MQ4wDAYDVQQLDAVXS0ph\r\n"
+    "eTEUMBIGA1UEAwwLKi53a2pheS5jb20xHjAcBgkqhkiG9w0BCQEWD3VucmVhbEB0\r\n"
+    "ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4KttV1Pz1T\r\n"
+    "RTADsypnT9Gx/thb4C28900F9cFSmitHRLeWgZ/lEshZl08rXouHFYB8Pq6NBHeP\r\n"
+    "akuv6M3kp227QcBHEIvwVbIBSfSJEMu1MgPd2AbwlQ2ZaUqIgtNQ/BzwqOYgaOaQ\r\n"
+    "LvmjcIiRdLpaXWlrfZN/YMcLkovAAvglck+KppElbbtz78T/e1HJlYQNTM7AzpaT\r\n"
+    "641lAZpoxR7GcyRnW4Te3nAsRELYcKVMoLC256OviuZCCPFd+ec1awa6Cqh8f9ww\r\n"
+    "zmSj5y5inF8uUPIitGODLDOwn4gfLDIXEH5gf67u8tAtnllzhclJ/OeYdZoeVDzM\r\n"
+    "lEWwTMSQRmcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFp8yP5XbR32BdQVraLsb\r\n"
+    "gidEzuu3B8BMwlrWb64HiNbiozKFHC6uPsb/E0l8BedMaqQC3FseGAmIlTWX1KWy\r\n"
+    "s6lVFtZa663xOG0EW8opWzLKSGgakgf6NtSNQBZPwXrc7nLxuVH06raYaM9OAcXV\r\n"
+    "u4Nk0sGAQGc63khRHfuV+zfXqNHwxczM6sW/DvAj01UW5Ea6K7gmTW0h/fvbXoC0\r\n"
+    "WsidBAEPdxExMPuUojQcHAtw96ojMnDliwDX5hKd+OJK3cLXKQa+8UUfiTPEexVl\r\n"
+    "L4dteJUKD1u6ReftQvDW+2YUynVzkj8hmyv1JpTXK+9Q0xfmxVl22WgE+qkZHL+7\r\n"
+    "TQ==\r\n"
+    "-----END CERTIFICATE-----\r\n";
+
+const char *server_key_buffer =
+    "-----BEGIN RSA PRIVATE KEY-----\r\n"
+    "MIIEogIBAAKCAQEAvgq21XU/PVNFMAOzKmdP0bH+2FvgLbz3TQX1wVKaK0dEt5aB\r\n"
+    "n+USyFmXTytei4cVgHw+ro0Ed49qS6/ozeSnbbtBwEcQi/BVsgFJ9IkQy7UyA93Y\r\n"
+    "BvCVDZlpSoiC01D8HPCo5iBo5pAu+aNwiJF0ulpdaWt9k39gxwuSi8AC+CVyT4qm\r\n"
+    "kSVtu3PvxP97UcmVhA1MzsDOlpPrjWUBmmjFHsZzJGdbhN7ecCxEQthwpUygsLbn\r\n"
+    "o6+K5kII8V355zVrBroKqHx/3DDOZKPnLmKcXy5Q8iK0Y4MsM7CfiB8sMhcQfmB/\r\n"
+    "ru7y0C2eWXOFyUn855h1mh5UPMyURbBMxJBGZwIDAQABAoIBAGc7SrYJSqD1as/6\r\n"
+    "MokGNcWi+txsjApMa8nbQvQQ+s4nmJxhlWhV9y39/MN0u5bvei6hTytiTtrjfMpA\r\n"
+    "dCXj308sOTtJXyOlGefn61R6YDVH6DNRftfGODF69EcYgHhptYnC8PyQ/mrAR8Qz\r\n"
+    "lB2bZd0U2Uk6qqxEtT1qe+COHQ7N16ChZ5YYwAebFnByPhPCq78QINHQoDQDknCT\r\n"
+    "Xes2LfmevH0grirD2MfIbbOBLyznwsLlaQwYOrNrzYKLDcO5NgBYUHzVotqiMoA3\r\n"
+    "vzU4YksGnjcV0euNGLgK5MSBxOpdNmcAJ5wBtMWGNElRjY1ogWPy92wk383vW9md\r\n"
+    "kWvbMwECgYEA9TNW2HGnQ+m3u0rmuu+h6kOegUZzuR1YLO3giRVCXYlEwIZ1Ljxn\r\n"
+    "NaW/7H2LoG9lqXVCoFdjJuqlFzEcPufEwGFgRRcLjusgxIe7B4xHbp/Ymsoucigi\r\n"
+    "7S7LzylAV+iecdk1fghvh6tfKdA/W/q0z0SElRFsqSs3DCm9hKc21A8CgYEAxml0\r\n"
+    "hdBU7d9Yz31e8kZOVNT//y290w2Dfkbh6D/4xrymPd1cwLPqWEhmqmkIc1+7l4s+\r\n"
+    "k5HIfMBP9w40CVwgDq0SUN04GwzeszVQbaJlkOa8KP+ny/G/QHpXFnGxUHXeF//I\r\n"
+    "/RNjkcArHrUc/NPU7ZODg84ZemE1gSQqKM8isCkCgYB3UTM6ghvF1W5dynX6k290\r\n"
+    "AtGX0MOxWdE1k8/GhTzVLV3yXbuZ8zS6C10YZINUX8DVtETmp3+NSXNqlLBNABVj\r\n"
+    "FD93f15Vfp9kYzQk2SNNdqU9tZLiZBuS1UnCFi3EWWL4vZzlJo+3MjJNs5ORW68u\r\n"
+    "iQYHUAJTU78mwQ0DByeMCwKBgAFA3UmTHVY7WPZGlnj1VL1Ycx2Ljm1s4m3DyN2M\r\n"
+    "ueeXfX1ajqFxAYP5QRzGeRUxf5/fc0+/VgLjvB2Va2K7wEAXe8wi+Z3CIQ4EwjNP\r\n"
+    "GVEnA/1GUCsLpeekXjR4F2SoufRw2zYuDyz2h88z2bEHLYsqqWQFw0dwocPlFJcZ\r\n"
+    "Z+CxAoGAOyCWhXLxcl3eOtOCsIyTLaKl3WgFaZ+DdF7e3zAqMB/W+ucCHeML0o3Q\r\n"
+    "NocuRj/ivqEckG6Wd3pfUXPHEGUVlBKeEPQQK8akO4r0VOPH2IrKbxBpelq7vXKk\r\n"
+    "ZqDVjvvNOutjNeky4HB6r0owCNcHPqcpIJfr9+FhChtVUX51WJA=\r\n"
+    "-----END RSA PRIVATE KEY-----\r\n";
+
 static int netserver_readable_cb(ns_session_t *ns, void *data, int sz) {
     int ret = 0;
     ret = netserver_write(ns, data, sz);
@@ -34,10 +87,8 @@ int ssl_server_init(void) {
     opts.thread_attrs.stack_size = 6 * 1024;
 
