diff --git a/Makefile b/Makefile
index 1e0d22e8..97fc0600 100644
--- a/Makefile
+++ b/Makefile
@@ -420,6 +420,7 @@ INCLUDES += -I $(SDK_PATH)/include/espressif
 INCLUDES += -I $(SDK_PATH)/include/lwip
 INCLUDES += -I $(SDK_PATH)/include/lwip/ipv4
 INCLUDES += -I $(SDK_PATH)/include/lwip/ipv6
+INCLUDES += -I $(SDK_PATH)/include/lwip/posix
 INCLUDES += -I $(SDK_PATH)/include/nopoll
 INCLUDES += -I $(SDK_PATH)/include/spiffs
 INCLUDES += -I $(SDK_PATH)/include/ssl
diff --git a/examples/wolfssl_demo/Makefile b/examples/wolfssl_demo/Makefile
new file mode 100755
index 00000000..d4ad6342
--- /dev/null
+++ b/examples/wolfssl_demo/Makefile
@@ -0,0 +1,116 @@
+#############################################################
+# Required variables for each makefile
+# Discard this section from all parent makefiles
+# Expected variables (with automatic defaults):
+#   CSRCS (all "C" files in the dir)
+#   SUBDIRS (all subdirs with a Makefile)
+#   GEN_LIBS - list of libs to be generated ()
+#   GEN_IMAGES - list of object file images to be generated ()
+#   GEN_BINS - list of binaries to be generated ()
+#   COMPONENTS_xxx - a list of libs/objs in the form
+#     subdir/lib to be extracted and rolled up into
+#     a generated lib/image xxx.a ()
+#
+TARGET = eagle
+#FLAVOR = release
+FLAVOR = debug
+
+#EXTRA_CCFLAGS += -u
+
+ifndef PDIR # {
+GEN_IMAGES= eagle.app.v6.out
+GEN_BINS= eagle.app.v6.bin
+SPECIAL_MKTARGETS=$(APP_MKTARGETS)
+SUBDIRS=    \
+	user
+
+endif # } PDIR
+
+LDDIR = $(SDK_PATH)/ld
+
+CCFLAGS += -Os
+
+TARGET_LDFLAGS =		\
+	-nostdlib		\
+	-Wl,-EL \
+	--longcalls \
+	--text-section-literals
+
+ifeq ($(FLAVOR),debug)
+    TARGET_LDFLAGS += -g -O2
+endif
+
+ifeq ($(FLAVOR),release)
+    TARGET_LDFLAGS += -g -O0
+endif
+
+COMPONENTS_eagle.app.v6 = \
+	user/libuser.a 
+
+LINKFLAGS_eagle.app.v6 =    \
+    -L$(SDK_PATH)/lib       \
+    -Wl,--gc-sections       \
+    -nostdlib               \
+    -T$(LD_FILE)            \
+    -Wl,--no-check-sections \
+    -u call_user_start      \
+    -Wl,-static             \
+    -Wl,--start-group       \
+    -lcirom                 \
+    -lgcc                   \
+    -lhal                   \
+    -lcrypto                \
+    -lfreertos              \
+    -llwip                  \
+    -lmain                  \
+    -lnet80211              \
+    -lphy                   \
+    -lpp                    \
+    -lwpa                   \
+    -ldriver                \
+    -lwolfssl		    \
+    $(DEP_LIBS_eagle.app.v6)\
+    -Wl,--end-group
+
+DEPENDS_eagle.app.v6 = \
+                $(LD_FILE) \
+                $(LDDIR)/eagle.rom.addr.v6.ld
+
+#############################################################
+# Configuration i.e. compile options etc.
+# Target specific stuff (defines etc.) goes in here!
+# Generally values applying to a tree are captured in the
+#   makefile at its root level - these are then overridden
+#   for a subtree within the makefile rooted therein
+#
+CONFIGURATION_DEFINES =	-DWOLFSSL_USER_SETTINGS
+
+DEFINES +=				\
+	$(UNIVERSAL_TARGET_DEFINES)	\
+	$(CONFIGURATION_DEFINES)
+
+DDEFINES +=				\
+	$(UNIVERSAL_TARGET_DEFINES)	\
+	$(CONFIGURATION_DEFINES)
+
+
+#############################################################
+# Recursion Magic - Don't touch this!!
