Previously, mpycert.der was the Intermediate certificate which is regularly
re-issued by Letsencrypt.
Also changes ssl_cert.py to load the cert data from the same file as
test_sslcontext_client.py, so the DER string doesn't have to be pasted
into the source.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
The Let's Encrypt root certificate has changed so needs updating in these
tests.
Also use `bytes.fromhex()` instead of `binascii.unhexlify()`, to eliminate
the need for the `binascii` module. Both of these features are controlled
by `MICROPY_PY_BUILTINS_BYTES_HEX`, so the test will still work on the same
targets that it previously did.
Signed-off-by: Damien George <damien@micropython.org>
Add cert_reqs and cadata keyword-args to ssl.wrap_socket() and
ssl.CERT_NONE, ssl.CERT_OPTIONAL, ssl.CERT_REQUIRED constants to allow
certificate validation.
CPython doesn't accept cadata in ssl.wrap_socket(), but it does in
SSLContext.load_verify_locations(), so we use this name to at least match
the same name in load_verify_locations().
Add docs for these new arguments, as well as docs for the existing
server_hostname argument which is important for certificate validation.
Tests are added as well.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
Angus Gratton
Damien George
Jim Mussared
Carlosgg