add example

RTL00_SDKV35a/component/common/example/ssl_server/example_ssl_server.c

@@ -0,0 +1,394 @@
+#include "FreeRTOS.h"
+#include "task.h"
+#include <platform_stdlib.h>
+#include <lwip_netconf.h>
+
+#include "platform_opts.h"
+
+#if CONFIG_USE_POLARSSL
+
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/memory.h"
+#include "polarssl/certs.h"
+#include "polarssl/error.h"
+
+
+#define SERVER_PORT   443
+#define STACKSIZE     1150
+extern struct netif xnetif[NET_IF_NUM];
+
+
+static int my_random(void *p_rng, unsigned char *output, size_t output_len)
+{
+	rtw_get_random_bytes(output, output_len);
+	return 0;
+}
+
+static void example_ssl_server_thread(void *param){
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
+	!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
+	!defined(POLARSSL_RSA_C) || !defined(POLARSSL_NET_C) || \
+	!defined(POLARSSL_X509_CRT_PARSE_C)
+
+	printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or "
+		"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
+		"POLARSSL_RSA_C and/or POLARSSL_NET_C and/or "
+		"POLARSSL_X509_CRT_PARSE_C not defined.\n");
+
+#else
+	int ret, server_fd = -1, client_fd = -1;
+	x509_crt server_x509;
+	pk_context server_pk;
+	ssl_context ssl;
+	unsigned char buf[512];
+	uint8_t *ip;
+	char *response = "<HTML><BODY>SSL OK</BODY></HTML>";
+
+	// Delay to wait for IP by DHCP
+	vTaskDelay(10000);
+	printf("\nExample: SSL server\n");
+
+	memory_set_own(pvPortMalloc, vPortFree);
+	memset(&server_x509, 0, sizeof(x509_crt));
+	memset(&server_pk, 0, sizeof(pk_context));
+	memset(&ssl, 0, sizeof(ssl_context));
+
+	/*
+	 * 1. Prepare the certificate and key
+	 */
+	printf("\n\r  . Preparing the certificate and key...");
+
+	x509_crt_init(&server_x509);
+	pk_init(&server_pk);
+
+	if((ret = x509_crt_parse(&server_x509, (const unsigned char *)test_srv_crt, strlen(test_srv_crt))) != 0) {
+		printf(" failed\n  ! x509_crt_parse returned %d\n\n", ret);
+		goto exit;
+	}
+
+	if((ret = x509_crt_parse(&server_x509, (const unsigned char *)test_ca_list, strlen(test_ca_list))) != 0) {
+		printf(" failed\n  ! x509_crt_parse returned %d\n\n", ret);
+		goto exit;
+	}
+
+	if((ret = pk_parse_key(&server_pk, test_srv_key, strlen(test_srv_key), NULL, 0)) != 0) {
+		printf(" failed\n  ! pk_parse_key returned %d\n\n", ret);
+		goto exit;
+	}
+
+	printf(" ok\n");
+
+	/*
+	 * 2. Start the connection
+	 */
+	ip = LwIP_GetIP(&xnetif[0]);
+	printf("\n\r  . Starting tcp server /%d.%d.%d.%d/%d...", ip[0], ip[1], ip[2], ip[3], SERVER_PORT);
+
+	if((ret = net_bind(&server_fd, NULL, SERVER_PORT)) != 0) {
+		printf(" failed\n  ! net_bind returned %d\n\n", ret);
+		goto exit;
+	}
+
+	printf(" ok\n");
+
+	/*
+	 * 3. Waiting for client to connect
+	 */
+	printf("\n\r  . Waiting for client to connect...\n\r");
+
+	while((ret = net_accept(server_fd, &client_fd, NULL)) == 0) {
+		printf("\n\r  . A client is connecting\n\r");
+		/*
+		 * 4. Setup stuff
+		 */
+		printf("\n\r  . Setting up the SSL/TLS structure...");
+
+		if((ret = ssl_init(&ssl)) != 0) {
+			printf(" failed\n  ! ssl_init returned %d\n\n", ret);
+			goto close_client;
+		}
+
+		ssl_set_endpoint(&ssl, SSL_IS_SERVER);
+		ssl_set_ca_chain(&ssl, server_x509.next, NULL, NULL);
+		ssl_set_authmode(&ssl, SSL_VERIFY_NONE);
+		ssl_set_rng(&ssl, my_random, NULL);
+		ssl_set_bio(&ssl, net_recv, &client_fd, net_send, &client_fd);
+		if((ret = ssl_set_own_cert(&ssl, &server_x509, &server_pk)) != 0) {
+			printf(" failed\n  ! ssl_set_own_cert returned %d\n\n", ret);
+			goto close_client;
+		}
+		printf(" ok\n");
+
+		/*
+		 * 5. Handshake
+		 */
+		printf("\n\r  . Performing the SSL/TLS handshake...");
+
+		if((ret = ssl_handshake(&ssl)) != 0) {
+			printf(" failed\n  ! ssl_handshake returned %d\n\n", ret);
+			goto close_client;