+#
+# Each subtree potentially has an include directory
+#   corresponding to the common APIs applicable to modules
+#   rooted at that subtree. Accordingly, the INCLUDE PATH
+#   of a module can only contain the include directories up
+#   its parent path, and not its siblings
+#
+# Required for each makefile to inherit from the parent
+#
+
+INCLUDES := $(INCLUDES) -I $(PDIR)include
+INCLUDES += -I $(SDK_PATH)/include/wolfssl
+INCLUDES += -I $(SDK_PATH)/include/freertos
+sinclude $(SDK_PATH)/Makefile
+
+.PHONY: FORCE
+FORCE:
+
diff --git a/examples/wolfssl_demo/README.md b/examples/wolfssl_demo/README.md
new file mode 100644
index 00000000..8d1b0ced
--- /dev/null
+++ b/examples/wolfssl_demo/README.md
@@ -0,0 +1,70 @@
+WOLFSSL INTRODUCTION
+
+Licensed from wolfSSL to Espressif.
+
+### WHAT ABOUT WOLFSSL
+
+The WOLFSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  wolfSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL.
+
+### BEFORE YOU GET STARTED
+- Requirements
+    - RTOS SDK
+    - You can use both xcc and gcc to compile your project, gcc is recommended. 
+- Optional
+    - Basic knowledge of server/client communication
+    - Basic knowledge of SSL/TLS
+
+The more you know, the easier it will be to get going. There are a number of links in the Helpful Links section to read up on SSL/TLS.
+
+### QUICK START
+
+if you plan to use TLS cipher suites you must setting the information in user_settings.h for compatible with your needs.
+
+- Example
+  - The project support an example which run a client, it connects with "www.baidu.com" default, you can modify it by WOLFSSL_DEMO_TARGET_NAME and WOLFSSL_DEMO_TARGET_PORT.
+  - Modify SSID and PASSWORD according to the actual access point which in user_config.h
+- Compile
+    - Clone ESP8266_RTOS_SDK, e.g., to ~/ESP8266_RTOS_SDK.
+      - $ git clone https://github.com/espressif/ESP8266_RTOS_SDK.git
+    - Modify gen_misc.sh or gen_misc.bat:
+      - For Linux: 
+          - $export SDK_PATH=~/ESP8266_RTOS_SDK
+          - $export BIN_PATH=~/ESP8266_BIN
+      - For Windows:
+          - set SDK_PATH=/c/ESP8266_RTOS_SDK
+          - set BIN_PATH=/c/ESP8266_BIN
+- Generate bin
+  - For Linux:
+      - ./gen_misc.sh
+  - For Windows:
+      - gen_misc.bat
+
+  - Just follow the tips and steps.
+      - STEP 1: 1
+      - STEP 2: 1
+      - STEP 3: default
+      - STEP 4: default
+      - STEP 5: 2
+
+- Download
+  - blank.bin, downloads to flash 0x01fe000
+  - esp_init_data_default.bin, downloads to flash 0x01fc000
+  - boot.bin, downloads to flash 0x00000
+  - user1.1024.new2.bin, downloads to flash 0x01000
+
+### PORT
+
+If you want to use wolfssl in your project, follow up those steps.
+- STEP 1: Copy `wolfssl` folder to your project
+- STEP 2: Modify `Makefile` to make sure that wolfssl will be compiled and linked
+- STEP 3: Modify `Makefile` to define `WOLFSSL_USER_SETTINGS`
+- STEP 4: Copy `user_setting.h` to your project's include folder
+    - since WOLFSSL_USER_SETTINGS is defined, it'll allow you to use the setting by yourself in user_setting.h.
+
+### HELPFUL LINKS
+
+In general, these are links which will be useful for using both wolfSSL, as well as networked and secure applications in general. Furthermore, there is a more comprehensive tutorial that can be found in Chapter 11 of the official wolfSSL manual. The examples in the wolfSSL package and Chapter 11 do appropriate error checking, which is worth taking a look at. For a more comprehensive API, check out chapter 17 of the official manual.
+
+- WOLFSSL Manual (https://www.wolfssl.com/docs/wolfssl-manual/)
+- WOLFSSL GitHub
+  (https://github.com/wolfssl/wolfssl)
diff --git a/examples/wolfssl_demo/gen_misc.sh b/examples/wolfssl_demo/gen_misc.sh
new file mode 100755
index 00000000..4013711c
--- /dev/null
+++ b/examples/wolfssl_demo/gen_misc.sh
@@ -0,0 +1,192 @@
+#!/bin/bash
+
+:<<!
