void crypt_ec_helper::save_key_pair(std::string path, EC_KEY *keypair)
	{
		BIO *out;
		int i;
		FILE* outfile;
		EVP_PKEY          *pkey = NULL;

		ERR_load_BIO_strings();
		ERR_load_crypto_strings();

		pkey = EVP_PKEY_new();
		EVP_PKEY_assign_EC_KEY(pkey, keypair);

		EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);

		outfile = fopen(path.c_str(), "w");

		out = BIO_new(BIO_s_file());
		out = BIO_new_fp(outfile, BIO_NOCLOSE);

		EC_KEY_set_asn1_flag(keypair, OPENSSL_EC_NAMED_CURVE);

		i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, 0, NULL);

		fclose(outfile);

		EC_GROUP_free(ecgroup);
		EVP_PKEY_free(pkey);
		BIO_free_all(out);
	}

void err_load_crypto_strings_intern(void)
{
#ifdef OPENSSL_FIPS
    FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
#endif
#ifndef OPENSSL_NO_ERR
    ERR_load_ERR_strings();     /* include error strings for SYSerr */
    ERR_load_BN_strings();
# ifndef OPENSSL_NO_RSA
    ERR_load_RSA_strings();
# endif
# ifndef OPENSSL_NO_DH
    ERR_load_DH_strings();
# endif
    ERR_load_EVP_strings();
    ERR_load_BUF_strings();
    ERR_load_OBJ_strings();
    ERR_load_PEM_strings();
# ifndef OPENSSL_NO_DSA
    ERR_load_DSA_strings();
# endif
    ERR_load_X509_strings();
    ERR_load_ASN1_strings();
    ERR_load_CONF_strings();
    ERR_load_CRYPTO_strings();
# ifndef OPENSSL_NO_COMP
    ERR_load_COMP_strings();
# endif
# ifndef OPENSSL_NO_EC
    ERR_load_EC_strings();
# endif
    /* skip ERR_load_SSL_strings() because it is not in this library */
    ERR_load_BIO_strings();
    ERR_load_PKCS7_strings();
    ERR_load_X509V3_strings();
    ERR_load_PKCS12_strings();
    ERR_load_RAND_strings();
    ERR_load_DSO_strings();
# ifndef OPENSSL_NO_TS
    ERR_load_TS_strings();
# endif
# ifndef OPENSSL_NO_ENGINE
    ERR_load_ENGINE_strings();
# endif
    ERR_load_OCSP_strings();
    ERR_load_UI_strings();
# ifdef OPENSSL_FIPS
    ERR_load_FIPS_strings();
# endif
# ifndef OPENSSL_NO_CMS
    ERR_load_CMS_strings();
# endif
# ifndef OPENSSL_NO_CT
    ERR_load_CT_strings();
# endif
    ERR_load_ASYNC_strings();
#endif
    ERR_load_KDF_strings();
}

static void tls_begin(void)
{
    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();
    ERR_load_crypto_strings();
}

void ERR_load_crypto_strings(void)
{
#ifndef OPENSSL_NO_ERR
    ERR_load_ERR_strings();     /* include error strings for SYSerr */
    ERR_load_BN_strings();
# ifndef OPENSSL_NO_RSA
    ERR_load_RSA_strings();
# endif
# ifndef OPENSSL_NO_DH
    ERR_load_DH_strings();
# endif
    ERR_load_EVP_strings();
    ERR_load_BUF_strings();
    ERR_load_OBJ_strings();
    ERR_load_PEM_strings();
# ifndef OPENSSL_NO_DSA
    ERR_load_DSA_strings();
# endif
    ERR_load_X509_strings();
    ERR_load_ASN1_strings();
    ERR_load_CONF_strings();
    ERR_load_CRYPTO_strings();
# ifndef OPENSSL_NO_COMP
    ERR_load_COMP_strings();
# endif
# ifndef OPENSSL_NO_EC
    ERR_load_EC_strings();
# endif
# ifndef OPENSSL_NO_ECDSA
    ERR_load_ECDSA_strings();
# endif
# ifndef OPENSSL_NO_ECDH
    ERR_load_ECDH_strings();
# endif
    /* skip ERR_load_SSL_strings() because it is not in this library */
    ERR_load_BIO_strings();
    ERR_load_PKCS7_strings();
    ERR_load_X509V3_strings();
    ERR_load_PKCS12_strings();
    ERR_load_RAND_strings();
    ERR_load_DSO_strings();
    ERR_load_TS_strings();
# ifndef OPENSSL_NO_ENGINE
    ERR_load_ENGINE_strings();
# endif
    ERR_load_OCSP_strings();
    ERR_load_UI_strings();
# ifdef OPENSSL_FIPS
    ERR_load_FIPS_strings();
# endif
# ifndef OPENSSL_NO_CMS
    ERR_load_CMS_strings();
# endif
# ifndef OPENSSL_NO_JPAKE
    ERR_load_JPAKE_strings();
# endif
#endif
}

int main() 
{
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();
    
    SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method());
    if (ctx == NULL) {
        printf("SSL_CTX_new err func:%s\n reaseon:%s", ERR_func_error_string(ERR_get_error()),
               ERR_reason_error_string(ERR_get_error()));
        exit(1);
    }

    //加载可信任证书库
    if (0 == SSL_CTX_load_verify_locations(ctx, "./push_cer.pem", NULL)) {
        printf("err func:%s\n reaseon:%s", ERR_func_error_string(ERR_get_error()),
               ERR_reason_error_string(ERR_get_error()));
        ERR_print_errors_fp(stdout);
        exit(1);
    }

    //set BIO
    BIO *bio = BIO_new_ssl_connect(ctx);
    if (bio == NULL) {
        printf("err func:%s\n", ERR_func_error_string(ERR_get_error()));
        ERR_print_errors_fp(stdout);
        exit(1);
    }

    SSL *ssl;
    BIO_get_ssl(bio, &ssl);
    SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);

    //open safe connect
    BIO_set_conn_hostname(bio, "gateway.sandbox.push.apple.com:2195");

    //verify connect ok
    if (BIO_do_connect(bio) <= 0) {
        ERR_print_errors_fp(stdout);
        exit(1);
    }

    if (SSL_get_verify_result(ssl) != X509_V_OK) {
        printf("SSL_get_verify_result not success\n");
    }

    char buf[MAXBUF];
    char *json = "{\"aps\":{\"badge\":123}}";
    sendPayload(bio, token, json, strlen(json));
    int ret = BIO_read(bio, buf, MAXBUF);
    if (ret <= 0) {
        printf("BIO_read return 0\n");
    }

    SSL_CTX_free(ctx);
    BIO_free_all(bio);
    return 0;
}

static void tls_ctx_init(void)
{
	pthread_key_create(&tls_ctx_key, NULL);

	/* init OpenSSL */
	SSL_load_error_strings();
	ERR_load_BIO_strings();
	SSL_library_init();
}

	SecureSocket::SecureSocket()
		: m_context(0), m_conn(0), m_eof(false) 
	{
		m_socket = std::make_unique<Socket>(SocketType::Streaming);

		// Intitialize the SSL client-side socket
		SSL_library_init();
		SSL_load_error_strings();
		ERR_load_BIO_strings();
	}

void Security::libsslInit()
{
	//TODO: make it thread-safe
	if (!libsslReady) {
		ERR_load_BIO_strings();
		SSL_load_error_strings(); /* readable error messages */
		SSL_library_init(); /* initialize library */
		libsslReady = true;
	}
}

int
mowgli_vio_openssl_setssl(mowgli_vio_t *vio, mowgli_vio_ssl_settings_t *settings, mowgli_vio_ops_t *ops)
{
	mowgli_ssl_connection_t *connection;

	return_val_if_fail(vio, -255);

	if (!ssl_heap)
		ssl_heap = mowgli_heap_create(sizeof(mowgli_ssl_connection_t), 64, BH_NOW);

	connection = mowgli_heap_alloc(ssl_heap);
	vio->privdata = connection;

	if (settings)
		memcpy(&connection->settings, settings, sizeof(mowgli_vio_ssl_settings_t));
	else
		/* Greatest compat without being terribly insecure */
		connection->settings.ssl_version = MOWGLI_VIO_SSLFLAGS_SSLV3;

	if (ops == NULL)
	{
		if (!openssl_ops)
		{
			openssl_ops = mowgli_alloc(sizeof(mowgli_vio_ops_t));
			memcpy(openssl_ops, &mowgli_vio_default_ops, sizeof(mowgli_vio_ops_t));
		}

		vio->ops = openssl_ops;
	}
	else
	{
		vio->ops = ops;
	}

	/* Change ops */
	mowgli_vio_ops_set_op(vio->ops, connect, mowgli_vio_openssl_default_connect);
	mowgli_vio_ops_set_op(vio->ops, read, mowgli_vio_openssl_default_read);
	mowgli_vio_ops_set_op(vio->ops, write, mowgli_vio_openssl_default_write);
	mowgli_vio_ops_set_op(vio->ops, close, mowgli_vio_openssl_default_close);
	mowgli_vio_ops_set_op(vio->ops, accept, mowgli_vio_openssl_default_accept);
	mowgli_vio_ops_set_op(vio->ops, listen, mowgli_vio_openssl_default_listen);

