diff options
| author | Damien George <damien@micropython.org> | 2023-06-25 01:06:00 +1000 |
|---|---|---|
| committer | Damien George <damien@micropython.org> | 2023-06-26 16:34:41 +1000 |
| commit | e8a4c1dd537c7ccfba92936c6eee9d5cf529be9e (patch) | |
| tree | 4729952a6d39317b3e73ffad4d7fa78a1a405d2f /tests | |
| parent | c2ea8b2f98c6e2a00f78f9ab14754f53c257302e (diff) | |
extmod/modssl: Add SSLContext class.
This commit adds the SSLContext class to the ssl module, and retains the
existing ssl.wrap_socket() function to maintain backwards compatibility.
CPython deprecated the ssl.wrap_socket() function since CPython 3.7 and
instead one should use ssl.SSLContext().wrap_socket(). This commit makes
that possible.
For the axtls implementation:
- ssl.SSLContext is added, although it doesn't hold much state because
axtls requires calling ssl_ctx_new() for each new socket
- ssl.SSLContext.wrap_socket() is added
- ssl.PROTOCOL_TLS_CLIENT and ssl.PROTOCOL_TLS_SERVER are added
For the mbedtls implementation:
- ssl.SSLContext is added, and holds most of the mbedtls state
- ssl.verify_mode is added (getter and setter)
- ssl.SSLContext.wrap_socket() is added
- ssl.PROTOCOL_TLS_CLIENT and ssl.PROTOCOL_TLS_SERVER are added
The signatures match CPython:
- SSLContext(protocol)
- SSLContext.wrap_socket(sock, *, server_side=False,
do_handshake_on_connect=True, server_hostname=None)
The existing ssl.wrap_socket() functions retain their existing signature.
Signed-off-by: Damien George <damien@micropython.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/extmod/ssl_basic.py | 2 | ||||
| -rw-r--r-- | tests/extmod/ssl_basic.py.exp | 2 | ||||
| -rw-r--r-- | tests/net_inet/test_tls_sites.py | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/tests/extmod/ssl_basic.py b/tests/extmod/ssl_basic.py index d035798c9..95e66e0ca 100644 --- a/tests/extmod/ssl_basic.py +++ b/tests/extmod/ssl_basic.py @@ -33,7 +33,7 @@ except OSError as er: ss = ssl.wrap_socket(TestSocket(), server_side=1, do_handshake=0) # print -print(repr(ss)[:12]) +print(ss) # setblocking() propagates call to the underlying stream object ss.setblocking(False) diff --git a/tests/extmod/ssl_basic.py.exp b/tests/extmod/ssl_basic.py.exp index 30bfd3a43..1a10a1861 100644 --- a/tests/extmod/ssl_basic.py.exp +++ b/tests/extmod/ssl_basic.py.exp @@ -1,5 +1,5 @@ OSError: client -<_SSLSocket +<SSLSocket> TestSocket.setblocking(False) TestSocket.setblocking(True) TestSocket.ioctl 4 0 diff --git a/tests/net_inet/test_tls_sites.py b/tests/net_inet/test_tls_sites.py index f9a3dc86d..4f457b3ab 100644 --- a/tests/net_inet/test_tls_sites.py +++ b/tests/net_inet/test_tls_sites.py @@ -3,7 +3,7 @@ import ssl # CPython only supports server_hostname with SSLContext if hasattr(ssl, "SSLContext"): - ssl = ssl.SSLContext() + ssl = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) def test_one(site, opts): |