Previously, mpycert.der was the Intermediate certificate which is regularly
re-issued by Letsencrypt.
Also changes ssl_cert.py to load the cert data from the same file as
test_sslcontext_client.py, so the DER string doesn't have to be pasted
into the source.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
Previously, any test needing an SSL certificate file would automatically
skip if the file could not be found. But that makes it too easy to
accidentally skip tests.
Instead, change it so that the test fails if the certificate file doesn't
exist. That matches, for example, the fact that the test fails if
networking (LAN, WiFi) is not active.
Signed-off-by: Damien George <damien@micropython.org>
The Let's Encrypt root certificate has changed so needs updating in these
tests.
Also use `bytes.fromhex()` instead of `binascii.unhexlify()`, to eliminate
the need for the `binascii` module. Both of these features are controlled
by `MICROPY_PY_BUILTINS_BYTES_HEX`, so the test will still work on the same
targets that it previously did.
Signed-off-by: Damien George <damien@micropython.org>
This commit adds:
1) Methods to SSLContext class that match CPython signature:
- `SSLContext.load_cert_chain(certfile, keyfile)`
- `SSLContext.load_verify_locations(cafile=, cadata=)`
- `SSLContext.get_ciphers()` --> ["CIPHERSUITE"]
- `SSLContext.set_ciphers(["CIPHERSUITE"])`
2) `sslsocket.cipher()` to get current ciphersuite and protocol
version.
3) `ssl.MBEDTLS_VERSION` string constant.
4) Certificate verification errors info instead of
`MBEDTLS_ERR_X509_CERT_VERIFY_FAILED`.
5) Tests in `net_inet` and `multi_net` to test these new methods.
`SSLContext.load_cert_chain` method allows loading key and cert from disk
passing a filepath in `certfile` or `keyfile` options.
`SSLContext.load_verify_locations`'s `cafile` option enables the same
functionality for ca files.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
Angus Gratton
Damien George
Carlosgg