From 870a075b9b6d7c3c895b9dddc8df073f38993ee4 Mon Sep 17 00:00:00 2001
From: Jianhui Zhao <zhaojh329@gmail.com>
Date: Sat, 4 May 2024 19:42:45 +0800
Subject: [PATCH] fix: Add compatibility with Mbed TLS 3.0.0

sync github.com/zhaojh329/ssl

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
---
 src/http.c | 12 ++++++------
 src/main.c |  6 +++---
 src/rtty.c | 17 +++++++++++------
 src/ssl    |  2 +-
 4 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/http.c b/src/http.c
index 2b034b9..4bdc54a 100644
--- a/src/http.c
+++ b/src/http.c
@@ -87,11 +87,11 @@ static int ssl_negotiated(struct http_connection *conn)
     int ret;
 
     ret = ssl_connect(conn->ssl, NULL, NULL);
-    if (ret == SSL_PENDING)
+    if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
         return 0;
 
     if (ret == SSL_ERROR) {
-        log_err("ssl connect error: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+        log_err("ssl connect error: %s\n", ssl_last_error_string(conn->ssl, err_buf, sizeof(err_buf)));
         return -1;
     }
 
@@ -121,10 +121,10 @@ static void on_net_read(struct ev_loop *loop, struct ev_io *w, int revents)
 
         ret = ssl_read(conn->ssl, buf, sizeof(buf));
         if (ret == SSL_ERROR) {
-            log_err("ssl_read: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+            log_err("ssl_read: %s\n", ssl_last_error_string(conn->ssl, err_buf, sizeof(err_buf)));
             goto done;
         }
-        if (ret == SSL_PENDING)
+        if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
             return;
 
     } else {
@@ -164,11 +164,11 @@ static void on_net_write(struct ev_loop *loop, struct ev_io *w, int revents)
 
         ret = ssl_write(conn->ssl, buffer_data(b), buffer_length(b));
         if (ret == SSL_ERROR) {
-            log_err("ssl_write: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+            log_err("ssl_write: %s\n", ssl_last_error_string(conn->ssl, err_buf, sizeof(err_buf)));
             goto err;
         }
 
-        if (ret == SSL_PENDING)
+        if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
             return;
 
         buffer_pull(b, NULL, ret);
diff --git a/src/main.c b/src/main.c
index 69b1afe..b141594 100644
--- a/src/main.c
+++ b/src/main.c
@@ -44,7 +44,7 @@ static void load_default_ca_cert(struct ssl_context *ctx)
 	glob("/etc/ssl/certs/*.crt", 0, NULL, &gl);
 
 	for (i = 0; i < gl.gl_pathc; i++)
-		ssl_load_ca_crt_file(ctx, gl.gl_pathv[i]);
+		ssl_load_ca_cert_file(ctx, gl.gl_pathv[i]);
 
 	globfree(&gl);
 }
@@ -163,7 +163,7 @@ int main(int argc, char **argv)
             rtty.ssl_on = true;
             break;
         case 'C':
-            if (ssl_load_ca_crt_file(rtty.ssl_ctx, optarg)) {
+            if (ssl_load_ca_cert_file(rtty.ssl_ctx, optarg)) {
                 log_err("load ca certificate file fail\n");
                 return -1;
             }
@@ -174,7 +174,7 @@ int main(int argc, char **argv)
             ssl_set_require_validation(rtty.ssl_ctx, false);
             break;
         case 'c':
-            if (ssl_load_crt_file(rtty.ssl_ctx, optarg)) {
+            if (ssl_load_cert_file(rtty.ssl_ctx, optarg)) {
                 log_err("load certificate file fail\n");
                 return -1;
             }
diff --git a/src/rtty.c b/src/rtty.c
index 25e051c..3d73384 100644
--- a/src/rtty.c
+++ b/src/rtty.c
@@ -480,11 +480,16 @@ static int ssl_negotiated(struct rtty *rtty)
     int ret;
 
     ret = ssl_connect(rtty->ssl, on_ssl_verify_error, &valid_cert);
-    if (ret == SSL_PENDING)
+    if (ret == SSL_WANT_READ)
         return 0;
 
+    if (ret == SSL_WANT_WRITE) {
+        ev_io_start(rtty->loop, &rtty->iow);
+        return 0;
+    }
+
     if (ret == SSL_ERROR) {
-        log_err("ssl connect error: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+        log_err("ssl connect error: %s\n", ssl_last_error_string(rtty->ssl, err_buf, sizeof(err_buf)));
         return -1;
     }
 
@@ -504,11 +509,11 @@ static int rtty_ssl_read(int fd, void *buf, size_t count, void *arg)
 
     ret = ssl_read(rtty->ssl, buf, count);
     if (ret == SSL_ERROR) {
-        log_err("ssl_read: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+        log_err("ssl_read: %s\n", ssl_last_error_string(rtty->ssl, err_buf, sizeof(err_buf)));
         return P_FD_ERR;
     }
 
-    if (ret == SSL_PENDING)
+    if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
         return P_FD_PENDING;
 
     return ret;
@@ -580,11 +585,11 @@ static void on_net_write(struct ev_loop *loop, struct ev_io *w, int revents)
 
         ret = ssl_write(rtty->ssl, buffer_data(b), buffer_length(b));
         if (ret == SSL_ERROR) {
-            log_err("ssl_write: %s\n", ssl_last_error_string(err_buf, sizeof(err_buf)));
+            log_err("ssl_write: %s\n", ssl_last_error_string(rtty->ssl, err_buf, sizeof(err_buf)));
             goto err;
         }
 
-        if (ret == SSL_PENDING)
+        if (ret == SSL_WANT_READ || ret == SSL_WANT_WRITE)
             return;
 
         buffer_pull(b, NULL, ret);
diff --git a/src/ssl b/src/ssl
index d93e642..28cc9b5 160000
--- a/src/ssl
+++ b/src/ssl
@@ -1 +1 @@
-Subproject commit d93e6426ec1d8c019bd302e4599f3b91ba95fb3b
+Subproject commit 28cc9b5d98179d161673d20e79333ae5a4864228