     /* load certificates */
-    opts.server_cert = "/sdcard/test/server_cert.pem";
-    opts.server_key = "/sdcard/test/private_key.pem";
-    /* maybe needed if you want to verify peer */
-    //opts.ca_cert = "/sdcard/test/ca_cert.pem";
+    opts.server_cert_buffer = server_cert_buffer;
+    opts.server_key_buffer = server_key_buffer;
 
     /* register callback function */
     opts.callback.data_readable_cb = netserver_readable_cb;
@@ -58,4 +109,4 @@ int ssl_server_init(void) {
         return -1;
     }
 }
-MSH_CMD_EXPORT(ssl_server_init,ssl server init);
+MSH_CMD_EXPORT(ssl_server_init, ssl server init);

examples/simple_tcp_server.c

@@ -33,7 +33,7 @@ int tcp_server_init(void) {
     opts.callback.data_readable_cb = netserver_readable_cb;
 
     /* create netserver manager object */
-    mgr = netserver_create(&opts, NULL);
+    mgr = netserver_create(&opts, 0);
     if (mgr == NULL) {
         printf("create simple tcp server manager failed.\r\n");
         return -1;

netserver.c

@@ -165,7 +165,7 @@ static void _session_handle(netserver_mgr_t *mgr, ns_session_t *conn) {
     }
     /* warn user if data buffer is full */
     if (ret == buff_sz) {
-        NS_LOG("net server data buffer is full. current buffer size is %d",
+        NS_LOG("net server data buffer is full. current buffer size is %lu",
                buff_sz);
     }
     /* handle data package */
@@ -476,7 +476,7 @@ static void netserver_handle(void *param) {
             NS_LOG("new connection comes in");
             clilen = sizeof(struct sockaddr_in);
 
-            ns_session_t *new_conn = ns_session_create(mgr, NULL);
+            ns_session_t *new_conn = ns_session_create(mgr, 0);
             if (new_conn) {
                 /* notify user */
                 if (mgr->opts.callback.session_create_cb)

netserver.h

@@ -69,6 +69,9 @@ typedef struct _netserver_opt {
     const char *server_key;
     const char *server_cert;
     const char *ca_cert;
+    const char *server_key_buffer;
+    const char *server_cert_buffer;
+    const char *ca_cert_buffer;
 #endif
 
