diff options
| author | Carlosgg <carlosgilglez@gmail.com> | 2023-09-07 23:37:20 +0100 |
|---|---|---|
| committer | Damien George <damien@micropython.org> | 2023-12-14 13:06:39 +1100 |
| commit | 05d3b223011a88a10c806be866db8e0d29f1e348 (patch) | |
| tree | 056faa4aec93513f0328895607a9bb77c9b35370 /docs/library/ssl.rst | |
| parent | bfd6ad94ff950a4b7e3a2125db1539c5e4ca333a (diff) | |
docs/library: Document SSLContext cert methods and asyncio support.
Add `load_cert_chain`, `load_verify_locations`, `get_ciphers` and
`set_ciphers` SSLContext methods in ssl library, and update asyncio
`open_connection` and `start_server` methods with ssl support.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
Diffstat (limited to 'docs/library/ssl.rst')
| -rw-r--r-- | docs/library/ssl.rst | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/docs/library/ssl.rst b/docs/library/ssl.rst index e3dfa9d99..f9be27745 100644 --- a/docs/library/ssl.rst +++ b/docs/library/ssl.rst @@ -39,6 +39,33 @@ class SSLContext Create a new SSLContext instance. The *protocol* argument must be one of the ``PROTOCOL_*`` constants. +.. method:: SSLContext.load_cert_chain(certfile, keyfile) + + Load a private key and the corresponding certificate. The *certfile* is a string + with the file path of the certificate. The *keyfile* is a string with the file path + of the private key. + + .. admonition:: Difference to CPython + :class: attention + + MicroPython extension: *certfile* and *keyfile* can be bytes objects instead of + strings, in which case they are interpreted as the actual certificate/key data. + +.. method:: SSLContext.load_verify_locations(cafile=None, cadata=None) + + Load the CA certificate chain that will validate the peer's certificate. + *cafile* is the file path of the CA certificates. *cadata* is a bytes object + containing the CA certificates. Only one of these arguments should be provided. + +.. method:: SSLContext.get_ciphers() + + Get a list of enabled ciphers, returned as a list of strings. + +.. method:: SSLContext.set_ciphers(ciphers) + + Set the available ciphers for sockets created with this context. *ciphers* should be + a list of strings in the `IANA cipher suite format <https://wiki.mozilla.org/Security/Cipher_Suites>`_ . + .. method:: SSLContext.wrap_socket(sock, *, server_side=False, do_handshake_on_connect=True, server_hostname=None) Takes a `stream` *sock* (usually socket.socket instance of ``SOCK_STREAM`` type), @@ -77,6 +104,12 @@ class SSLContext Set or get the behaviour for verification of peer certificates. Must be one of the ``CERT_*`` constants. +.. note:: + + ``ssl.CERT_REQUIRED`` requires the device's date/time to be properly set, e.g. using + `mpremote rtc --set <mpremote_command_rtc>` or ``ntptime``, and ``server_hostname`` + must be specified when on the client side. + Exceptions ---------- |