+		}
+		printf(" ok\n");
+		printf("\n\r  . Use ciphersuite %s\n", ssl_get_ciphersuite(&ssl));
+
+		/*
+		 * 6. Read the request from client
+		 */
+		printf("\n\r  > Read request from client:");
+
+		memset(buf, 0, sizeof(buf));
+		if((ret = ssl_read(&ssl, buf, sizeof(buf))) <= 0) {
+			if(ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE) {
+				printf(" failed\n\r  ! ssl_read returned %d\n", ret);
+				goto close_client;
+			}
+		}
+		printf(" %d bytes read\n\r\n\r%s\n", ret, (char *) buf);
+
+		/*
+		 * 7. Response the request
+		 */
+		printf("\n\r  > Response to client:");
+
+		sprintf(buf, "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n%s", strlen(response), response);
+		if((ret = ssl_write(&ssl, buf, strlen(buf))) <= 0) {
+			if(ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE) {
+				printf(" failed\n\r  ! ssl_write returned %d\n", ret);
+				goto close_client;
+			}
+		}
+		printf(" %d bytes written\n\r\n\r%s\n", ret, (char *)buf);
+
+close_client:
+#ifdef POLARSSL_ERROR_C
+		if(ret != 0) {
+			char error_buf[100];
+			polarssl_strerror(ret, error_buf, 100);
+			printf("\n\rLast error was: %d - %s\n", ret, error_buf);
+		}
+#endif
+		ssl_close_notify(&ssl);
+		net_close(client_fd);
+		ssl_free(&ssl);
+	}
+	net_close(server_fd);
+exit:
+	x509_crt_free(&server_x509);
+	pk_free(&server_pk);
+#endif
+	vTaskDelete(NULL);
+}
+
+void example_ssl_server(void)
+{
+	if(xTaskCreate(example_ssl_server_thread, "example_ssl_server_thread", STACKSIZE, NULL, tskIDLE_PRIORITY + 1, NULL) != pdPASS)
+		printf("\n\r%s xTaskCreate example_ssl_server_thread failed", __FUNCTION__);
+}
+
+#elif CONFIG_USE_MBEDTLS /* CONFIG_USE_POLARSSL */
+
+#include "mbedtls/config.h"
+#include "mbedtls/platform.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/certs.h"
+
+#define SERVER_PORT   "443"
+#define STACKSIZE     2048
+
+extern struct netif xnetif[NET_IF_NUM];
+
+static int my_random(void *p_rng, unsigned char *output, size_t output_len)
+{
+	rtw_get_random_bytes(output, output_len);
+	return 0;
+}
+
+static void* my_calloc(size_t nelements, size_t elementSize)
+{
+	size_t size;
+	void *ptr = NULL;
+
+	size = nelements * elementSize;
+	ptr = pvPortMalloc(size);
+
+	if(ptr)
+		memset(ptr, 0, size);
+
+	return ptr;
+}
+
+static void example_ssl_server_thread(void *param)
+{
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
+	!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+	!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_NET_C) || \
+	!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
+
+	printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or "
+		"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+		"MBEDTLS_RSA_C and/or MBEDTLS_NET_C and/or "
+		"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C not defined.\n");
+
+#else
+	int ret;
+	unsigned char buf[512];
+	uint8_t *ip;
+	mbedtls_net_context server_fd, client_fd;
+	mbedtls_ssl_context ssl;
+	mbedtls_ssl_config conf;
+	mbedtls_x509_crt server_x509;
+	mbedtls_pk_context server_pk;
+
+	char *response = "<HTML><BODY>TLS OK</BODY></HTML>";
+
+	// Delay to wait for IP by DHCP
+	vTaskDelay(10000);
+	printf("\nExample: SSL server\n");
+
+	mbedtls_platform_set_calloc_free(my_calloc, vPortFree);
+
+	/*
+	 * 1. Prepare the certificate and key
+	 */
+	printf("\n\r  . Preparing the certificate and key...");
+
+	mbedtls_x509_crt_init(&server_x509);
+	mbedtls_pk_init(&server_pk);
+
+	if((ret = mbedtls_x509_crt_parse(&server_x509, (const unsigned char *) mbedtls_test_srv_crt, mbedtls_test_srv_crt_len)) != 0) {
+		printf(" failed\n  ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+		goto exit;
+	}
+
+	if((ret = mbedtls_x509_crt_parse(&server_x509, (const unsigned char *) mbedtls_test_cas_pem, mbedtls_test_cas_pem_len)) != 0) {
