#define CERT_WRITE_CHUNK_SIZE 4096 int32_t writeCert(uint8_t *data, const int len); bool ftp_debug = true; extern const int sizeof_ca_cert1,sizeof_ca_cert; extern uint8_t ca_cert1[],ca_cert[]; #define SL_SSL_CA_CERT_FILE_NAME "/testcacert.der" struct sockaddr_in g_addr1 = { 0 }, g_addr2={0}; HTTPCli_Struct cli,cli1; /* * ======== base64Decode ======== * Returns the decoded value */ static uint8_t base64Decode(uint8_t ch) { uint8_t ret = 0; if (ch >= 'A' && ch <= 'Z') { ret = ch - 'A'; } else if (ch >= 'a' && ch <= 'z') { ret = ch - 'a' + 26; } else if (ch >= '0' && ch <= '9') { ret = ch - '0' + 52; } else if (ch == '+') { ret = 62; } else if (ch == '/') { ret = 63; } return (ret); } int CertConv_pem2der(const uint8_t *pem, uint32_t plen, uint8_t **der, uint32_t *dlen) { int value = 0; int i; int j; int padZero = 0; uint8_t *derPtr; uint32_t derLen; if ((pem == NULL) || (der == NULL)) { return (-1); } for (i = plen; pem[i - 1] == '='; i--) { padZero++; } /* Base64 decode: 4 characters to 3 bytes */ derLen = (plen / 4) * 3; derPtr = (uint8_t *) malloc(derLen); if (!derPtr) { return (-1); } for (i = 0, j = 0; (i + 3) < plen && (j + 2) < derLen; i += 4, j += 3) { value = (base64Decode(pem[i]) << 18) + (base64Decode(pem[i + 1]) << 12) + (base64Decode(pem[i + 2]) << 6) + base64Decode(pem[i + 3]); derPtr[j] = (value >> 16) & 0xFF; derPtr[j + 1] = (value >> 8) & 0xFF; derPtr[j + 2] = value & 0xFF; } /* Actual length of buffer filled */ *dlen = derLen - padZero; *der = derPtr; return (0); } int createFtpSocket(char *ipAddress, int portNr) // this is called and then I am sending the AUTH TLS command//// but I am not able to connect { ////////////////// real ftps code using sl apis int valread, status; char ftpCmd[50] = {0}; char ftpResp[500] = {0}; int ret = 0; uint8_t *der = NULL; uint32_t len; ret = CertConv_pem2der(ca_cert, sizeof_ca_cert, &der, &len); int val = writeCert(der, len); if(!val) logg("cert file created successfully\n", ""); else logg("***Error*** - cert file can not be created\n", ""); int sock = sl_Socket(SL_AF_INET,SL_SOCK_STREAM, SL_SEC_SOCKET); /***NOTE: If I use SL_SEC_SOCKET -370 comes and If I use IPPROTO_IP TLS doesnot work******/ /**** If using IPPROTO_IP, it connects but while executing AUTH TLS command, nothing happens *****/ // int sock = sl_Socket(SL_AF_INET,SL_SOCK_STREAM, IPPROTO_IP/**/); if (sock == -1) { logg("ftp: ***ERROR*** - socket not created.",""); sock = 0;goto sockCleanup; } else { if (ftp_debug) logStr("ftp: socket %s created successfully.","",ipAddress); } char selfCertFileName[] = SL_SSL_CA_CERT_FILE_NAME; SlSockSecureMethod method; unsigned long cipher = SL_SEC_MASK_SECURE_DEFAULT ; method.secureMethod = SL_SO_SEC_METHOD_TLSV1_2; // security method we want to use ret = sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_MASK, &cipher, sizeof(cipher)); ret = sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECMETHOD, &method, sizeof(method)); ret= sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME, selfCertFileName, strlen(selfCertFileName)); struct sockaddr_in serv_addr; memset(&serv_addr, 0, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(portNr); if (HTTPCli_initSockAddr((struct sockaddr *)&serv_addr, ipAddress, 0) < 0) { logg("ftp: ***ERROR*** - address not resolved.",""); sock = 0;goto sockCleanup; } _i16 x = connect(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr)); if (x< 0) { // akhilesh logStrInt("ftp: ***ERROR*** - connect failed ip %s port %d - quitting.","",ipAddress,portNr); logInt(" \nreturn value is %d ", "", x); sock = 0;goto sockCleanup; } else { if (ftp_debug) logStr("ftp: successfully connected to ftp server %s","",ipAddress); } if (portNr == 21) { valread = recv(sock, ftpResp, sizeof(ftpResp)-1, 0); g_tuneBuf[valread-2] = 0; if (ftp_debug) logIntStr("ftp welcome msg [%d] %s","", valread, ftpResp); } return sock; sockCleanup: if (sock > 0) { close(sock); } return sock; } #ifdef NET_SL int32_t writeCert(uint8_t *data, const int len) { int32_t fHdl, file; uint32_t status; const uint8_t filename[] = SL_SSL_CA_CERT_FILE_NAME; uint32_t offset, token; uint32_t writeLen; fHdl = sl_FsOpen(filename, FS_MODE_OPEN_CREATE( len, _FS_FILE_PUBLIC_WRITE), NULL, &file); if (fHdl >= 0) { offset = 0; do { if (len < CERT_WRITE_CHUNK_SIZE) { writeLen = len; } else { writeLen = CERT_WRITE_CHUNK_SIZE; } status = sl_FsWrite(file, offset, &(data[offset]), writeLen); if (!status) { logInt(" error value is %d ", "", status); return status; } offset += writeLen; } while (offset < len); sl_FsClose(file, NULL, NULL, 0); return 0; } else { return -1; } } #endif