	/* SSL setup */
	if (!openssl_init)
	{
		openssl_init = true;
		SSL_library_init();
		SSL_load_error_strings();
		ERR_load_BIO_strings();
		OpenSSL_add_all_algorithms();
	}

	return 0;
}

/**
 * Initialise OpenSSL
 */
void init_openssl() {

    /* call the standard SSL init functions */
    SSL_load_error_strings();
    SSL_library_init();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();

    /* seed the random number system - only really nessecary for systems without '/dev/random' */
    /* RAND_add(?,?,?); need to work out a cryptographically significant way of generating the seed */
}

/* Initialize the SSL library internals for use by the messaging bus. */
bool BusSSL_Init(struct bus *b) {
    if (!SSL_library_init()) { return false; }
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_ssl_algorithms();

    SSL_CTX *ctx = NULL;
    if (!init_client_SSL_CTX(&ctx)) { return false; }
    b->ssl_ctx = ctx;

    return true;
}

int init_conn(CONN *conn)
{
    // Initialise OpenSSL
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();
    SSL_library_init();
    
    // Set up the SSL context
    conn->ctx = SSL_CTX_new(SSLv3_method());
    return 0;
}

int main(int argc, char *argv[])
{
	const char *cert_filename	=	"ecc_server.crt";
	BIO *cert_bio 				= 	NULL;
	BIO *out_bio 				= 	NULL;
	X509 *cert					=	NULL;
	EVP_PKEY *pkey				=	NULL;
	int ret;

	OpenSSL_add_all_algorithms();
	ERR_load_BIO_strings();
	ERR_load_crypto_strings();

	cert_bio = BIO_new(BIO_s_file());
	out_bio = BIO_new_fp(stdout, BIO_NOCLOSE);

	ret = BIO_read_filename(cert_bio, cert_filename);
	if (!(cert = PEM_read_bio_X509(cert_bio, NULL, 0, NULL)))
	{
		BIO_printf(out_bio, "Error loading cert into memory\n");
		exit(-1);
	}

	if ((pkey = X509_get_pubkey(cert)) == NULL)
		BIO_printf(out_bio, "Error getting public key from certificate\n");
	
	if (pkey)
	{
		switch (EVP_PKEY_id(pkey))
		{
			case EVP_PKEY_RSA:
				BIO_printf(out_bio, "%d bit RSA Key\n\n", EVP_PKEY_bits(pkey));
				break;
			case EVP_PKEY_DSA:
				BIO_printf(out_bio, "%d bit DSA Key\n\n", EVP_PKEY_bits(pkey));
				break;
			default:
				BIO_printf(out_bio, "%d bit non-RSA/DSA\n\n", EVP_PKEY_bits(pkey));
				break;
		}
	}

	if (!PEM_write_bio_PUBKEY(out_bio, pkey))
		BIO_printf(out_bio, "Error writing public key data in PEM format\n");

	EVP_PKEY_free(pkey);
	X509_free(cert);
	BIO_free_all(cert_bio);
	BIO_free_all(out_bio);
	
	return 0;
}

static void mz_crypt_init(void)
{
    static int32_t openssl_initialized = 0;
    if (openssl_initialized == 0)
    {
        OpenSSL_add_all_algorithms();

        ERR_load_BIO_strings();
        ERR_load_crypto_strings();

        openssl_initialized = 1;
    }
}

static void lumberjack_init(void) {
  if (lumberjack_init_done) {
    return;
  }

  /* ssl init */
  CRYPTO_malloc_init();
  SSL_library_init();
  SSL_load_error_strings();
  ERR_load_BIO_strings();
  OpenSSL_add_all_algorithms();
  lumberjack_init_done = 1;
} /* lumberjack_init */