+		printf(" failed\n  ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+		goto exit;
+	}
+
+	if((ret = mbedtls_pk_parse_key(&server_pk, (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, 0)) != 0) {
+		printf(" failed\n  ! mbedtls_pk_parse_key returned %d\n\n", ret);
+		goto exit;
+	}
+
+	printf(" ok\n");
+
+	/*
+	 * 2. Start the connection
+	 */
+	ip = LwIP_GetIP(&xnetif[0]);
+	printf("\n\r  . Starting tcp server /%d.%d.%d.%d/%s...", ip[0], ip[1], ip[2], ip[3], SERVER_PORT);
+	mbedtls_net_init(&server_fd);
+
+	if((ret = mbedtls_net_bind(&server_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+		printf(" failed\n  ! mbedtls_net_bind returned %d\n\n", ret);
+		goto exit;
+	}
+
+	printf(" ok\n");
+
+	/*
+	 * 3. Waiting for client to connect
+	 */
+	printf("\n\r  . Waiting for client to connect...\n\r");
+	mbedtls_net_init(&client_fd);
+
+	while((ret = mbedtls_net_accept(&server_fd, &client_fd, NULL, 0, NULL)) == 0) {
+		printf("\n\r  . A client is connecting\n\r");
+		/*
+		 * 4. Setup stuff
+		 */
+		printf("\n\r  . Setting up the SSL/TLS structure...");
+		mbedtls_ssl_init(&ssl);
+		mbedtls_ssl_config_init(&conf);
+
+		if((ret = mbedtls_ssl_config_defaults(&conf,
+				MBEDTLS_SSL_IS_SERVER,
+				MBEDTLS_SSL_TRANSPORT_STREAM,
+				MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+
+			printf(" failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+			goto close_client;
+		}
+
+		mbedtls_ssl_conf_ca_chain(&conf, server_x509.next, NULL);
+		mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
+		mbedtls_ssl_conf_rng(&conf, my_random, NULL);
+
+		if((ret = mbedtls_ssl_conf_own_cert(&conf, &server_x509, &server_pk)) != 0) {
+			printf(" failed\n  ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+			goto close_client;
+		}
+
+		if((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+			printf(" failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret);
+			goto close_client;
+		}
+
+		mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+		printf(" ok\n");
+
+		/*
+		 * 5. Handshake
+		 */
+		printf("\n\r  . Performing the SSL/TLS handshake...");
+
+		if((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+			printf(" failed\n  ! mbedtls_ssl_handshake returned %d\n\n", ret);
+			goto close_client;
+		}
+		printf(" ok\n");
+		printf("\n\r  . Use ciphersuite %s\n", mbedtls_ssl_get_ciphersuite(&ssl));
+
+		/*
+		 * 6. Read the request from client
+		 */
+		printf("\n\r  > Read request from client:");
+
+		memset(buf, 0, sizeof(buf));
+		if((ret = mbedtls_ssl_read(&ssl, buf, sizeof(buf))) <= 0) {
+			if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+				printf(" failed\n\r  ! mbedtls_ssl_read returned %d\n", ret);
+				goto close_client;
+			}
+		}
+		printf(" %d bytes read\n\r\n\r%s\n", ret, (char *) buf);
+
+		/*
+		 * 7. Response the request
+		 */
+		printf("\n\r  > Response to client:");
+
+		sprintf(buf, "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n%s", strlen(response), response);
+		if((ret = mbedtls_ssl_write(&ssl, buf, strlen(buf))) <= 0) {
+			if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+				printf(" failed\n\r  ! mbedtls_ssl_write returned %d\n", ret);
+				goto close_client;
+			}
+		}
+		printf(" %d bytes written\n\r\n\r%s\n", ret, (char *)buf);
+
+close_client:
+		mbedtls_ssl_close_notify(&ssl);
+		mbedtls_net_free(&client_fd);
+		mbedtls_ssl_free(&ssl);
+		mbedtls_ssl_config_free(&conf);
+	}
+
+	mbedtls_net_free(&server_fd);
+
+exit:
+	mbedtls_x509_crt_free(&server_x509);
+	mbedtls_pk_free(&server_pk);
+#endif
+	vTaskDelete(NULL);
+}
+
+void example_ssl_server(void)
+{
+	if(xTaskCreate(example_ssl_server_thread, "example_ssl_server_thread", STACKSIZE, NULL, tskIDLE_PRIORITY + 1, NULL) != pdPASS)