 } netserver_opt_t;

ssl_if/wolfssl/ns_ssl_if.c

@@ -75,33 +75,67 @@ int ns_ssl_if_context_create(netserver_mgr_t *mgr) {
     }
 
     /* Load private key and certificate */
+    if (opts->server_cert_buffer == NULL || opts->server_key_buffer == NULL) {
+#ifdef NO_FILESYSTEM
+        NS_LOG("no private key or certificate provided,please check!");
+        return -1;
+#else
+        goto load_cert_file;
+#endif
+    }
+
+    if (wolfSSL_CTX_use_PrivateKey_buffer(
+            backend->ctx, (const unsigned char *)opts->server_key_buffer,
+            strlen(opts->server_key_buffer), WOLFSSL_FILETYPE_PEM) != SSL_SUCCESS) {
+        NS_LOG("load private key buffer failed.");
+        goto exit;
+    }
+
+    if (wolfSSL_CTX_use_certificate_buffer(
+            backend->ctx, (const unsigned char *)opts->server_cert_buffer,
+            strlen(opts->server_cert_buffer), WOLFSSL_FILETYPE_PEM) != SSL_SUCCESS) {
+        NS_LOG("load certificate buffer failed.");
+        goto exit;
+    }
+
+    if (opts->ca_cert_buffer) {
+        if (wolfSSL_CTX_load_verify_buffer_ex(backend->ctx,
+                                              (const unsigned char *)opts->ca_cert_buffer,
+                                              strlen(opts->ca_cert_buffer), WOLFSSL_FILETYPE_PEM, 0,
+                                              WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) != SSL_SUCCESS) {
+            NS_LOG("load ca certificate buffer failed.");
+            goto exit;
+        }
+    }
+
+#ifndef NO_FILESYSTEM
+load_cert_file:
     if (opts->server_cert == NULL || opts->server_key == NULL) {
         NS_LOG("private key or certificate path error,please check!");
-        return NULL;
+        return -1;
     }
-    if (wolfSSL_CTX_use_PrivateKey_file(backend->ctx, opts->server_key,
-                                        SSL_FILETYPE_PEM) != SSL_SUCCESS) {
+    if (wolfSSL_CTX_use_PrivateKey_file(backend->ctx, opts->server_key, SSL_FILETYPE_PEM) !=
+        SSL_SUCCESS) {
         NS_LOG("load private key %s failed.", opts->server_key);
         goto exit;
     }
-    if (wolfSSL_CTX_use_certificate_file(backend->ctx, opts->server_cert,
-                                         SSL_FILETYPE_PEM) != SSL_SUCCESS) {
+    if (wolfSSL_CTX_use_certificate_file(backend->ctx, opts->server_cert, SSL_FILETYPE_PEM) !=
+        SSL_SUCCESS) {
         NS_LOG("load certificate %s failed.", opts->server_cert);
         goto exit;
     }
     if (opts->ca_cert) {
-        if (wolfSSL_CTX_load_verify_locations_ex(
-                backend->ctx, opts->ca_cert, NULL,
-                WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) != SSL_SUCCESS) {
+        if (wolfSSL_CTX_load_verify_locations_ex(backend->ctx, opts->ca_cert, NULL,
+                                                 WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) != SSL_SUCCESS) {
             NS_LOG("load ca %s failed.", opts->ca_cert);
             goto exit;
         }
     }
+#endif
 
     /* set verify mode */
     if (mgr->flag & NS_SSL_VERIFY_PEER) mode |= SSL_VERIFY_PEER;
-    if (mgr->flag & NS_SSL_FORCE_PEER_CERT)
-        mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+    if (mgr->flag & NS_SSL_FORCE_PEER_CERT) mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
     if (mode) wolfSSL_CTX_set_verify(backend->ctx, mode, NULL);
 
     mgr->listener->ssl_if_data = backend;
@@ -114,8 +148,7 @@ exit:
 
 int ns_ssl_if_handshake(netserver_mgr_t *mgr, ns_session_t *session) {
     wolfssl_backend_t *backend = NULL;
-    wolfssl_backend_t *ls_back =
-        (wolfssl_backend_t *)mgr->listener->ssl_if_data;
+    wolfssl_backend_t *ls_back = (wolfssl_backend_t *)mgr->listener->ssl_if_data;
 
     /* Create wolfssl backend struct */
     backend = NS_CALLOC(1, sizeof(wolfssl_backend_t));
@@ -142,17 +175,16 @@ int ns_ssl_if_handshake(netserver_mgr_t *mgr, ns_session_t *session) {
     session->ssl_if_data = backend;
     /* notify user */
     if (mgr->opts.callback.ssl_handshake_cb) {
-        #if defined(KEEP_PEER_CERT)
-            if (backend->ssl->peerCert.derCert) {
-                DerBuffer *peerCert = backend->ssl->peerCert.derCert;
-                mgr->opts.callback.ssl_handshake_cb(session, peerCert->buffer,
-                                                    peerCert->length);
-            } else {
-                mgr->opts.callback.ssl_handshake_cb(session, NULL, 0);
-            }
-        #else
+#if defined(KEEP_PEER_CERT)
+        if (backend->ssl->peerCert.derCert) {
+            DerBuffer *peerCert = backend->ssl->peerCert.derCert;
+            mgr->opts.callback.ssl_handshake_cb(session, peerCert->buffer, peerCert->length);
+        } else {
             mgr->opts.callback.ssl_handshake_cb(session, NULL, 0);
-        #endif
+        }
+#else
+        mgr->opts.callback.ssl_handshake_cb(session, NULL, 0);
+#endif
     }
     return 0;