extmod/modtls_mbedtls: Implement cert verification callback for mbedtls.

This is a useful alternative to .getpeercert() when the certificate is not stored to reduce RAM usage. Signed-off-by: Felix Dörre <felix@dogcraft.de>
2026-01-06 04:00:28 +01:00 · 2024-02-01 09:22:56 +00:00
parent b802f0f8ab
commit aaba1d8a6c
5 changed files with 133 additions and 0 deletions
--- a/tests/net_hosted/ssl_verify_callback.py
+++ b/tests/net_hosted/ssl_verify_callback.py
@@ -0,0 +1,37 @@
+# test ssl verify_callback
+
+import io
+import socket
+import tls
+
+
+def verify_callback(cert, depth):
+    print("verify_callback:", type(cert), len(cert) > 100, depth)
+    return 0
+
+
+def verify_callback_fail(cert, depth):
+    print("verify_callback_fail:", type(cert), len(cert) > 100, depth)
+    return 1
+
+
+def test(peer_addr):
+    context = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT)
+    context.verify_mode = tls.CERT_OPTIONAL
+    context.verify_callback = verify_callback
+    s = socket.socket()
+    s.connect(peer_addr)
+    s = context.wrap_socket(s)
+    s.close()
+
+    context.verify_callback = verify_callback_fail
+    s = socket.socket()
+    s.connect(peer_addr)
+    try:
+        s = context.wrap_socket(s)
+    except OSError as e:
+        print(e.args[1])
+
+
+if __name__ == "__main__":
+    test(socket.getaddrinfo("micropython.org", 443)[0][-1])