自学教程：C++ ssl_set_authmode函数代码示例

void gtget_ssl_init(connection_t * conn){  char *clientcert = NULL;  char *clientkey = NULL;  const char *pers = "gtget";  sslparam_t *ssl = calloc(1, sizeof(sslparam_t));    if (!(conn->flags & GTGET_FLAG_INSECURE)) {    char *cacertfile = alloca(strlen(conn->remote->host) + 5);    char *servercert = NULL;    strcpy(cacertfile, conn->remote->host);    strcat(cacertfile, ".pem");    if (!(servercert = tryopen_alt(conn, conn->caFile, cacertfile)))      servercert = tryopen("cacerts.pem");    if (!(servercert))      die(conn, "can't open cacert", NULL);    if (x509_crt_parse_file(&ssl->cacert, servercert))      die(conn, "error reading cacert", servercert);  }  /* read and parse the client certificate if provided */  if ((clientcert = tryopen_alt(conn, conn->ccFile, "clientcert.pem"))) {    if (!(clientkey = tryopen_alt(conn, conn->ckFile, "clientkey.pem")))      clientkey = clientcert;    if (x509_crt_parse_file(&ssl->clicert, clientcert)) {      die(conn, "error reading client certificate", clientcert);      if (clientkey && pk_parse_public_keyfile(&ssl->pk, clientkey))        die(conn, "error reading client key", clientkey);    }    write2f("using client cert: %s/n", clientcert);    write2f("using client key:  %s/n", clientkey);  }  entropy_init(&ssl->entropy);  if (0 != (ctr_drbg_init(&ssl->ctr_drbg, entropy_func, &ssl->entropy,	  (const unsigned char *)pers, strlen(pers))))    die(conn, "Seeding the random number generator failed", NULL);  if (ssl_init(&ssl->ssl))    die(conn, "error initializing SSL", NULL);  ssl_set_endpoint(&ssl->ssl, SSL_IS_CLIENT);  if ((conn->flags & GTGET_FLAG_INSECURE)) {    ssl_set_authmode(&ssl->ssl, SSL_VERIFY_NONE);  }  ssl_set_ca_chain(&ssl->ssl, &ssl->cacert, NULL, conn->remote->host);  ssl_set_authmode(&ssl->ssl, SSL_VERIFY_OPTIONAL);  ssl_set_verify(&ssl->ssl, verify_cb, conn);  ssl_set_ciphersuites(&ssl->ssl, ssl_list_ciphersuites());  ssl_set_session(&ssl->ssl, &ssl->ssn);  ssl_set_rng(&ssl->ssl, ctr_drbg_random, &ssl->ctr_drbg);  conn->ssl = ssl;}

static inline int iobuf_ssl_setup(IOBuf *buf){    int rc = 0;    buf->use_ssl = 1;    buf->handshake_performed = 0;    rc = ssl_init(&buf->ssl);    check(rc == 0, "Failed to initialize SSL structure.");    ssl_set_endpoint(&buf->ssl, SSL_IS_SERVER);    ssl_set_authmode(&buf->ssl, IO_SSL_VERIFY_METHOD);    havege_init(&buf->hs);    ssl_set_rng(&buf->ssl, havege_rand, &buf->hs);#ifndef DEBUG    ssl_set_dbg(&buf->ssl, ssl_debug, NULL);#endif    ssl_set_bio(&buf->ssl, ssl_fdrecv_wrapper, buf,                 ssl_fdsend_wrapper, buf);    ssl_set_session(&buf->ssl, 1, 0, &buf->ssn);    ssl_set_scb(&buf->ssl, simple_get_session, simple_set_session);    memset(&buf->ssn, 0, sizeof(buf->ssn));    return 0;error:    return -1;}

/*-----------------------------------------------------------------------------------*/int sslclient_init(ssl_context *ssl){    int ret;     SDRAMInit();       memset( ssl, 0, sizeof( ssl_context ) );     /*     * 2. Setup stuff     */    _DBG_("[DEBUG]Set up the SSL/TLS structure..." );    if( ( ret = ssl_init( ssl) ) != 0 )    {        _DBG_(" Setup failed/n");        return ret;    }    ssl_set_endpoint( ssl, SSL_IS_CLIENT );    ssl_set_authmode( ssl, SSL_VERIFY_NONE );    /* Set the random generation callback */    ssl_set_rng( ssl, sslclient_random, &ctr_drbg );    /* Set the debug callback */    ssl_set_dbg( ssl, my_debug, 0 );    /* Set read, write callback */    ssl_set_bio( ssl, net_recv,0,                       net_send, 0 );        /* Set ciphers */    //ssl_set_ciphersuites( ssl, ssl_default_ciphersuites );     return 0;}

int ssl_connect(ssl_context *ssl, int *sock, char *hostname) {	memset(ssl, 0, sizeof(ssl_context));	if (ssl_init(ssl) != 0) {		return -1;	}	ssl_set_endpoint(ssl, SSL_IS_CLIENT);	ssl_set_authmode(ssl, SSL_VERIFY_NONE);	ssl_set_rng(ssl, ssl_random, &ctr_drbg);#ifdef ENABLE_DEBUG	ssl_set_dbg(ssl, ssl_debug, stderr);#endif	ssl_set_bio(ssl, net_recv, sock, net_send, sock);	if (hostname != NULL) {		ssl_set_hostname(ssl, hostname);	}	ssl_set_ciphersuites(ssl, ciphersuites + 1);	if (ssl_handshake(ssl) != 0) {		return -1;	}	return 0;}

