Lerking/micropython
1
0
Fork 0
mirror of https://github.com/micropython/micropython.git synced 2026-01-08 05:00:26 +01:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

extmod/modtls: Move the native ssl module to tls.

Browse Source 
The current `ssl` module has quite a few differences to the CPython
implementation.  This change moves the MicroPython variant to a new `tls`
module and provides a wrapper module for `ssl` (in micropython-lib).

Users who only rely on implemented comparible behavior can continue to use
`ssl`, while users that rely on non-compatible behavior should switch to
`tls`.  Then we can make the facade in `ssl` more strictly adhere to
CPython.

Signed-off-by: Felix Dörre <felix@dogcraft.de>
This commit is contained in:
Felix Dörre
2024-02-01 12:07:06 +00:00
committed by Damien George
parent f8f1f29ac0
commit b802f0f8ab
14 changed files with 49 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/multi_net/sslcontext_server_client_ciphers.py
View File

@@ -3,7 +3,7 @@
try:
import os
import socket
import ssl
import tls
except ImportError:
print("SKIP")
raise SystemExit
@@ -13,6 +13,10 @@ PORT = 8000
# These are test certificates. See tests/README.md for details.
cert = cafile = "ec_cert.der"
key = "ec_key.der"
with open(cafile, "rb") as f:
cadata = f.read()
with open(key, "rb") as f:
keydata = f.read()
try:
os.stat(cafile)
@@ -31,8 +35,8 @@ def instance0():
s.listen(1)
multitest.next()
s2, _ = s.accept()
server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
server_ctx.load_cert_chain(cert, key)
server_ctx = tls.SSLContext(tls.PROTOCOL_TLS_SERVER)
server_ctx.load_cert_chain(cadata, keydata)
s2 = server_ctx.wrap_socket(s2, server_side=True)
assert isinstance(s2.cipher(), tuple)
print(s2.read(16))
@@ -46,12 +50,12 @@ def instance1():
multitest.next()
s = socket.socket()
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
client_ctx = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT)
ciphers = client_ctx.get_ciphers()
assert "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" in ciphers
client_ctx.set_ciphers(["TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"])
client_ctx.verify_mode = ssl.CERT_REQUIRED
client_ctx.load_verify_locations(cafile=cafile)
client_ctx.verify_mode = tls.CERT_REQUIRED
client_ctx.load_verify_locations(cadata)
s = client_ctx.wrap_socket(s, server_hostname="micropython.local")
s.write(b"client to server")
print(s.read(16))