 /* SSL library initialisation */
 void init()
 {
   static bool init_once = false;
   if (init_once == false)
   {
     INFO("OpenSSL", "Initializing (%s)", OPENSSL_VERSION_TEXT);
     init_once = true;
     SSL_library_init();
     OpenSSL_add_all_algorithms();
     SSL_load_error_strings();
     ERR_load_BIO_strings();
     ERR_load_crypto_strings();
   }
 }

/**
 * @desc Initialize OpenSSL lib
 * @throw Char *
 */
void IOSocketSSL::initSSL(const bool force_server_method = false) {

	TRACE_CALL();

	SSL_load_error_strings();
	ERR_load_BIO_strings();
	OpenSSL_add_all_algorithms();
	OpenSSL_add_ssl_algorithms();

	switch (socket_t) {
		case IOSOCKET_LISTEN_T:
			ctx = SSL_CTX_new(SSLv3_server_method());
			break;

		case IOSOCKET_CONNECT_T:
			if (force_server_method)
				ctx = SSL_CTX_new(SSLv3_server_method());
			else
				ctx = SSL_CTX_new(SSLv3_client_method());
			break;

		default:
			/* Shouln't happen, mother class constructor should have thrown
			 * an exception earlier */
			throw("Unknown socket type");
			break;
	}

	/**
	 * Should use a loop on ERR_get_error()
	 * to retrieve the whole error process
	 */
	if (ctx == NULL)
		throw(new_SSL_error("initializing ssl context"));

	if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) != 1)
		throw(new_SSL_error("loading cert file"));

	if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) != 1)
		throw(new_SSL_error("loading private key file"));

	if (SSL_CTX_check_private_key(ctx) != 1)
		throw(new_SSL_error("verifying private key"));

	/* Don't bother with renego */
	SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

	init_ssl = true;
}

void ERR_load_crypto_strings(void)
  {
  static int done=0;

  if (done) return;
  done=1;
#ifndef OPENSSL_NO_ERR
  ERR_load_ERR_strings(); /* include error strings for SYSerr */
  ERR_load_BN_strings();
#ifndef OPENSSL_NO_RSA
  ERR_load_RSA_strings();
#endif
#ifndef OPENSSL_NO_DH
  ERR_load_DH_strings();
#endif
  ERR_load_EVP_strings();
  ERR_load_BUF_strings();
  ERR_load_OBJ_strings();
  ERR_load_PEM_strings();
#ifndef OPENSSL_NO_DSA
  ERR_load_DSA_strings();
#endif
  ERR_load_X509_strings();
  ERR_load_ASN1_strings();
  ERR_load_CONF_strings();
  ERR_load_CRYPTO_strings();
#ifndef OPENSSL_NO_EC
  ERR_load_EC_strings();
#endif
#ifndef OPENSSL_NO_ECDSA
  ERR_load_ECDSA_strings();
#endif
#ifndef OPENSSL_NO_ECDH
  ERR_load_ECDH_strings();
#endif
  /* skip ERR_load_SSL_strings() because it is not in this library */
  ERR_load_BIO_strings();
  ERR_load_PKCS7_strings();  
  ERR_load_X509V3_strings();
  ERR_load_PKCS12_strings();
  ERR_load_RAND_strings();
  ERR_load_DSO_strings();
#ifndef OPENSSL_NO_ENGINE
  ERR_load_ENGINE_strings();
#endif
  ERR_load_OCSP_strings();
  ERR_load_UI_strings();
#endif
  }

void openssl_error_show(const char *string, int type)
{
	char buf[MAX1_LEN] = { 0 };

	if (type == 0) {
		strncpy(buf, string, sizeof(buf) - 1);
		perror(buf);
	} else if (type == 1) {
		BIO_printf(bio_err, "%s\n", string);
		ERR_print_errors(bio_err);
	} else {
		ERR_load_BIO_strings();
		ERR_clear_error();
		bio_err = BIO_new(BIO_s_file());
		BIO_set_fp(bio_err, stdout, BIO_NOCLOSE);
	}
}

void init_openssl(void){

	(void)SSL_library_init();

	SSL_load_error_strings();

	/* Load the human readable error strings for libcrypto */
	ERR_load_BIO_strings();

	/* Load the human readable error strings for libcrypto */
	ERR_load_crypto_strings();

	/* Load all digest and cipher algorithms */
	OpenSSL_add_all_algorithms();

	OPENSSL_config(NULL);
}