SSL *SSL_new(SSL_CTX *ctx) {  int res;  SSL *ssl = (SSL*)calloc(1, sizeof(*ssl));  res = ssl_init(&ssl->cntx);  if (res == 0) {    ssl_set_endpoint(&ssl->cntx, ctx->ssl_method->endpoint_type);    ssl_set_authmode(&ssl->cntx, ctx->authmode);    ssl_set_min_version(&ssl->cntx, ctx->ssl_method->ssl_maj_ver,                        ctx->ssl_method->ssl_min_ver);    ssl_set_ca_chain(&ssl->cntx, &ctx->CA_cert, NULL, NULL);    ssl_set_rng( &ssl->cntx, ctr_drbg_random, &g_ctr_drbg_context );    res = ssl_set_own_cert(&ssl->cntx, &ctx->cert, &ctx->pk);  }  if (res != 0) {    free(ssl);    return NULL;  }  ssl->fd = -1;  ssl->ssl_ctx = ctx;  return ssl;}

result_t SslSocket::set_verification(int32_t newVal){    if (newVal < ssl_base::_VERIFY_NONE || newVal > ssl_base::_VERIFY_REQUIRED)        return CHECK_ERROR(CALL_E_INVALIDARG);    ssl_set_authmode(&m_ssl, newVal);    return 0;}

static mrb_value mrb_ssl_set_authmode(mrb_state *mrb, mrb_value self) {  ssl_context *ssl;  mrb_int authmode;  mrb_get_args(mrb, "i", &authmode);  ssl = DATA_CHECK_GET_PTR(mrb, self, &mrb_ssl_type, ssl_context);  ssl_set_authmode(ssl, authmode);  return mrb_true_value();}

SslSocket::SslSocket(){    ssl_init(&m_ssl);    ssl_set_authmode(&m_ssl, g_ssl.m_authmode);    ssl_set_rng(&m_ssl, ctr_drbg_random, &g_ssl.ctr_drbg);    ssl_set_bio(&m_ssl, my_recv, this, my_send, this);    m_recv_pos = 0;}

int ssl_init_info(int *server_fd,ssl_info *sslinfo){    int ret;    const char *pers = "ssl";    x509_crt_init(&sslinfo->cacert );    entropy_init(&sslinfo->entropy );    if( ( ret = ctr_drbg_init( &sslinfo->ctr_drbg, entropy_func, &sslinfo->entropy,                               (const unsigned char *) pers,                               strlen( pers ) ) ) != 0 )    {        return -1;    }    if( ( ret = ssl_init( &sslinfo->ssl ) ) != 0 )    {        echo( " failed/n  ! ssl_init returned %d/n/n", ret );        return -1;    }    ssl_set_endpoint( &sslinfo->ssl, SSL_IS_CLIENT );    ssl_set_authmode( &sslinfo->ssl, SSL_VERIFY_OPTIONAL );    ssl_set_ca_chain( &sslinfo->ssl, &sslinfo->cacert, NULL, "" );    ssl_set_rng( &sslinfo->ssl, ctr_drbg_random, &sslinfo->ctr_drbg );    ssl_set_bio( &sslinfo->ssl, net_recv, server_fd,net_send, server_fd );    ssl_set_session(&sslinfo->ssl, &ssn);    while((ret = ssl_handshake(&sslinfo->ssl))!=0)    {        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )        {            echo( " failed/n  ! ssl_handshake returned -0x%x/n/n", -ret );            return -1;        }        //CPU sleep        sleeps(1);    }    if((ret = ssl_get_verify_result( &sslinfo->ssl ) ) != 0 )    {       // echo( "Verifying peer X.509 certificate...failed /r/n" );    }    else    {        echo( " ok/n" );    }    //保存session加快握手速度    if( ( ret = ssl_get_session( &sslinfo->ssl, &ssn ) ) != 0 )    {        //失败初始化        memset(&ssn, 0, sizeof(ssl_session));    }    return 0;}

IOBuf *IOBuf_create(size_t len, int fd, IOBufType type){    IOBuf *buf = h_calloc(sizeof(IOBuf), 1);    check_mem(buf);    buf->fd = fd;    buf->len = len;    buf->buf = h_malloc(len + 1);    check_mem(buf->buf);    hattach(buf->buf, buf);    buf->type = type;    if(type == IOBUF_SSL) {        buf->use_ssl = 1;        buf->handshake_performed = 0;        ssl_init(&buf->ssl);        ssl_set_endpoint(&buf->ssl, SSL_IS_SERVER);        ssl_set_authmode(&buf->ssl, SSL_VERIFY_NONE);        havege_init(&buf->hs);        ssl_set_rng(&buf->ssl, havege_rand, &buf->hs);        ssl_set_dbg(&buf->ssl, ssl_debug, NULL);        ssl_set_bio(&buf->ssl, ssl_fdrecv_wrapper, buf,                     ssl_fdsend_wrapper, buf);        ssl_set_session(&buf->ssl, 1, 0, &buf->ssn);        memset(&buf->ssn, 0, sizeof(buf->ssn));        buf->send = ssl_send;        buf->recv = ssl_recv;        buf->stream_file = ssl_stream_file;    } else if(type == IOBUF_NULL) {        buf->send = null_send;        buf->recv = null_recv;        buf->stream_file = null_stream_file;    } else if(type == IOBUF_FILE) {        buf->send = file_send;        buf->recv = file_recv;        buf->stream_file = plain_stream_file;    } else if(type == IOBUF_SOCKET) {        buf->send = plaintext_send;        buf->recv = plaintext_recv;        buf->stream_file = plain_stream_file;    } else {        sentinel("Invalid IOBufType given: %d", type);    }    return buf;error:    if(buf) h_free(buf);    return NULL;}