+		printf("\n\r%s xTaskCreate example_ssl_server_thread failed", __FUNCTION__);
+}
+
+#endif /* CONFIG_USE_POLARSSL */

RTL00_SDKV35a/component/common/example/ssl_server/example_ssl_server.h

@@ -0,0 +1,6 @@
+#ifndef EXAMPLE_SSL_SERVER_H
+#define EXAMPLE_SSL_SERVER_H
+
+void example_ssl_server(void);
+
+#endif /* EXAMPLE_SSL_SERVER_H */

RTL00_SDKV35a/component/common/example/ssl_server/example_ssl_server_mbedtls_dtls.c

@@ -0,0 +1,222 @@
+#include "FreeRTOS.h"
+#include "task.h"
+#include <platform_stdlib.h>
+#include <lwip_netconf.h>
+
+#include "mbedtls/config.h"
+#include "mbedtls/platform.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+
+#define SERVER_PORT   "4433"
+#define STACKSIZE     2048
+
+extern struct netif xnetif[NET_IF_NUM];
+
+static int my_random(void *p_rng, unsigned char *output, size_t output_len)
+{
+	rtw_get_random_bytes(output, output_len);
+	return 0;
+}
+
+static void* my_calloc(size_t nelements, size_t elementSize)
+{
+	size_t size;
+	void *ptr = NULL;
+
+	size = nelements * elementSize;
+	ptr = pvPortMalloc(size);
+
+	if(ptr)
+		memset(ptr, 0, size);
+
+	return ptr;
+}
+
+static void example_ssl_server_thread(void *param)
+{
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
+	!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+	!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_NET_C) || \
+	!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+	!defined(MBEDTLS_SSL_PROTO_DTLS) || !defined(MBEDTLS_TIMING_C) || \
+	!defined(MBEDTLS_TIMING_ALT)
+
+	printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or "
+		"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+		"MBEDTLS_RSA_C and/or MBEDTLS_NET_C and/or "
+		"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+		"MBEDTLS_SSL_PROTO_DTLS and/or MBEDTLS_TIMING_C and/or "
+		"MBEDTLS_TIMING_ALT not defined.\n");
+
+#else
+	int ret;
+	unsigned char buf[512];
+	uint8_t *ip;
+	mbedtls_net_context server_fd, client_fd;
+	mbedtls_ssl_context ssl;
+	mbedtls_ssl_config conf;
+	mbedtls_x509_crt server_x509;
+	mbedtls_pk_context server_pk;
+	mbedtls_timing_delay_context timer;
+
+	char *response = "<HTML><BODY>DTLS OK</BODY></HTML>";
+
+	// Delay to wait for IP by DHCP
+	vTaskDelay(10000);
+	printf("\nExample: SSL server\n");
+
+	mbedtls_platform_set_calloc_free(my_calloc, vPortFree);
+
+	/*
+	 * 1. Prepare the certificate and key
+	 */
+	printf("\n\r  . Preparing the certificate and key...");
+
+	mbedtls_x509_crt_init(&server_x509);
+	mbedtls_pk_init(&server_pk);
+
+	if((ret = mbedtls_x509_crt_parse(&server_x509, (const unsigned char *) mbedtls_test_srv_crt, mbedtls_test_srv_crt_len)) != 0) {
+		printf(" failed\n  ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+		goto exit;
+	}
+
+	if((ret = mbedtls_x509_crt_parse(&server_x509, (const unsigned char *) mbedtls_test_cas_pem, mbedtls_test_cas_pem_len)) != 0) {
+		printf(" failed\n  ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+		goto exit;
+	}
+
+	if((ret = mbedtls_pk_parse_key(&server_pk, (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, 0)) != 0) {
+		printf(" failed\n  ! mbedtls_pk_parse_key returned %d\n\n", ret);
+		goto exit;
+	}
+
+	printf(" ok\n");
+
+	/*
+	 * 2. Start the connection
+	 */
+	ip = LwIP_GetIP(&xnetif[0]);
+	printf("\n\r  . Starting udp server /%d.%d.%d.%d/%s...", ip[0], ip[1], ip[2], ip[3], SERVER_PORT);
+	mbedtls_net_init(&server_fd);
+
+	if((ret = mbedtls_net_bind(&server_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_UDP)) != 0) {
+		printf(" failed\n  ! mbedtls_net_bind returned %d\n\n", ret);
+		goto exit;
+	}
+
+	printf(" ok\n");
+
+	/*
+	 * 3. Waiting for client to connect
+	 */
+	printf("\n\r  . Waiting for client to connect...\n\r");
+	mbedtls_net_init(&client_fd);
+
+	while((ret = mbedtls_net_accept(&server_fd, &client_fd, NULL, 0, NULL)) == 0) {