+******NOTICE******
+MUST set SDK_PATH & BIN_PATH firstly!!!
+example:
+export SDK_PATH=~/esp_iot_sdk_freertos
+export BIN_PATH=~/esp8266_bin
+!
+
+
+export SDK_PATH=$SDK_PATH
+export BIN_PATH=$BIN_PATH
+
+echo "gen_misc.sh version 20150911"
+echo ""
+
+if [ $SDK_PATH ]; then
+    echo "SDK_PATH:"
+    echo "$SDK_PATH"
+    echo ""
+else
+    echo "ERROR: Please export SDK_PATH in gen_misc.sh firstly, exit!!!"
+    exit
+fi
+
+if [ $BIN_PATH ]; then
+    echo "BIN_PATH:"
+    echo "$BIN_PATH"
+    echo ""
+else
+    echo "ERROR: Please export BIN_PATH in gen_misc.sh firstly, exit!!!"
+    exit
+fi
+
+echo "Please check SDK_PATH & BIN_PATH, enter (Y/y) to continue:"
+read input
+
+if [[ $input != Y ]] && [[ $input != y ]]; then
+    exit
+fi
+
+echo ""
+
+echo "Please follow below steps(1-5) to generate specific bin(s):"
+echo "STEP 1: use boot_v1.2+ by default"
+boot=new
+
+echo "boot mode: $boot"
+echo ""
+
+echo "STEP 2: choose bin generate(0=eagle.flash.bin+eagle.irom0text.bin, 1=user1.bin, 2=user2.bin)"
+echo "enter (0/1/2, default 0):"
+read input
+
+if [ -z "$input" ]; then
+    if [ $boot != none ]; then
+    	boot=none
+	echo "ignore boot"
+    fi
+    app=0
+    echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
+elif [ $input == 1 ]; then
+    if [ $boot == none ]; then
+    	app=0
+	echo "choose no boot before"
+	echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
+    else
+	app=1
+        echo "generate bin: user1.bin"
+    fi
+elif [ $input == 2 ]; then
+    if [ $boot == none ]; then
+    	app=0
+	echo "choose no boot before"
+	echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
+    else
+    	app=2
+    	echo "generate bin: user2.bin"
+    fi
+else
+    if [ $boot != none ]; then
+    	boot=none
+	echo "ignore boot"
+    fi
+    app=0
+    echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
+fi
+
+echo ""
+
+echo "STEP 3: choose spi speed(0=20MHz, 1=26.7MHz, 2=40MHz, 3=80MHz)"
+echo "enter (0/1/2/3, default 2):"
+read input
+
+if [ -z "$input" ]; then
+    spi_speed=40
+elif [ $input == 0 ]; then
+    spi_speed=20
+elif [ $input == 1 ]; then
+    spi_speed=26.7
+elif [ $input == 3 ]; then
+    spi_speed=80
+else
+    spi_speed=40
+fi
+
+echo "spi speed: $spi_speed MHz"
+echo ""
+
+echo "STEP 4: choose spi mode(0=QIO, 1=QOUT, 2=DIO, 3=DOUT)"
+echo "enter (0/1/2/3, default 0):"
+read input
+
+if [ -z "$input" ]; then
+    spi_mode=QIO
+elif [ $input == 1 ]; then
+    spi_mode=QOUT
+elif [ $input == 2 ]; then
+    spi_mode=DIO
+elif [ $input == 3 ]; then
+    spi_mode=DOUT
+else
+    spi_mode=QIO
+fi
+
+echo "spi mode: $spi_mode"
+echo ""
+
+echo "STEP 5: choose spi size and map"
+echo "    0= 512KB( 256KB+ 256KB)"
+echo "    2=1024KB( 512KB+ 512KB)"
+echo "    3=2048KB( 512KB+ 512KB)"
+echo "    4=4096KB( 512KB+ 512KB)"
+echo "    5=2048KB(1024KB+1024KB)"
+echo "    6=4096KB(1024KB+1024KB)"
+echo "    7=4096KB(2048KB+2048KB) not support ,just for compatible with nodeMCU board"
+echo "    8=8192KB(1024KB+1024KB)"
+echo "    9=16384KB(1024KB+1024KB)"
+echo "enter (0/2/3/4/5/6/7/8/9, default 0):"
+read input
+
+if [ -z "$input" ]; then
+    spi_size_map=0
+    echo "spi size: 512KB"
+    echo "spi ota map:  256KB + 256KB"
+elif [ $input == 2 ]; then
+    spi_size_map=2
+    echo "spi size: 1024KB"
+    echo "spi ota map:  512KB + 512KB"
+elif [ $input == 3 ]; then
+    spi_size_map=3