static int ms_dtls_srtp_initialise_polarssl_dtls_context(DtlsPolarsslContext *dtlsContext, MSDtlsSrtpParams *params, RtpSession *s){	int ret;	enum DTLS_SRTP_protection_profiles dtls_srtp_protection_profiles[2] = {SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32};		memset( &(dtlsContext->ssl), 0, sizeof( ssl_context ) );	//memset( &(dtlsContext->saved_session), 0, sizeof( ssl_session ) );	ssl_cookie_init( &(dtlsContext->cookie_ctx) );	x509_crt_init( &(dtlsContext->crt) );	entropy_init( &(dtlsContext->entropy) );	ctr_drbg_init( &(dtlsContext->ctr_drbg), entropy_func, &(dtlsContext->entropy), NULL, 0 );		/* initialise certificate */	ret = x509_crt_parse( &(dtlsContext->crt), (const unsigned char *) params->pem_certificate, strlen( params->pem_certificate ) );	if( ret < 0 ) {		return ret;	}		ret =  pk_parse_key( &(dtlsContext->pkey), (const unsigned char *) params->pem_pkey, strlen( params->pem_pkey ), NULL, 0 );	if( ret != 0 ) {		return ret;	}	/* ssl setup */	ssl_init(&(dtlsContext->ssl));	if( ret < 0 ) {		return ret;	}	if (params->role == MSDtlsSrtpRoleIsClient) {		ssl_set_endpoint(&(dtlsContext->ssl), SSL_IS_CLIENT);	} else if (params->role == MSDtlsSrtpRoleIsServer) {		ssl_set_endpoint(&(dtlsContext->ssl), SSL_IS_SERVER);	}	ssl_set_transport(&(dtlsContext->ssl), SSL_TRANSPORT_DATAGRAM);	ssl_set_dtls_srtp_protection_profiles(  &(dtlsContext->ssl), dtls_srtp_protection_profiles, 2 ); /* TODO: get param from caller to select available profiles */	/* set CA chain */	ssl_set_authmode( &(dtlsContext->ssl), SSL_VERIFY_OPTIONAL ); /* this will force server to send his certificate to client as we need it to compute the fingerprint */	ssl_set_rng(  &(dtlsContext->ssl), ctr_drbg_random, &(dtlsContext->ctr_drbg) );	ssl_set_ca_chain( &(dtlsContext->ssl), &(dtlsContext->crt), NULL, NULL );	ssl_set_own_cert( &(dtlsContext->ssl), &(dtlsContext->crt), &(dtlsContext->pkey) );	if (params->role == MSDtlsSrtpRoleIsServer) {		ssl_cookie_setup( &(dtlsContext->cookie_ctx), ctr_drbg_random, &(dtlsContext->ctr_drbg) );		ssl_set_dtls_cookies( &(dtlsContext->ssl), ssl_cookie_write, ssl_cookie_check, &(dtlsContext->cookie_ctx) );		ssl_session_reset( &(dtlsContext->ssl) );		ssl_set_client_transport_id(&(dtlsContext->ssl), (const unsigned char *)(&(s->snd.ssrc)), 4);	}	ms_mutex_init(&dtlsContext->ssl_context_mutex, NULL);	return 0;}

/* *  call-seq: *      set_authmode( authentication_mode ) * *  Sets the certificate verification mode for the SSL connection. *  Possible values are: * *  * PolarSSL::SSL::SSL_VERIFY_NONE *  * PolarSSL::SSL::SSL_VERIFY_OPTIONAL *  * PolarSSL::SSL::SSL_VERIFY_REQUIRED */static VALUE R_ssl_set_authmode( VALUE self, VALUE authmode ){    ssl_context *ssl;    Check_Type( authmode, T_FIXNUM );    Data_Get_Struct( self, ssl_context, ssl );    ssl_set_authmode( ssl, NUM2INT( authmode ) );    return Qtrue;}

int ircd_client_init_ssl(struct ircd_client* const client){	if (ssl_init(&client->ssl_ctx) != 0)		return -1;	// We are a server	(void) ssl_set_endpoint(&client->ssl_ctx, SSL_IS_SERVER);	// Tell the library how to send and receive data to the client	(void) ssl_set_bio(&client->ssl_ctx, net_recv, &client->fd, net_send, &client->fd);	// Tell the library how to generate random data for the client (e.g. session ticket encryption key)	(void) ssl_set_rng(&client->ssl_ctx, hmac_drbg_random, &ircd_ssl_hmac_drbg_ctx);	// Normally DHE- ciphersuites are enabled anyway, but do so with a stronger prime	(void) ssl_set_dh_param_ctx(&client->ssl_ctx, &ircd_ssl_dh_ctx);	// To request (but not require) a certificate from the client	(void) ssl_set_authmode(&client->ssl_ctx, SSL_VERIFY_OPTIONAL);	//(void) ssl_set_ca_chain(&client->ssl_ctx, &ircd_ssl_ca_certificates, NULL, NULL);	(void) ssl_set_ca_chain(&client->ssl_ctx, &ircd_ssl_certificate, NULL, NULL);	// To test if the client supports RC4 (bad, in violation of TLS standards; see RFC 7465)	(void) ssl_set_arc4_support(&client->ssl_ctx, SSL_ARC4_ENABLED);	// To test if the client supports SNI (good)	(void) ssl_set_sni(&client->ssl_ctx, ircd_server_ssl_sni_cb, (void*) client);	// To test if the client supports Session Tickets (concerning)	(void) ssl_set_session_tickets(&client->ssl_ctx, SSL_SESSION_TICKETS_ENABLED);	(void) ssl_set_session_ticket_lifetime(&client->ssl_ctx, 300);	// We could do this in the SNI callback, but that would require all clients to support SNI	(void) ssl_set_own_cert(&client->ssl_ctx, &ircd_ssl_certificate, &ircd_ssl_private_key);#ifdef POLARSSL_SSL_CIPHERSUITES_CB	// This is an addition of mine to the library - see the patch in patches/	(void) ssl_set_cs_cb(&client->ssl_ctx, ircd_server_ssl_cs_cb, (void*) client);#endif#ifdef POLARSSL_SSL_TICKETS_CB	// This is an addition of mine to the library - see the patch in patches/	(void) ssl_set_tick_cb(&client->ssl_ctx, ircd_server_ssl_tick_cb, (void*) client);#endif	return 0;}

