mirror of
https://github.com/licsber/micropython.git
synced 2024-09-20 09:00:23 +08:00
ef996d15b9
And only enable this method when the relevant feature is available in mbedtls. Otherwise, if mbedtls doesn't support getting the peer certificate, this method always returns None and it's confusing why it does that. It's better to remove the method altogether, so the error trying to use it is more obvious. Signed-off-by: Damien George <damien@micropython.org>
63 lines
1.6 KiB
Python
63 lines
1.6 KiB
Python
# Test creating an SSL connection and getting the peer certificate.
|
|
|
|
try:
|
|
import io
|
|
import os
|
|
import socket
|
|
import ssl
|
|
except ImportError:
|
|
print("SKIP")
|
|
raise SystemExit
|
|
|
|
PORT = 8000
|
|
|
|
# These are test certificates. See tests/README.md for details.
|
|
cert = cafile = "multi_net/rsa_cert.der"
|
|
key = "multi_net/rsa_key.der"
|
|
|
|
try:
|
|
os.stat(cafile)
|
|
os.stat(key)
|
|
except OSError:
|
|
print("SKIP")
|
|
raise SystemExit
|
|
|
|
|
|
# Server
|
|
def instance0():
|
|
multitest.globals(IP=multitest.get_network_ip())
|
|
s = socket.socket()
|
|
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
|
s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1])
|
|
s.listen(1)
|
|
multitest.next()
|
|
s2, _ = s.accept()
|
|
server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
|
server_ctx.load_cert_chain(cert, key)
|
|
s2 = server_ctx.wrap_socket(s2, server_side=True)
|
|
print(s2.read(16))
|
|
s2.write(b"server to client")
|
|
s2.close()
|
|
s.close()
|
|
|
|
|
|
# Client
|
|
def instance1():
|
|
s_test = ssl.wrap_socket(io.BytesIO(), server_side=True, do_handshake=False)
|
|
s_test.close()
|
|
if not hasattr(s_test, "getpeercert"):
|
|
print("SKIP")
|
|
raise SystemExit
|
|
|
|
multitest.next()
|
|
s = socket.socket()
|
|
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
|
|
client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
client_ctx.verify_mode = ssl.CERT_REQUIRED
|
|
client_ctx.load_verify_locations(cafile=cafile)
|
|
s = client_ctx.wrap_socket(s, server_hostname="micropython.local")
|
|
print(s.getpeercert(True).hex())
|
|
s.write(b"client to server")
|
|
print(s.read(16))
|
|
s.close()
|