diff options
| author | Carlosgg <carlosgilglez@gmail.com> | 2023-06-27 03:00:00 +0100 |
|---|---|---|
| committer | Damien George <damien@micropython.org> | 2023-12-12 16:25:07 +1100 |
| commit | f3f215e9bdf138fa6f94fb376ed72c25641aa298 (patch) | |
| tree | da216dfa978c229fba319f97eebe2cca6ee5a24e /tests/multi_net/sslcontext_server_client.py | |
| parent | 4365edb810aa0e54eb91d201eb5bf0436c86c4b3 (diff) | |
extmod/modssl_mbedtls: Add SSLContext certificate methods.
This commit adds:
1) Methods to SSLContext class that match CPython signature:
- `SSLContext.load_cert_chain(certfile, keyfile)`
- `SSLContext.load_verify_locations(cafile=, cadata=)`
- `SSLContext.get_ciphers()` --> ["CIPHERSUITE"]
- `SSLContext.set_ciphers(["CIPHERSUITE"])`
2) `sslsocket.cipher()` to get current ciphersuite and protocol
version.
3) `ssl.MBEDTLS_VERSION` string constant.
4) Certificate verification errors info instead of
`MBEDTLS_ERR_X509_CERT_VERIFY_FAILED`.
5) Tests in `net_inet` and `multi_net` to test these new methods.
`SSLContext.load_cert_chain` method allows loading key and cert from disk
passing a filepath in `certfile` or `keyfile` options.
`SSLContext.load_verify_locations`'s `cafile` option enables the same
functionality for ca files.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
Diffstat (limited to 'tests/multi_net/sslcontext_server_client.py')
| -rw-r--r-- | tests/multi_net/sslcontext_server_client.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/tests/multi_net/sslcontext_server_client.py b/tests/multi_net/sslcontext_server_client.py new file mode 100644 index 000000000..4d2ac06c5 --- /dev/null +++ b/tests/multi_net/sslcontext_server_client.py @@ -0,0 +1,60 @@ +# Test creating an SSL connection with certificates as bytes objects. + +try: + import os + import socket + import ssl +except ImportError: + print("SKIP") + raise SystemExit + +PORT = 8000 + +# These are test certificates. See tests/README.md for details. +certfile = "multi_net/rsa_cert.der" +keyfile = "multi_net/rsa_key.der" + +try: + os.stat(certfile) + os.stat(keyfile) +except OSError: + print("SKIP") + raise SystemExit + +with open(certfile, "rb") as cf: + cert = cadata = cf.read() + +with open(keyfile, "rb") as kf: + key = kf.read() + + +# Server +def instance0(): + multitest.globals(IP=multitest.get_network_ip()) + s = socket.socket() + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1]) + s.listen(1) + multitest.next() + s2, _ = s.accept() + server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + server_ctx.load_cert_chain(cert, key) + s2 = server_ctx.wrap_socket(s2, server_side=True) + print(s2.read(16)) + s2.write(b"server to client") + s2.close() + s.close() + + +# Client +def instance1(): + multitest.next() + s = socket.socket() + s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) + client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + client_ctx.verify_mode = ssl.CERT_REQUIRED + client_ctx.load_verify_locations(cadata=cadata) + s = client_ctx.wrap_socket(s, server_hostname="micropython.local") + s.write(b"client to server") + print(s.read(16)) + s.close() |