void http_ssl_connect( struct HTTP* http ){	/** SSL init */	entropy_init( &http->ssl.entropy );	http->last_result = ctr_drbg_init( &http->ssl.ctr_drbg, entropy_func, &http->ssl.entropy, (unsigned char*)"HTTP_SSL", 8 );	if ( http->last_result != 0 )	{		/** Entropy init failed */		http->error.errorId = HTTP_ERROR_SSL_ENTROPY_INIT_FAILED;		http->error.line = __LINE__;		http->error.file = __FILE__;		return;	}	memset( &http->ssl.ssl_session, 0, sizeof( ssl_session ) );	memset( &http->ssl.ssl, 0, sizeof( ssl_context ) );	http_raw_connect( http );	if ( http->last_result != 0 )	{		/** Connect failed */		return;	}	http->last_result = ssl_init( &http->ssl.ssl );	if ( http->last_result != 0 )	{		/** SSL init failed */		http->error.errorId = HTTP_ERROR_SSL_INIT_FAILED;		http->error.line = __LINE__;		http->error.file = __FILE__;		return;	}	ssl_set_endpoint( &http->ssl.ssl, SSL_IS_CLIENT );	ssl_set_authmode( &http->ssl.ssl, HTTP_SSL_VERIFY_MODE );	ssl_set_rng( &http->ssl.ssl, ctr_drbg_random, &http->ssl.ctr_drbg );	/** Insert debug function here */	ssl_set_dbg( &http->ssl.ssl, NULL, stdout );	ssl_set_bio( &http->ssl.ssl, net_recv, &http->socket, net_send, &http->socket );	ssl_set_session( &http->ssl.ssl, &http->ssl.ssl_session );}

int32_t bctbx_ssl_context_setup(bctbx_ssl_context_t *ssl_ctx, bctbx_ssl_config_t *ssl_config) {	/* Check validity of context and config */	if (ssl_config == NULL) {		return BCTBX_ERROR_INVALID_SSL_CONFIG;	}	if (ssl_ctx == NULL) {		return BCTBX_ERROR_INVALID_SSL_CONTEXT;	}	/* apply all valids settings to the ssl_context */	if (ssl_config->endpoint != BCTBX_SSL_UNSET) {		ssl_set_endpoint(&(ssl_ctx->ssl_ctx), ssl_config->endpoint);	}	if (ssl_config->authmode != BCTBX_SSL_UNSET) {		ssl_set_authmode(&(ssl_ctx->ssl_ctx), ssl_config->authmode);	}	if (ssl_config->rng_function != NULL) {		ssl_set_rng(&(ssl_ctx->ssl_ctx), ssl_config->rng_function, ssl_config->rng_context);	}	if (ssl_config->callback_verify_function != NULL) {		ssl_set_verify(&(ssl_ctx->ssl_ctx), ssl_config->callback_verify_function, ssl_config->callback_verify_data);	}	if (ssl_config->callback_cli_cert_function != NULL) {		ssl_ctx->callback_cli_cert_function = ssl_config->callback_cli_cert_function;		ssl_ctx->callback_cli_cert_data = ssl_config->callback_cli_cert_data;	}	if (ssl_config->ca_chain != NULL) {		ssl_set_ca_chain(&(ssl_ctx->ssl_ctx), ssl_config->ca_chain, NULL, ssl_ctx->cn);	}	if (ssl_config->own_cert != NULL && ssl_config->own_cert_pk != NULL) {		ssl_set_own_cert(&(ssl_ctx->ssl_ctx) , ssl_config->own_cert , ssl_config->own_cert_pk);	}	return 0;}

bool ssl_aio_stream::ssl_client_init(){#ifdef HAS_POLARSSL	ACL_VSTREAM* stream = get_vstream();	acl_assert(stream);	// 0. Initialize the RNG and the session data	havege_init((havege_state*) hs_);	int   ret;	if ((ret = ssl_init((ssl_context*) ssl_)) != 0)	{		logger_error("failed, ssl_init returned %d", ret);		return false;	}	ssl_set_endpoint((ssl_context*) ssl_, SSL_IS_CLIENT);	ssl_set_authmode((ssl_context*) ssl_, SSL_VERIFY_NONE);	ssl_set_rng((ssl_context*) ssl_, ::havege_random, hs_);	//ssl_set_dbg((ssl_context*) ssl_, my_debug, stdout);	ssl_set_bio((ssl_context*) ssl_, __sock_read, this, __sock_send, this);	const int* cipher_suites = ssl_list_ciphersuites();	if (cipher_suites == NULL)	{		logger_error("ssl_list_ciphersuites null");		return false;	}	ssl_set_ciphersuites((ssl_context*) ssl_, cipher_suites);	ssl_set_session((ssl_context*) ssl_, (ssl_session*) ssn_);	acl_vstream_ctl(stream,		ACL_VSTREAM_CTL_READ_FN, __ssl_read,		ACL_VSTREAM_CTL_WRITE_FN, __ssl_send,		ACL_VSTREAM_CTL_CTX, this,		ACL_VSTREAM_CTL_END);	acl_tcp_set_nodelay(ACL_VSTREAM_SOCK(stream));#endif	return true;}

__hidden void *__ustream_ssl_session_new(struct ustream_ssl_ctx *ctx){    ssl_context *ssl;    int auth;    int ep;    ssl = calloc(1, sizeof(ssl_context));    if (!ssl)        return NULL;    if (ssl_init(ssl)) {        free(ssl);        return NULL;    }    if (ctx->server) {        ep = SSL_IS_SERVER;        auth = SSL_VERIFY_NONE;    } else {        ep = SSL_IS_CLIENT;        auth = SSL_VERIFY_OPTIONAL;    }    ssl_set_ciphersuites(ssl, default_ciphersuites);    ssl_set_endpoint(ssl, ep);    ssl_set_authmode(ssl, auth);    ssl_set_rng(ssl, _urandom, NULL);    if (ctx->server) {        if (ctx->cert.next)            ssl_set_ca_chain(ssl, ctx->cert.next, NULL, NULL);        ssl_set_own_cert(ssl, &ctx->cert, &ctx->key);    } else {        ssl_set_ca_chain(ssl, &ctx->cert, NULL, NULL);    }    ssl_session_reset(ssl);    return ssl;}

/* Server Name Indication callback function */static int sni_callback(void *sad, ssl_context *context, const unsigned char *sni_hostname, size_t len) {	char hostname[SNI_MAX_HOSTNAME_LEN + 1];	t_sni_list *sni;	int i;	if (len > SNI_MAX_HOSTNAME_LEN) {		return -1;	}	memcpy(hostname, sni_hostname, len);	hostname[len] = '/0';	sni = sni_list;	while (sni != NULL) {		for (i = 0; i < sni->hostname->size; i++) {			if (hostname_match(hostname, *(sni->hostname->item + i))) {				((t_ssl_accept_data*)sad)->timeout = HS_TIMEOUT_CERT_SELECT;				/* Set private key and certificate				 */				if ((sni->private_key != NULL) && (sni->certificate != NULL)) {					ssl_set_own_cert(context, sni->certificate, sni->private_key);				}				/* Set CA certificate for SSL client authentication				 */				if (sni->ca_certificate != NULL) {					ssl_set_authmode(context, SSL_VERIFY_REQUIRED);					ssl_set_ca_chain(context, sni->ca_certificate, sni->ca_crl, NULL);				}				return 0;			}		}		sni = sni->next;	}	return 0;}

