crypto/openssl-wrapper: export interfaces #3346
Open
+15
−7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…oad_verify_dir Export SSL_CTX_load_verify_file() and SSL_CTX_load_verify_dir() interfaces to allow loading CA certificates from file or directory. Signed-off-by: makejian <[email protected]>
Map mbedtls error codes to OpenSSL standard return codes in SSL_connect/SSL_do_handshake: - Return 1 on success - Return 0 on controlled shutdown - Return -1 on fatal error (was returning mbedtls error codes) This aligns the return values with OpenSSL specification where SSL_get_error() should be called to get the actual error reason. Signed-off-by: makejian <[email protected]>
Remove the extra rngctx parameter from SSL_CTX_new() to match the standard OpenSSL API signature: SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) This improves compatibility with code written for OpenSSL. Signed-off-by: makejian <[email protected]>
xiaoxiang781216
approved these changes
Jan 20, 2026
jerpelea
changed the title
jerpelea
approved these changes
Jan 20, 2026
Contributor
|
@ThePassionate please rebase the change |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR includes three improvements to the OpenSSL mbedtls wrapper:
Export CA certificate loading interfaces - Export
SSL_CTX_load_verify_fileandSSL_CTX_load_verify_dirfunctions for loading CA certificates from file or directory.Fix SSL error code mapping - Correct the return value mapping from mbedtls to OpenSSL conventions:
1for success0for clean shutdown-1for errorsAlign SSL_CTX_new declaration with OpenSSL - Remove the extra
rngctxparameter fromSSL_CTX_new()to match the standard OpenSSL API signature.Impact
These changes improve OpenSSL API compatibility, making it easier to port applications that use OpenSSL to NuttX with the mbedtls backend.
Testing
Build and runtime tested on NuttX with mbedtls-based TLS applications.
please ignore openssl mix case warning
Error: /home/runner/work/nuttx-apps/nuttx-apps/apps/crypto/openssl_mbedtls_wrapper/include/openssl/ssl.h:127:23: error: Mixed case identifier found Error: /home/runner/work/nuttx-apps/nuttx-apps/apps/crypto/openssl_mbedtls_wrapper/include/openssl/ssl.h:206:19: error: Mixed case identifier found Error: /home/runner/work/nuttx-apps/nuttx-apps/apps/crypto/openssl_mbedtls_wrapper/include/openssl/ssl.h:208:4: error: Mixed case identifier found Error: /home/runner/work/nuttx-apps/nuttx-apps/apps/crypto/openssl_mbedtls_wrapper/include/openssl/ssl.h:211:4: error: Mixed case identifier found