+    echo "spi size: 2048KB"
+    echo "spi ota map:  512KB + 512KB"
+elif [ $input == 4 ]; then
+    spi_size_map=4
+    echo "spi size: 4096KB"
+    echo "spi ota map:  512KB + 512KB"
+elif [ $input == 5 ]; then
+    spi_size_map=5
+    echo "spi size: 2048KB"
+    echo "spi ota map:  1024KB + 1024KB"
+elif [ $input == 6 ]; then
+    spi_size_map=6
+    echo "spi size: 4096KB"
+    echo "spi ota map:  1024KB + 1024KB"
+elif [ $input == 7 ]; then
+    spi_size_map=7
+    echo"not support ,just for compatible with nodeMCU board"
+    exit
+elif [ $input == 8 ]; then
+    spi_size_map=8
+    echo "spi size: 8192KB"
+    echo "spi ota map:  1024KB + 1024KB"
+elif [ $input == 9 ]; then
+    spi_size_map=9
+    echo "spi size: 16384KB"
+    echo "spi ota map:  1024KB + 1024KB"
+else
+    spi_size_map=0
+    echo "spi size: 512KB"
+    echo "spi ota map:  256KB + 256KB"
+fi
+
+echo ""
+
+echo "start..."
+echo ""
+
+make clean
+
+make BOOT=$boot APP=$app SPI_SPEED=$spi_speed SPI_MODE=$spi_mode SPI_SIZE_MAP=$spi_size_map
diff --git a/examples/wolfssl_demo/include/user_config.h b/examples/wolfssl_demo/include/user_config.h
new file mode 100755
index 00000000..801c3c0c
--- /dev/null
+++ b/examples/wolfssl_demo/include/user_config.h
@@ -0,0 +1,32 @@
+/*
+ * ESPRESSIF MIT License
+ *
+ * Copyright (c) 2018 <ESPRESSIF SYSTEMS (SHANGHAI) PTE LTD>
+ *
+ * Permission is hereby granted for use on ESPRESSIF SYSTEMS ESP8266 only, in which case,
+ * it is free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the Software is furnished
+ * to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ */
+
+#ifndef __USER_CONFIG_H__
+#define __USER_CONFIG_H__
+
+#define SSID "TEST001"
+#define PASSWORD "1234567890"
+
+#endif
+
diff --git a/examples/wolfssl_demo/include/wolfssl_client.h b/examples/wolfssl_demo/include/wolfssl_client.h
new file mode 100755
index 00000000..93df93e8
--- /dev/null
+++ b/examples/wolfssl_demo/include/wolfssl_client.h
@@ -0,0 +1,30 @@
+/*
+ * ESPRESSIF MIT License
+ *
+ * Copyright (c) 2018 <ESPRESSIF SYSTEMS (SHANGHAI) PTE LTD>
+ *
+ * Permission is hereby granted for use on ESPRESSIF SYSTEMS ESP8266 only, in which case,
+ * it is free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the Software is furnished
+ * to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ */
+
+#ifndef _WOLFSSL_CLIENT_H_
+#define _WOLFSSL_CLIENT_H_
+
+void user_conn_init(void);
+
+#endif
diff --git a/examples/wolfssl_demo/user/Makefile b/examples/wolfssl_demo/user/Makefile
new file mode 100755
index 00000000..2ff1d1fe
--- /dev/null
+++ b/examples/wolfssl_demo/user/Makefile
@@ -0,0 +1,46 @@
+
+#############################################################
+# Required variables for each makefile
+# Discard this section from all parent makefiles
+# Expected variables (with automatic defaults):
+#   CSRCS (all "C" files in the dir)
+#   SUBDIRS (all subdirs with a Makefile)
+#   GEN_LIBS - list of libs to be generated ()
+#   GEN_IMAGES - list of images to be generated ()
+#   COMPONENTS_xxx - a list of libs/objs in the form
+#     subdir/lib to be extracted and rolled up into
+#     a generated lib/image xxx.a ()
+#
+
+ifndef PDIR
+
+GEN_LIBS = libuser.a
+
+endif
+
+#############################################################
+# Configuration i.e. compile options etc.
+# Target specific stuff (defines etc.) goes in here!