PUBLIC int sslUpgrade(Webs *wp){    EstSocket   *est;    WebsSocket  *sp;    assert(wp);    if ((est = malloc(sizeof(EstSocket))) == 0) {        return -1;    }    wp->ssl = est;    ssl_free(&est->ctx);    havege_init(&est->hs);    ssl_init(&est->ctx);	ssl_set_endpoint(&est->ctx, 1);	ssl_set_authmode(&est->ctx, BIT_GOAHEAD_VERIFY_PEER ? SSL_VERIFY_OPTIONAL : SSL_VERIFY_NO_CHECK);    ssl_set_rng(&est->ctx, havege_rand, &est->hs);	ssl_set_dbg(&est->ctx, estTrace, NULL);    sp = socketPtr(wp->sid);	ssl_set_bio(&est->ctx, net_recv, &sp->sock, net_send, &sp->sock);    ssl_set_ciphers(&est->ctx, estConfig.ciphers);	ssl_set_session(&est->ctx, 1, 0, &est->session);	memset(&est->session, 0, sizeof(ssl_session));	ssl_set_ca_chain(&est->ctx, *BIT_GOAHEAD_CA ? &estConfig.ca : NULL, NULL);    if (*BIT_GOAHEAD_CERTIFICATE && *BIT_GOAHEAD_KEY) {        ssl_set_own_cert(&est->ctx, &estConfig.cert, &estConfig.rsa);    }	ssl_set_dh_param(&est->ctx, dhKey, dhg);    if (estHandshake(wp) < 0) {        return -1;    }    return 0;}

//.........这里部分代码省略.........    failf(data, "PolarSSL: ssl_init failed");    return CURLE_SSL_CONNECT_ERROR;  }  switch(SSL_CONN_CONFIG(version)) {  case CURL_SSLVERSION_DEFAULT:  case CURL_SSLVERSION_TLSv1:    ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_1);    break;  case CURL_SSLVERSION_SSLv3:    ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_0);    ssl_set_max_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,                        SSL_MINOR_VERSION_0);    infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3/n");    break;  case CURL_SSLVERSION_TLSv1_0:  case CURL_SSLVERSION_TLSv1_1:  case CURL_SSLVERSION_TLSv1_2:  case CURL_SSLVERSION_TLSv1_3:    {      CURLcode result = set_ssl_version_min_max(conn, sockindex);      if(result != CURLE_OK)        return result;      break;    }  default:    failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");    return CURLE_SSL_CONNECT_ERROR;  }  ssl_set_endpoint(&BACKEND->ssl, SSL_IS_CLIENT);  ssl_set_authmode(&BACKEND->ssl, SSL_VERIFY_OPTIONAL);  ssl_set_rng(&BACKEND->ssl, ctr_drbg_random,              &BACKEND->ctr_drbg);  ssl_set_bio(&BACKEND->ssl,              net_recv, &conn->sock[sockindex],              net_send, &conn->sock[sockindex]);  ssl_set_ciphersuites(&BACKEND->ssl, ssl_list_ciphersuites());  /* Check if there's a cached ID we can/should use here! */  if(SSL_SET_OPTION(primary.sessionid)) {    void *old_session = NULL;    Curl_ssl_sessionid_lock(conn);    if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) {      ret = ssl_set_session(&BACKEND->ssl, old_session);      if(ret) {        Curl_ssl_sessionid_unlock(conn);        failf(data, "ssl_set_session returned -0x%x", -ret);        return CURLE_SSL_CONNECT_ERROR;      }      infof(data, "PolarSSL re-using session/n");    }    Curl_ssl_sessionid_unlock(conn);  }  ssl_set_ca_chain(&BACKEND->ssl,                   &BACKEND->cacert,                   &BACKEND->crl,                   hostname);  ssl_set_own_cert_rsa(&BACKEND->ssl,

//.........这里部分代码省略.........                            data->set.str[STRING_KEY],                            data->set.str[STRING_KEY_PASSWD]);    if(ret) {#ifdef POLARSSL_ERROR_C      error_strerror(ret, errorbuf, sizeof(errorbuf));#endif /* POLARSSL_ERROR_C */      failf(data, "Error reading private key %s - PolarSSL: (-0x%04X) %s",            data->set.str[STRING_KEY], -ret, errorbuf);      return CURLE_SSL_CERTPROBLEM;    }  }  /* Load the CRL */  memset(&connssl->crl, 0, sizeof(x509_crl));  if(data->set.str[STRING_SSL_CRLFILE]) {    ret = x509parse_crlfile(&connssl->crl,                            data->set.str[STRING_SSL_CRLFILE]);    if(ret) {#ifdef POLARSSL_ERROR_C      error_strerror(ret, errorbuf, sizeof(errorbuf));#endif /* POLARSSL_ERROR_C */      failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s",            data->set.str[STRING_SSL_CRLFILE], -ret, errorbuf);      return CURLE_SSL_CRL_BADFILE;    }  }  infof(data, "PolarSSL: Connecting to %s:%d/n",        conn->host.name, conn->remote_port);  if(ssl_init(&connssl->ssl)) {    failf(data, "PolarSSL: ssl_init failed");    return CURLE_SSL_CONNECT_ERROR;  }  ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);  ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);#if POLARSSL_VERSION_NUMBER<0x01010000  ssl_set_rng(&connssl->ssl, havege_rand,              &connssl->hs);#else  ssl_set_rng(&connssl->ssl, ctr_drbg_random,              &connssl->ctr_drbg);#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */  ssl_set_bio(&connssl->ssl,              net_recv, &conn->sock[sockindex],              net_send, &conn->sock[sockindex]);#if POLARSSL_VERSION_NUMBER<0x01000000  ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers);#else  ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites);#endif  if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {    memcpy(&connssl->ssn, old_session, old_session_size);    infof(data, "PolarSSL re-using session/n");  }/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's   1.1.4 version and the like */#if POLARSSL_VERSION_NUMBER<0x01020000  ssl_set_session(&connssl->ssl, 1, 600,                  &connssl->ssn);#else  ssl_set_session(&connssl->ssl,                  &connssl->ssn);#endif  ssl_set_ca_chain(&connssl->ssl,                   &connssl->cacert,                   &connssl->crl,                   conn->host.name);  ssl_set_own_cert(&connssl->ssl,                   &connssl->clicert, &connssl->rsa);  if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&#ifdef ENABLE_IPV6     !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&#endif     sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {     infof(data, "WARNING: failed to configure "                 "server name indication (SNI) TLS extension/n");  }#ifdef POLARSSL_DEBUG  ssl_set_dbg(&connssl->ssl, polarssl_debug, data);#endif  connssl->connecting_state = ssl_connect_2;  return CURLE_OK;}

