fix: Add compatibility with Mbed TLS 3.0.0

sync github.com/zhaojh329/ssl

Signed-off-by: Jianhui Zhao <[email protected]>

Author: zhaojh329

src/http.c

@@ -87,11 +87,11 @@ static int ssl_negotiated(struct http_connection *conn)
     int ret;
 
     ret = ssl_connect(conn->ssl, NULL, NULL);
-    if (ret == SSL_PENDING)
+    if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
         return 0;
 
     if (ret == SSL_ERROR) {
-        log_err("ssl connect error: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+        log_err("ssl connect error: %s\n", ssl_last_error_string(conn->ssl, err_buf, sizeof(err_buf)));
         return -1;
     }
 
@@ -121,10 +121,10 @@ static void on_net_read(struct ev_loop *loop, struct ev_io *w, int revents)
 
         ret = ssl_read(conn->ssl, buf, sizeof(buf));
         if (ret == SSL_ERROR) {
-            log_err("ssl_read: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+            log_err("ssl_read: %s\n", ssl_last_error_string(conn->ssl, err_buf, sizeof(err_buf)));
             goto done;
         }
-        if (ret == SSL_PENDING)
+        if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
             return;
 
     } else {
@@ -164,11 +164,11 @@ static void on_net_write(struct ev_loop *loop, struct ev_io *w, int revents)
 
         ret = ssl_write(conn->ssl, buffer_data(b), buffer_length(b));
         if (ret == SSL_ERROR) {
-            log_err("ssl_write: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+            log_err("ssl_write: %s\n", ssl_last_error_string(conn->ssl, err_buf, sizeof(err_buf)));
             goto err;
         }
 
-        if (ret == SSL_PENDING)
+        if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
             return;
 
         buffer_pull(b, NULL, ret);

src/main.c

@@ -44,7 +44,7 @@ static void load_default_ca_cert(struct ssl_context *ctx)
 	glob("/etc/ssl/certs/*.crt", 0, NULL, &gl);
 
 	for (i = 0; i < gl.gl_pathc; i++)
-		ssl_load_ca_crt_file(ctx, gl.gl_pathv[i]);
+		ssl_load_ca_cert_file(ctx, gl.gl_pathv[i]);
 
 	globfree(&gl);
 }
@@ -163,7 +163,7 @@ int main(int argc, char **argv)
             rtty.ssl_on = true;
             break;
         case 'C':
-            if (ssl_load_ca_crt_file(rtty.ssl_ctx, optarg)) {
+            if (ssl_load_ca_cert_file(rtty.ssl_ctx, optarg)) {
                 log_err("load ca certificate file fail\n");
                 return -1;
             }
@@ -174,7 +174,7 @@ int main(int argc, char **argv)
             ssl_set_require_validation(rtty.ssl_ctx, false);
             break;
         case 'c':
-            if (ssl_load_crt_file(rtty.ssl_ctx, optarg)) {
+            if (ssl_load_cert_file(rtty.ssl_ctx, optarg)) {
                 log_err("load certificate file fail\n");
                 return -1;
             }

src/rtty.c

@@ -480,11 +480,16 @@ static int ssl_negotiated(struct rtty *rtty)
     int ret;
 
     ret = ssl_connect(rtty->ssl, on_ssl_verify_error, &valid_cert);
-    if (ret == SSL_PENDING)
+    if (ret == SSL_WANT_READ)
         return 0;
 
+    if (ret == SSL_WANT_WRITE) {
+        ev_io_start(rtty->loop, &rtty->iow);
+        return 0;
+    }
+
     if (ret == SSL_ERROR) {
-        log_err("ssl connect error: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+        log_err("ssl connect error: %s\n", ssl_last_error_string(rtty->ssl, err_buf, sizeof(err_buf)));
         return -1;
     }
 
@@ -504,11 +509,11 @@ static int rtty_ssl_read(int fd, void *buf, size_t count, void *arg)
 
     ret = ssl_read(rtty->ssl, buf, count);
     if (ret == SSL_ERROR) {
-        log_err("ssl_read: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+        log_err("ssl_read: %s\n", ssl_last_error_string(rtty->ssl, err_buf, sizeof(err_buf)));
         return P_FD_ERR;
     }
 
-    if (ret == SSL_PENDING)
+    if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
         return P_FD_PENDING;
 
     return ret;
@@ -580,11 +585,11 @@ static void on_net_write(struct ev_loop *loop, struct ev_io *w, int revents)
 
         ret = ssl_write(rtty->ssl, buffer_data(b), buffer_length(b));
         if (ret == SSL_ERROR) {
-            log_err("ssl_write: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+            log_err("ssl_write: %s\n", ssl_last_error_string(rtty->ssl, err_buf, sizeof(err_buf)));
             goto err;
         }
 
-        if (ret == SSL_PENDING)
+        if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
             return;
 
         buffer_pull(b, NULL, ret);