force to use at least TLS1.2 + some minor changes

Ruslan Filipenko · Ruslan Filipenko · commit 7d7d41b188fb · 2017-09-13T15:51:59.000+01:00
diff --git a/lib/platform/marvell/marvell.c b/lib/platform/marvell/marvell.c
@@ -9,6 +9,8 @@
 #include <stdarg.h>
 
 #include <wm_net.h>
+#include <mbedtls/error.h>
+#include <mbedtls/net_sockets.h>
 
 
 void platform_timer_init(Timer* t)
@@ -135,6 +137,10 @@ static int tls_connect(Network* n, const char* hostname)
         return rc;
     }
 
+    mbedtls_ssl_conf_min_version(n->tls_config, 
+            MBEDTLS_SSL_MAJOR_VERSION_3,
+            MBEDTLS_SSL_MINOR_VERSION_3);
+
 	mbedtls_ssl_conf_cert_profile(n->tls_config,
 			&wm_mbedtls_x509_crt_profile_evrythng);
 
@@ -291,12 +297,26 @@ int platform_network_read(Network* n, unsigned char* buffer, int len, int timeou
             bytes = 0;
             break;
         }
-        else if (rc == -1)
+        else if (rc < 0)
         {   
-            if (errno != ENOTCONN && errno != ECONNRESET)
+            if (n->tls_enabled)
+            {
+                if (rc == MBEDTLS_ERR_SSL_TIMEOUT ||
+                        rc == MBEDTLS_ERR_NET_RECV_FAILED)
+                {
+                    bytes = -1;
+                    break;
+                }
+                else
+                    platform_printf("mbedtls_ssl_read ret: -0x%02X\n", -rc);
+            }
+            else
             {
-                bytes = -1;
-                break;
+                if (errno != ENOTCONN && errno != ECONNRESET)
+                {
+                    bytes = -1;
+                    break;
+                }
             }
         }
         else
