The axTLS implementation of the tls module only has a basic set of
features. In particular it doesn't support the CERT_REQUIRED constant nor
DTLS, nor can it load the `ec_key.der` key when acting as a server. So
skip tests that require these features, which ends up being all the ssl/tls
tests.
Signed-off-by: Damien George <damien@micropython.org>
Previously, any test needing an SSL certificate file would automatically
skip if the file could not be found. But that makes it too easy to
accidentally skip tests.
Instead, change it so that the test fails if the certificate file doesn't
exist. That matches, for example, the fact that the test fails if
networking (LAN, WiFi) is not active.
Signed-off-by: Damien George <damien@micropython.org>
Changes include:
- Some mbedtls source files renamed or deprecated.
- Our `mbedtls_config.h` files are renamed to `mbedtls_config_port.h`, so
they don't clash with mbedtls's new default configuration file named
`mbedtls_config.h`.
- MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE is deprecated.
- MBEDTLS_HAVE_TIME now requires an `mbedtls_ms_time` function to be
defined but it's only used for TLSv1.3 (currently not enabled in
MicroPython so there is a lazy implementation, i.e. seconds * 1000).
- `tests/multi_net/ssl_data.py` is removed (due to deprecation of
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE), there are the existing
`ssl_cert_rsa.py` and `sslcontext_server_client.py` tests which do very
similar, simple SSL data transfer.
- Tests now use an EC key by default (they are smaller and faster), and the
RSA key has been regenerated due to the old PKCS encoding used by openssl
rsa command, see
https://stackoverflow.com/questions/40822328/openssl-rsa-key-pem-and-der-conversion-does-not-match
(and `tests/README.md` has been updated accordingly).
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
Damien George
Carlosgg