mirror of
https://github.com/licsber/micropython.git
synced 2024-09-20 09:00:23 +08:00
f3f215e9bd
This commit adds: 1) Methods to SSLContext class that match CPython signature: - `SSLContext.load_cert_chain(certfile, keyfile)` - `SSLContext.load_verify_locations(cafile=, cadata=)` - `SSLContext.get_ciphers()` --> ["CIPHERSUITE"] - `SSLContext.set_ciphers(["CIPHERSUITE"])` 2) `sslsocket.cipher()` to get current ciphersuite and protocol version. 3) `ssl.MBEDTLS_VERSION` string constant. 4) Certificate verification errors info instead of `MBEDTLS_ERR_X509_CERT_VERIFY_FAILED`. 5) Tests in `net_inet` and `multi_net` to test these new methods. `SSLContext.load_cert_chain` method allows loading key and cert from disk passing a filepath in `certfile` or `keyfile` options. `SSLContext.load_verify_locations`'s `cafile` option enables the same functionality for ca files. Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
59 lines
1.5 KiB
Python
59 lines
1.5 KiB
Python
# Test creating an SSL connection with an expired certificate.
|
|
|
|
try:
|
|
import os
|
|
import socket
|
|
import ssl
|
|
except ImportError:
|
|
print("SKIP")
|
|
raise SystemExit
|
|
|
|
PORT = 8000
|
|
|
|
# These are test certificates. See tests/README.md for details.
|
|
cert = cafile = "multi_net/expired_cert.der"
|
|
key = "multi_net/rsa_key.der"
|
|
|
|
try:
|
|
os.stat(cafile)
|
|
os.stat(key)
|
|
except OSError:
|
|
print("SKIP")
|
|
raise SystemExit
|
|
|
|
|
|
# Server
|
|
def instance0():
|
|
multitest.globals(IP=multitest.get_network_ip())
|
|
s = socket.socket()
|
|
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
|
s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1])
|
|
s.listen(1)
|
|
multitest.next()
|
|
s2, _ = s.accept()
|
|
server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
|
server_ctx.load_cert_chain(cert, key)
|
|
try:
|
|
s2 = server_ctx.wrap_socket(s2, server_side=True)
|
|
except Exception as e:
|
|
print(e)
|
|
multitest.broadcast("finished")
|
|
s.close()
|
|
|
|
|
|
# Client
|
|
def instance1():
|
|
multitest.next()
|
|
s = socket.socket()
|
|
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
|
|
client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
client_ctx.verify_mode = ssl.CERT_REQUIRED
|
|
client_ctx.load_verify_locations(cafile=cafile)
|
|
try:
|
|
s = client_ctx.wrap_socket(s, server_hostname="micropython.local")
|
|
except Exception as e:
|
|
print(e)
|
|
# Don't close the socket until the server has seen our SSL rejection.
|
|
multitest.wait("finished")
|
|
s.close()
|