wiced_result_t wiced_generic_start_tls_with_ciphers( wiced_tls_simple_context_t* tls_context, void* referee, wiced_tls_endpoint_type_t type, wiced_tls_certificate_verification_t verification, const cipher_suite_t* cipher_list[], tls_transport_protocol_t transport_protocol ){    microrng_state              rngstate;    int                         prev_state;    uint64_t                    start_time;    tls_result_t                result;    /* Initialize the session data */    if ( transport_protocol != TLS_EAP_TRANSPORT )    {        memset( &tls_context->session, 0, sizeof(wiced_tls_session_t) );    }    memset( &tls_context->context, 0, sizeof(wiced_tls_context_t) );    /* Prepare session and entropy */    tls_context->session.age = MAX_TLS_SESSION_AGE;    wwd_wifi_get_random( &rngstate.entropy, 4 );    /* Initialize session context */ /* TODO: Ideally this should be done once for a socket */    if ( ssl_init( &tls_context->context ) != 0 )    {        wiced_assert("Error initialising SSL", 0!=0 );        return WICED_TLS_INIT_FAIL;    }    tls_context->context.transport_protocol = transport_protocol;    microrng_init( &rngstate );    ssl_set_endpoint( &tls_context->context, type );    ssl_set_rng     ( &tls_context->context, microrng_rand, &rngstate );    tls_context->context.receive_context = referee;    tls_context->context.send_context    = referee;    tls_context->context.get_session     = tls_get_session;    tls_context->context.set_session     = tls_set_session;    tls_context->context.ciphers         = cipher_list;    ssl_set_session ( &tls_context->context, SESSION_CAN_BE_RESUMED, 1000000, &tls_context->session );    /* Assert if user has not created correct TLS context for the TLS endpoint type */    wiced_assert("TLS servers must have an advanced TLS context", !((type == WICED_TLS_AS_SERVER) && (tls_context->context_type != WICED_TLS_ADVANCED_CONTEXT)));    if ( root_ca_certificates != NULL )    {        ssl_set_ca_chain( &tls_context->context, root_ca_certificates, tls_context->context.peer_cn );        ssl_set_authmode( &tls_context->context, verification );    }    else    {        ssl_set_authmode( &tls_context->context, SSL_VERIFY_NONE );    }    if ( tls_context->context_type == WICED_TLS_ADVANCED_CONTEXT )    {        wiced_tls_advanced_context_t* advanced_context = (wiced_tls_advanced_context_t*)tls_context;        ssl_set_own_cert( &advanced_context->context, &advanced_context->certificate, &advanced_context->key );        ssl_set_dh_param( &tls_context->context, diffie_hellman_prime_P, sizeof( diffie_hellman_prime_P ), diffie_hellman_prime_G, sizeof( diffie_hellman_prime_G ) );    }    prev_state = 0;    start_time = tls_host_get_time_ms();    do    {        uint64_t curr_time;        if (type == WICED_TLS_AS_SERVER)        {            result = ssl_handshake_server_async( &tls_context->context );            if ( result != TLS_SUCCESS )            {                WPRINT_SECURITY_INFO(( "Error with TLS server handshake/n" ));                goto exit_with_inited_context;            }        }        else        {            result = ssl_handshake_client_async( &tls_context->context );            if ( result != TLS_SUCCESS )            {                WPRINT_SECURITY_INFO(( "Error with TLS client handshake %u/n", (unsigned int)result ));                goto exit_with_inited_context;            }        }        /* break out if stuck */        curr_time = tls_host_get_time_ms();        if ( curr_time - start_time > MAX_HANDSHAKE_WAIT )        {            WPRINT_SECURITY_INFO(( "Timeout in SSL handshake/n" ));            result = TLS_HANDSHAKE_TIMEOUT;            goto exit_with_inited_context;        }        /* if no state change then wait on client */        if ( prev_state == tls_context->context.state )        {            host_rtos_delay_milliseconds( 10 );        }        else /* otherwise process next state with no delay */        {            prev_state = tls_context->context.state;//.........这里部分代码省略.........

//.........这里部分代码省略.........    }    printf( " ok/n" );#endif /* POLARSSL_X509_CRT_PARSE_C */    /*     * 2. Setup the listening TCP socket     */    printf( "  . Bind on tcp://localhost:%-4d/ ...", opt.server_port );    fflush( stdout );    if( ( ret = net_bind( &listen_fd, opt.server_addr,                                      opt.server_port ) ) != 0 )    {        printf( " failed/n  ! net_bind returned -0x%x/n/n", -ret );        goto exit;    }    printf( " ok/n" );    /*     * 3. Setup stuff     */    printf( "  . Setting up the SSL/TLS structure..." );    fflush( stdout );    if( ( ret = ssl_init( &ssl ) ) != 0 )    {        printf( " failed/n  ! ssl_init returned -0x%x/n/n", -ret );        goto exit;    }    ssl_set_endpoint( &ssl, SSL_IS_SERVER );    ssl_set_authmode( &ssl, opt.auth_mode );#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)    ssl_set_max_frag_len( &ssl, opt.mfl_code );#endif    ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );    ssl_set_dbg( &ssl, my_debug, stdout );#if defined(POLARSSL_SSL_CACHE_C)    ssl_set_session_cache( &ssl, ssl_cache_get, &cache,                                 ssl_cache_set, &cache );#endif#if defined(POLARSSL_SSL_SESSION_TICKETS)    ssl_set_session_tickets( &ssl, opt.tickets );#endif    if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )        ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );    ssl_set_renegotiation( &ssl, opt.renegotiation );    ssl_legacy_renegotiation( &ssl, opt.allow_legacy );#if defined(POLARSSL_X509_CRT_PARSE_C)    ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );    if( key_cert_init )        ssl_set_own_cert( &ssl, &srvcert, &pkey );    if( key_cert_init2 )        ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );#endif#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)