+# Generally values applying to a tree are captured in the
+#   makefile at its root level - these are then overridden
+#   for a subtree within the makefile rooted therein
+#
+#DEFINES += 
+
+#############################################################
+# Recursion Magic - Don't touch this!!
+#
+# Each subtree potentially has an include directory
+#   corresponding to the common APIs applicable to modules
+#   rooted at that subtree. Accordingly, the INCLUDE PATH
+#   of a module can only contain the include directories up
+#   its parent path, and not its siblings
+#
+# Required for each makefile to inherit from the parent
+#
+
+INCLUDES := $(INCLUDES) -I $(PDIR)include
+INCLUDES += -I ./
+PDIR := ../$(PDIR)
+sinclude $(PDIR)Makefile
+
diff --git a/examples/wolfssl_demo/user/user_main.c b/examples/wolfssl_demo/user/user_main.c
new file mode 100755
index 00000000..dd40ef20
--- /dev/null
+++ b/examples/wolfssl_demo/user/user_main.c
@@ -0,0 +1,117 @@
+/*
+ * ESPRESSIF MIT License
+ *
+ * Copyright (c) 2018 <ESPRESSIF SYSTEMS (SHANGHAI) PTE LTD>
+ *
+ * Permission is hereby granted for use on ESPRESSIF SYSTEMS ESP8266 only, in which case,
+ * it is free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the Software is furnished
+ * to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ */
+
+#include "esp_common.h"
+#include "user_config.h"
+
+#include "wolfssl_client.h"
+
+/******************************************************************************
+ * FunctionName : user_rf_cal_sector_set
+ * Description  : SDK just reversed 4 sectors, used for rf init data and paramters.
+ *                We add this function to force users to set rf cal sector, since
+ *                we don't know which sector is free in user's application.
+ *                sector map for last several sectors : ABCCC
+ *                A : rf cal
+ *                B : rf init data
+ *                C : sdk parameters
+ * Parameters   : none
+ * Returns      : rf cal sector
+*******************************************************************************/
+uint32 user_rf_cal_sector_set(void)
+{
+    flash_size_map size_map = system_get_flash_size_map();
+    uint32 rf_cal_sec = 0;
+
+    switch (size_map) {
+        case FLASH_SIZE_4M_MAP_256_256:
+            rf_cal_sec = 128 - 5;
+            break;
+
+        case FLASH_SIZE_8M_MAP_512_512:
+            rf_cal_sec = 256 - 5;
+            break;
+
+        case FLASH_SIZE_16M_MAP_512_512:
+        case FLASH_SIZE_16M_MAP_1024_1024:
+            rf_cal_sec = 512 - 5;
+            break;
+
+        case FLASH_SIZE_32M_MAP_512_512:
+        case FLASH_SIZE_32M_MAP_1024_1024:
+            rf_cal_sec = 1024 - 5;
+            break;
+
+        case FLASH_SIZE_64M_MAP_1024_1024:
+            rf_cal_sec = 2048 - 5;
+            break;
+
+        case FLASH_SIZE_128M_MAP_1024_1024:
+            rf_cal_sec = 4096 - 5;
+            break;
+
+        default:
+            rf_cal_sec = 0;
+            break;
+    }
+
+    return rf_cal_sec;
+}
+
+void wifi_event_handler_cb(System_Event_t* event)
+{
+    if (event == NULL) {
+        return;
+    }
+
+    switch (event->event_id) {
+        case EVENT_STAMODE_GOT_IP:
+            printf("sta got ip\n");
+            user_conn_init();
+            break;
+
+        default:
+            break;
+    }
+}
+
+/******************************************************************************
+ * FunctionName : user_init
+ * Description  : entry of user application, init user function here
+ * Parameters   : none
+ * Returns      : none
+*******************************************************************************/
+void user_init(void)
+{
+    wifi_set_opmode(STATION_MODE);
+
+    // set AP parameter
+    struct station_config config;
+    bzero(&config, sizeof(struct station_config));
+    sprintf(config.ssid, SSID);
