diff options
| author | Carlosgg <carlosgilglez@gmail.com> | 2023-06-27 03:00:00 +0100 |
|---|---|---|
| committer | Damien George <damien@micropython.org> | 2023-12-12 16:25:07 +1100 |
| commit | f3f215e9bdf138fa6f94fb376ed72c25641aa298 (patch) | |
| tree | da216dfa978c229fba319f97eebe2cca6ee5a24e /tests/multi_net/sslcontext_server_client_ciphers.py | |
| parent | 4365edb810aa0e54eb91d201eb5bf0436c86c4b3 (diff) | |
| download | micropython-f3f215e9bdf138fa6f94fb376ed72c25641aa298.tar.gz micropython-f3f215e9bdf138fa6f94fb376ed72c25641aa298.zip | |
extmod/modssl_mbedtls: Add SSLContext certificate methods.
This commit adds:
1) Methods to SSLContext class that match CPython signature:
- `SSLContext.load_cert_chain(certfile, keyfile)`
- `SSLContext.load_verify_locations(cafile=, cadata=)`
- `SSLContext.get_ciphers()` --> ["CIPHERSUITE"]
- `SSLContext.set_ciphers(["CIPHERSUITE"])`
2) `sslsocket.cipher()` to get current ciphersuite and protocol
version.
3) `ssl.MBEDTLS_VERSION` string constant.
4) Certificate verification errors info instead of
`MBEDTLS_ERR_X509_CERT_VERIFY_FAILED`.
5) Tests in `net_inet` and `multi_net` to test these new methods.
`SSLContext.load_cert_chain` method allows loading key and cert from disk
passing a filepath in `certfile` or `keyfile` options.
`SSLContext.load_verify_locations`'s `cafile` option enables the same
functionality for ca files.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
Diffstat (limited to 'tests/multi_net/sslcontext_server_client_ciphers.py')
| -rw-r--r-- | tests/multi_net/sslcontext_server_client_ciphers.py | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/tests/multi_net/sslcontext_server_client_ciphers.py b/tests/multi_net/sslcontext_server_client_ciphers.py new file mode 100644 index 0000000000..e2de4e6ad4 --- /dev/null +++ b/tests/multi_net/sslcontext_server_client_ciphers.py @@ -0,0 +1,58 @@ +# Test creating an SSL connection with specified ciphers. + +try: + import os + import socket + import ssl +except ImportError: + print("SKIP") + raise SystemExit + +PORT = 8000 + +# These are test certificates. See tests/README.md for details. +cert = cafile = "multi_net/rsa_cert.der" +key = "multi_net/rsa_key.der" + +try: + os.stat(cafile) + os.stat(key) +except OSError: + print("SKIP") + raise SystemExit + + +# Server +def instance0(): + multitest.globals(IP=multitest.get_network_ip()) + s = socket.socket() + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1]) + s.listen(1) + multitest.next() + s2, _ = s.accept() + server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + server_ctx.load_cert_chain(cert, key) + s2 = server_ctx.wrap_socket(s2, server_side=True) + assert isinstance(s2.cipher(), tuple) + print(s2.read(16)) + s2.write(b"server to client") + s2.close() + s.close() + + +# Client +def instance1(): + multitest.next() + s = socket.socket() + s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) + client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + ciphers = client_ctx.get_ciphers() + assert "TLS-RSA-WITH-AES-256-CBC-SHA256" in ciphers + client_ctx.set_ciphers(["TLS-RSA-WITH-AES-256-CBC-SHA256"]) + client_ctx.verify_mode = ssl.CERT_REQUIRED + client_ctx.load_verify_locations(cafile=cafile) + s = client_ctx.wrap_socket(s, server_hostname="micropython.local") + s.write(b"client to server") + print(s.read(16)) + s.close() |