//.........这里部分代码省略.........         */        printf( "/n  . Seeding the random number generator..." );        fflush( stdout );        entropy_init( &entropy );        if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,                                   (const unsigned char *) pers,                                   strlen( pers ) ) ) != 0 )        {            printf( " failed/n  ! ctr_drbg_init returned %d/n", ret );            goto exit;        }        /*         * 2. Start the connection         */        printf( "  . SSL connection to tcp/%s/%-4d...", opt.server_name,                                                        opt.server_port );        fflush( stdout );        if( ( ret = net_connect( &server_fd, opt.server_name,                                             opt.server_port ) ) != 0 )        {            printf( " failed/n  ! net_connect returned %d/n/n", ret );            goto exit;        }        /*         * 3. Setup stuff         */        if( ( ret = ssl_init( &ssl ) ) != 0 )        {            printf( " failed/n  ! ssl_init returned %d/n/n", ret );            goto exit;        }        ssl_set_endpoint( &ssl, SSL_IS_CLIENT );        ssl_set_authmode( &ssl, SSL_VERIFY_NONE );        ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );        ssl_set_dbg( &ssl, my_debug, stdout );        ssl_set_bio( &ssl, net_recv, &server_fd,                net_send, &server_fd );        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );        ssl_set_own_cert( &ssl, &clicert, &rsa );        ssl_set_hostname( &ssl, opt.server_name );        /*         * 4. Handshake         */        while( ( ret = ssl_handshake( &ssl ) ) != 0 )        {            if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )            {                printf( " failed/n  ! ssl_handshake returned %d/n/n", ret );                ssl_free( &ssl );                goto exit;            }        }        printf( " ok/n" );        /*         * 5. Print the certificate         */        printf( "  . Peer certificate information    .../n" );        ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, "      ",                                   ssl.session->peer_cert );        if( ret == -1 )        {            printf( " failed/n  !  x509parse_cert_info returned %d/n/n", ret );            ssl_free( &ssl );            goto exit;        }        printf( "%s/n", buf );        ssl_close_notify( &ssl );        ssl_free( &ssl );    }    else        goto usage;exit:    if( server_fd )        net_close( server_fd );    x509_free( &clicert );    rsa_free( &rsa );#if defined(_WIN32)    printf( "  + Press Enter to exit this program./n" );    fflush( stdout ); getchar();#endif    return( ret );}

//.........这里部分代码省略.........        {            printf( " failed/n  ! ctr_drbg_init returned %d/n", ret );            goto exit;        }        printf( " ok/n" );        /*         * 2. Start the connection         */        printf( "  . SSL connection to tcp/%s/%-4d...", opt.server_name,                                                        opt.server_port );        fflush( stdout );        if( ( ret = net_connect( &server_fd, opt.server_name,                                             opt.server_port ) ) != 0 )        {            printf( " failed/n  ! net_connect returned %d/n/n", ret );            goto exit;        }        /*         * 3. Setup stuff         */        if( ( ret = ssl_init( &ssl ) ) != 0 )        {            printf( " failed/n  ! ssl_init returned %d/n/n", ret );            goto exit;        }        ssl_set_endpoint( &ssl, SSL_IS_CLIENT );        if( verify )        {            ssl_set_authmode( &ssl, SSL_VERIFY_REQUIRED );            ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );            ssl_set_verify( &ssl, my_verify, NULL );        }        else            ssl_set_authmode( &ssl, SSL_VERIFY_NONE );        ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );        ssl_set_dbg( &ssl, my_debug, stdout );        ssl_set_bio( &ssl, net_recv, &server_fd,                net_send, &server_fd );        ssl_set_own_cert( &ssl, &clicert, &pkey );#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)        ssl_set_hostname( &ssl, opt.server_name );#endif        /*         * 4. Handshake         */        while( ( ret = ssl_handshake( &ssl ) ) != 0 )        {            if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )            {                printf( " failed/n  ! ssl_handshake returned %d/n/n", ret );                ssl_free( &ssl );                goto exit;            }        }        printf( " ok/n" );