+    sprintf(config.password, PASSWORD);
+    wifi_station_set_config(&config);
+
+    wifi_set_event_handler_cb(wifi_event_handler_cb);
+}
diff --git a/examples/wolfssl_demo/user/wolfssl_client.c b/examples/wolfssl_demo/user/wolfssl_client.c
new file mode 100755
index 00000000..c1f724a8
--- /dev/null
+++ b/examples/wolfssl_demo/user/wolfssl_client.c
@@ -0,0 +1,159 @@
+/*
+ * ESPRESSIF MIT License
+ *
+ * Copyright (c) 2018 <ESPRESSIF SYSTEMS (SHANGHAI) PTE LTD>
+ *
+ * Permission is hereby granted for use on ESPRESSIF SYSTEMS ESP8266 only, in which case,
+ * it is free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the Software is furnished
+ * to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ */
+
+#include <stddef.h>
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+
+#include "sys/socket.h"
+#include "netdb.h"
+
+#include <wolfssl/ssl.h>
+
+#define WOLFSSL_DEMO_THREAD_NAME        "wolfssl_client"
+#define WOLFSSL_DEMO_THREAD_STACK_WORDS 512
+#define WOLFSSL_DEMO_THREAD_PRORIOTY    6
+
+#define WOLFSSL_DEMO_TARGET_NAME        "www.baidu.com"
+#define WOLFSSL_DEMO_TARGET_PORT        443
+
+#define WOLFSSL_DEMO_SNTP_SERVERS       "pool.ntp.org"
+
+#define WOLFSSL_EXAMPLE_REQUEST         "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
+
+const char send_data[] = WOLFSSL_EXAMPLE_REQUEST;
+const int send_bytes = sizeof(send_data);
+char recv_data[1024] = {0};
+
+static void wolfssl_client(void* pv)
+{
+    int ret = 0;
+
+    uint32_t current_timestamp = 0;
+    const portTickType xDelay = 500 / portTICK_RATE_MS;
+    WOLFSSL_CTX *ctx = NULL;
+    WOLFSSL *ssl = NULL;
+
+    int socket = -1;
+    struct sockaddr_in sock_addr;
+    struct hostent *entry = NULL;
+
+    /*enable sntp for sync the time*/
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, WOLFSSL_DEMO_SNTP_SERVERS);
+    sntp_init();
+
+    do {
+        current_timestamp = sntp_get_current_timestamp();
+        vTaskDelay(xDelay);
+    } while (current_timestamp == 0);
+
+    /*get addr info for hostname*/
+    do {
+        entry = gethostbyname(WOLFSSL_DEMO_TARGET_NAME);
+        vTaskDelay(xDelay);
+    } while(entry == NULL);
+
+    ret = wolfSSL_Init();
+    if (ret != WOLFSSL_SUCCESS) {
+        goto failed1;
+    }
+
+    ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
+    if (!ctx) {
+        goto failed1;
+    }
+
+    socket = socket(AF_INET, SOCK_STREAM, 0);
+    if (socket < 0) {
+        goto failed2;
+    }
+
+    memset(&sock_addr, 0, sizeof(sock_addr));
+    sock_addr.sin_family = AF_INET;
+    sock_addr.sin_port = htons(WOLFSSL_DEMO_TARGET_PORT);
+    memcpy(&sock_addr.sin_addr.s_addr, entry->h_addr_list[0], entry->h_length);
+
+    ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
+    if (ret) {
+        goto failed3;
+    }
+
+    ssl = wolfSSL_new(ctx);
+    if (!ssl) {
+        goto failed3;
+    }
+
+    wolfSSL_set_fd(ssl, socket);
+
+    wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_NONE, NULL);
+
+    ret = wolfSSL_connect(ssl);
+    if (!ret) {
+        goto failed4;
+    }
+
+    ret = wolfSSL_write(ssl, send_data, send_bytes);
+    if (ret <= 0) {
+        goto failed5;
+    }
+
+    ret = wolfSSL_read(ssl, recv_data, sizeof(recv_data));
+
+    printf("receive: %s\n",recv_data);
+
+failed5:
+    wolfSSL_shutdown(ssl);
+failed4:
+    wolfSSL_free(ssl);
+failed3:
+    close(socket);
+failed2:
+    wolfSSL_CTX_free(ctx);
+failed1:
+    wolfSSL_Cleanup();
+    vTaskDelete(NULL);
+
+    return;
+}
+
+void user_conn_init(void)
+{
+    int ret;
+
+    ret = xTaskCreate(wolfssl_client,
+            WOLFSSL_DEMO_THREAD_NAME,
+            WOLFSSL_DEMO_THREAD_STACK_WORDS,
+            NULL,
+            WOLFSSL_DEMO_THREAD_PRORIOTY,
+            NULL);
+
+    if (ret != pdPASS)  {
+        printf("create thread %s failed\n", WOLFSSL_DEMO_THREAD_NAME);
+        return ;
+    }
+}
+
+