+		printf("\n\r  . A client is connecting\n\r");
+		/*
+		 * 4. Setup stuff
+		 */
+		printf("\n\r  . Setting up the SSL/TLS structure...");
+		mbedtls_ssl_init(&ssl);
+		mbedtls_ssl_config_init(&conf);
+
+		if((ret = mbedtls_ssl_config_defaults(&conf,
+				MBEDTLS_SSL_IS_SERVER,
+				MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+				MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+
+			printf(" failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+			goto close_client;
+		}
+
+		mbedtls_ssl_conf_ca_chain(&conf, server_x509.next, NULL);
+		mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
+		mbedtls_ssl_conf_rng(&conf, my_random, NULL);
+
+		if((ret = mbedtls_ssl_conf_own_cert(&conf, &server_x509, &server_pk)) != 0) {
+			printf(" failed\n  ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+			goto close_client;
+		}
+
+		if((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+			printf(" failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret);
+			goto close_client;
+		}
+
+		mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
+		mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay);
+
+		printf(" ok\n");
+
+		/*
+		 * 5. Handshake
+		 */
+		printf("\n\r  . Performing the SSL/TLS handshake...");
+
+		while((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+			if((ret != MBEDTLS_ERR_SSL_WANT_READ) && (ret != MBEDTLS_ERR_SSL_WANT_WRITE)) {
+				printf(" failed\n  ! mbedtls_ssl_handshake returned %d\n\n", ret);
+				goto close_client;
+			}
+		}
+		printf(" ok\n");
+		printf("\n\r  . Use ciphersuite %s\n", mbedtls_ssl_get_ciphersuite(&ssl));
+
+		/*
+		 * 6. Read the request from client
+		 */
+		printf("\n\r  > Read request from client:");
+
+		memset(buf, 0, sizeof(buf));
+		if((ret = mbedtls_ssl_read(&ssl, buf, sizeof(buf))) <= 0) {
+			if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+				printf(" failed\n\r  ! mbedtls_ssl_read returned %d\n", ret);
+				goto close_client;
+			}
+		}
+		printf(" %d bytes read\n\r\n\r%s\n", ret, (char *) buf);
+
+		/*
+		 * 7. Response the request
+		 */
+		printf("\n\r  > Response to client:");
+
+		sprintf(buf, "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: %d\r\n\r\n%s", strlen(response), response);
+		if((ret = mbedtls_ssl_write(&ssl, buf, strlen(buf))) <= 0) {
+			if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+				printf(" failed\n\r  ! mbedtls_ssl_write returned %d\n", ret);
+				goto close_client;
+			}
+		}
+		printf(" %d bytes written\n\r\n\r%s\n", ret, (char *)buf);
+
+close_client:
+		do {
+			mbedtls_ssl_close_notify(&ssl);
+		}
+		while(ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+		mbedtls_net_free(&client_fd);
+		mbedtls_ssl_free(&ssl);
+		mbedtls_ssl_config_free(&conf);
+	}
+
+	mbedtls_net_free(&server_fd);
+
+exit:
+	mbedtls_x509_crt_free(&server_x509);
+	mbedtls_pk_free(&server_pk);
+#endif
+	vTaskDelete(NULL);
+}
+
+void example_ssl_server(void)
+{
+	if(xTaskCreate(example_ssl_server_thread, "example_ssl_server_thread", STACKSIZE, NULL, tskIDLE_PRIORITY + 1, NULL) != pdPASS)
+		printf("\n\r%s xTaskCreate example_ssl_server_thread failed", __FUNCTION__);
+}
+

RTL00_SDKV35a/component/common/example/ssl_server/readme.txt

@@ -0,0 +1,20 @@
+SSL SERVER EXAMPLE
+
+Description:
+A simple SSL server which can reply for the https request
+
+Configuration:
+
+Modify SERVER_PORT and response content in example_ssl_server.c based on your SSL server.
+
+[config_rsa.h]
+	#define POLARSSL_CERTS_C
+	#define POLARSSL_SSL_SRV_C
+
+[platform_opts.h]
+	#define CONFIG_EXAMPLE_SSL_SERVER	1
+
+Execution:
+Can make automatical Wi-Fi connection when booting by using wlan fast connect example.
+A ssl server example thread will be started automatically when booting.
+