tests: Update SSL network tests to use SSLContext, and work on CPython.

Changes are: - use ssl.SSLContext.wrap_socket instead of ssl.wrap_socket - disable check_hostname and call load_default_certs() where appropriate, to get CPython to run the tests correctly - pass socket.AF_INET to getaddrinfo and socket.socket(), to force IPv4 - change tests to use github.com instead of google.com, because certificate validation was failing with google.com Signed-off-by: Damien George <damien@micropython.org>
author: Damien George <damien@micropython.org> 2023-12-12 17:17:22 +1100
committer: Damien George <damien@micropython.org> 2023-12-12 21:22:10 +1100
commit: bba8a673d5ed6ad4404502c32dac003ad9d59bde (patch)
tree: 258d603836d05811b328bade1d99c81fb34af9d8 /tests/net_inet/ssl_errors.py
parent: ef996d15b9cbadee591a185f27fb16e90a5d4f5d (diff)
1 files changed, 16 insertions, 12 deletions
diff --git a/tests/net_inet/ssl_errors.py b/tests/net_inet/ssl_errors.py
index 65f3637e9..bc4e5910b 100644
--- a/tests/net_inet/ssl_errors.py
+++ b/tests/net_inet/ssl_errors.py
@@ -1,12 +1,12 @@
 # test that socket.connect() on a non-blocking socket raises EINPROGRESS
 # and that an immediate write/send/read/recv does the right thing
 
-import sys, errno, socket, ssl
+import sys, errno, select, socket, ssl
 
 
 def test(addr, hostname, block=True):
-    print("---", hostname or addr)
-    s = socket.socket()
+    print("---", hostname)
+    s = socket.socket(socket.AF_INET)
     s.setblocking(block)
     try:
         s.connect(addr)
@@ -16,11 +16,15 @@ def test(addr, hostname, block=True):
             raise
         print("EINPROGRESS")
 
+    if sys.implementation.name != "micropython":
+        # in CPython we have to wait, otherwise wrap_socket is not happy
+        select.select([], [s], [])
+
+    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+    ssl_context.verify_mode = ssl.CERT_REQUIRED
+
     try:
-        if sys.implementation.name == "micropython":
-            s = ssl.wrap_socket(s, do_handshake=block)
-        else:
-            s = ssl.wrap_socket(s, do_handshake_on_connect=block)
+        s = ssl_context.wrap_socket(s, do_handshake_on_connect=block, server_hostname=hostname)
         print("wrap: True")
     except OSError:
         print("wrap: error")
@@ -36,11 +40,11 @@ def test(addr, hostname, block=True):
 
 if __name__ == "__main__":
     # connect to plain HTTP port, oops!
-    addr = socket.getaddrinfo("micropython.org", 80)[0][-1]
-    test(addr, None)
+    addr = socket.getaddrinfo("micropython.org", 80, socket.AF_INET)[0][-1]
+    test(addr, "micropython.org")
     # connect to plain HTTP port, oops!
-    addr = socket.getaddrinfo("micropython.org", 80)[0][-1]
-    test(addr, None, False)
+    addr = socket.getaddrinfo("micropython.org", 80, socket.AF_INET)[0][-1]
+    test(addr, "micropython.org", False)
     # connect to server with self-signed cert, oops!
-    addr = socket.getaddrinfo("test.mosquitto.org", 8883)[0][-1]
+    addr = socket.getaddrinfo("test.mosquitto.org", 8883, socket.AF_INET)[0][-1]
     test(addr, "test.mosquitto.org")
author	Damien George <damien@micropython.org>	2023-12-12 17:17:22 +1100
committer	Damien George <damien@micropython.org>	2023-12-12 21:22:10 +1100
commit	bba8a673d5ed6ad4404502c32dac003ad9d59bde (patch)
tree	258d603836d05811b328bade1d99c81fb34af9d8 /tests/net_inet/ssl_errors.py
parent	ef996d15b9cbadee591a185f27fb16e90a5d4f5d (diff)