//.........这里部分代码省略.........    free(tmphstbuf);  }  if(r < 0) {    if(net_errno == NET_EINPROGRESS) {      struct pollfd pfd;      pfd.fd = fd;      pfd.events = POLLOUT;      pfd.revents = 0;      r = netPoll(&pfd, 1, timeout);      if(r == 0) {	/* Timeout */	snprintf(errbuf, errbufsize, "Connection attempt timed out");	netClose(fd);	return NULL;      }            if(r == -1) {	snprintf(errbuf, errbufsize, "poll() error: %s", 		 strerror(net_errno));	netClose(fd);	return NULL;      }      netGetSockOpt(fd, SOL_SOCKET, SO_ERROR, (void *)&err, &errlen);    } else {      err = net_errno;    }  } else {    err = 0;  }  if(err != 0) {    snprintf(errbuf, errbufsize, "%s", strerror(err));    netClose(fd);    return NULL;  }    optval = 0;  r = netSetSockOpt(fd, SOL_SOCKET, SO_NBIO, &optval, sizeof(optval));  if(r < 0) {    snprintf(errbuf, errbufsize, "Unable to go blocking: %s",	     strerror(net_errno));    netClose(fd);    return NULL;  }  tcpcon_t *tc = calloc(1, sizeof(tcpcon_t));  tc->fd = fd;  htsbuf_queue_init(&tc->spill, 0);  if(ssl) {#if ENABLE_POLARSSL    if(1) {      tc->ssl = malloc(sizeof(ssl_context));      if(ssl_init(tc->ssl)) {	snprintf(errbuf, errlen, "SSL failed to initialize");	close(fd);	free(tc->ssl);	free(tc);	return NULL;      }      tc->ssn = malloc(sizeof(ssl_session));      tc->hs = malloc(sizeof(havege_state));      havege_init(tc->hs);      memset(tc->ssn, 0, sizeof(ssl_session));      ssl_set_endpoint(tc->ssl, SSL_IS_CLIENT );      ssl_set_authmode(tc->ssl, SSL_VERIFY_NONE );      ssl_set_rng(tc->ssl, havege_rand, tc->hs );      ssl_set_bio(tc->ssl, net_recv, &tc->fd, net_send, &tc->fd);      ssl_set_ciphers(tc->ssl, ssl_default_ciphers );      ssl_set_session(tc->ssl, 1, 600, tc->ssn );            tc->read = polarssl_read;      tc->write = polarssl_write;          } else#endif    {      snprintf(errbuf, errlen, "SSL not supported");      tcp_close(tc);      return NULL;    }  } else {    tc->read = tcp_read;    tc->write = tcp_write;  }  return tc;}

//.........这里部分代码省略.........        goto exit;    }    ret =  pk_parse_key( &pkey, (const unsigned char *) test_srv_key,                         strlen( test_srv_key ), NULL, 0 );    if( ret != 0 )    {        printf( " failed/n  !  pk_parse_key returned %d/n/n", ret );        goto exit;    }    if( packet_in_num == 0 )    {        printf( " ok/n" );    }    /*     * Server:     * Setup stuff     */    if( packet_in_num == 0 )    {        printf( "  . Server: Setting up the SSL data...." );        fflush( stdout );    }    if( ( ret = ssl_init( &s_ssl ) ) != 0 )    {        polarssl_printf( " failed/n  ! ssl_init returned %d/n/n", ret );        goto exit;    }    ssl_set_endpoint( &s_ssl, SSL_IS_SERVER );    ssl_set_authmode( &s_ssl, SSL_VERIFY_NONE );    /* SSLv3 is deprecated, set minimum to TLS 1.0 */    ssl_set_min_version( &s_ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 );    /* RC4 is deprecated, disable it */    ssl_set_arc4_support( &s_ssl, SSL_ARC4_DISABLED );    ssl_set_rng( &s_ssl, ctr_drbg_deterministic, NULL );    ssl_set_dbg( &s_ssl, my_debug, stdout );#if defined(POLARSSL_SSL_CACHE_C)    ssl_set_session_cache( &s_ssl, ssl_cache_get, &cache,                           ssl_cache_set, &cache );#endif    ssl_set_ca_chain( &s_ssl, srvcert.next, NULL, NULL );    if( ( ret = ssl_set_own_cert( &s_ssl, &srvcert, &pkey ) ) != 0 )    {        printf( " failed/n  ! ssl_set_own_cert returned %d/n/n", ret );        goto exit;    }    if( packet_in_num == 0 )    {        printf( " ok/n" );    }    ssl_session_reset( &s_ssl );#if SOCKET_COMMUNICATION    /*     * Server:     * Setup the listening TCP socket

/**  * @brief  SSL Server task.  * @param  pvParameters not used  * @retval None  */void ssl_server(void const * argument){  int ret, len;  int listen_fd;  int client_fd = -1;  unsigned char buf[1524];  ssl_context ssl;  x509_cert srvcert;  rsa_context rsa;#if defined(POLARSSL_SSL_CACHE_C)  ssl_cache_context cache;    ssl_cache_init( &cache );#endif    /*  * Load the certificates and private RSA key  */  printf( "/n  . Loading the server cert. and key..." );    memset( &srvcert, 0, sizeof( x509_cert ) );    /*  * This demonstration program uses embedded test certificates.  * Instead, you may want to use x509parse_crtfile() to read the  * server and CA certificates, as well as x509parse_keyfile().  */  ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,                      strlen( test_srv_crt ) );  if( ret != 0 )  {    printf( " failed/n  !  x509parse_crt returned %d/n/n", ret );    goto exit;  }    ret = x509parse_crt( &srvcert, (const unsigned char *) test_ca_crt,                      strlen( test_ca_crt ) );  if( ret != 0 )  {    printf( " failed/n  !  x509parse_crt returned %d/n/n", ret );    goto exit;  }    rsa_init( &rsa, RSA_PKCS_V15, 0 );  ret =  x509parse_key( &rsa, (const unsigned char *) test_srv_key,                       strlen( test_srv_key ), NULL, 0 );  if( ret != 0 )  {    printf( " failed/n  !  x509parse_key returned %d/n/n", ret );    goto exit;  }    printf( " ok/n/r" );    /*  * Setup the listening TCP socket  */  printf( "  . Bind on https://localhost:443/ ..." );    if( ( ret = net_bind( &listen_fd, NULL, 443) ) != 0 )  {    printf( " failed/n  ! net_bind returned %d/n/n", ret );    goto exit;  }    printf( " ok/n/r" );        /*    * Setup stuff    */    printf( "  . Setting up the SSL data...." );        if( ( ret = ssl_init( &ssl ) ) != 0 )    {      printf( " failed/n  ! ssl_init returned %d/n/n", ret );      goto reset;    }        ssl_set_endpoint( &ssl, SSL_IS_SERVER );    ssl_set_authmode( &ssl, SSL_VERIFY_NONE );        ssl_set_rng( &ssl, RandVal , NULL );    ssl_set_dbg( &ssl, my_debug, stdout );    #if defined(POLARSSL_SSL_CACHE_C)    ssl_set_session_cache( &ssl, ssl_cache_get, &cache,                          ssl_cache_set, &cache );#endif    ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );    ssl_set_own_cert( &ssl, &srvcert, &rsa );        ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd );        printf( " ok/n/r" );//.........这里部分代码省略.........