From a0d97fe40872b46872657bedc0e47cfd704c59aa Mon Sep 17 00:00:00 2001
From: daniel <daniel@pycom.io>
Date: Sat, 1 Oct 2016 21:35:09 +0200
Subject: [PATCH] cc3200: Add ssl_version argument to ssl.wrap_socket().

This resolves issue #2343.
---
 cc3200/mods/modussl.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/cc3200/mods/modussl.c b/cc3200/mods/modussl.c
index 1ae45d632d..1f27bdd21f 100644
--- a/cc3200/mods/modussl.c
+++ b/cc3200/mods/modussl.c
@@ -78,6 +78,7 @@ STATIC mp_obj_t mod_ssl_wrap_socket(mp_uint_t n_args, const mp_obj_t *pos_args,
         { MP_QSTR_certfile,         MP_ARG_KW_ONLY  | MP_ARG_OBJ,  {.u_obj = mp_const_none} },
         { MP_QSTR_server_side,      MP_ARG_KW_ONLY  | MP_ARG_BOOL, {.u_bool = false} },
         { MP_QSTR_cert_reqs,        MP_ARG_KW_ONLY  | MP_ARG_INT,  {.u_int = SSL_CERT_NONE} },
+        { MP_QSTR_ssl_version,      MP_ARG_KW_ONLY  | MP_ARG_INT,  {.u_int = SL_SO_SEC_METHOD_TLSV1} },
         { MP_QSTR_ca_certs,         MP_ARG_KW_ONLY  | MP_ARG_OBJ,  {.u_obj = mp_const_none} },
     };
 
@@ -93,17 +94,19 @@ STATIC mp_obj_t mod_ssl_wrap_socket(mp_uint_t n_args, const mp_obj_t *pos_args,
     // retrieve the file paths (with an 6 byte offset in order to strip it from the '/flash' prefix)
     const char *keyfile  = (args[1].u_obj == mp_const_none) ? NULL : &(mp_obj_str_get_str(args[1].u_obj)[6]);
     const char *certfile = (args[2].u_obj == mp_const_none) ? NULL : &(mp_obj_str_get_str(args[2].u_obj)[6]);
-    const char *cafile   = (args[5].u_obj == mp_const_none || args[4].u_int != SSL_CERT_REQUIRED) ?
-                           NULL : &(mp_obj_str_get_str(args[5].u_obj)[6]);
+    const char *cafile   = (args[6].u_obj == mp_const_none || args[4].u_int != SSL_CERT_REQUIRED) ?
+                           NULL : &(mp_obj_str_get_str(args[6].u_obj)[6]);
 
     // server side requires both certfile and keyfile
     if (args[3].u_bool && (!keyfile || !certfile)) {
         goto arg_error;
     }
 
-    _i16 sd = ((mod_network_socket_obj_t *)args[0].u_obj)->sock_base.sd;
     _i16 _errno;
-    _u8 method = SL_SO_SEC_METHOD_TLSV1;
+    _i16 sd = ((mod_network_socket_obj_t *)args[0].u_obj)->sock_base.sd;
+
+    // set the requested SSL method
+    _u8 method = args[5].u_int;
     if ((_errno = sl_SetSockOpt(sd, SL_SOL_SOCKET, SL_SO_SECMETHOD, &method, sizeof(method))) < 0) {
         goto socket_error;
     }
@@ -146,6 +149,11 @@ STATIC const mp_map_elem_t mp_module_ussl_globals_table[] = {
     { MP_OBJ_NEW_QSTR(MP_QSTR_CERT_NONE),           MP_OBJ_NEW_SMALL_INT(SSL_CERT_NONE) },
     { MP_OBJ_NEW_QSTR(MP_QSTR_CERT_OPTIONAL),       MP_OBJ_NEW_SMALL_INT(SSL_CERT_OPTIONAL) },
     { MP_OBJ_NEW_QSTR(MP_QSTR_CERT_REQUIRED),       MP_OBJ_NEW_SMALL_INT(SSL_CERT_REQUIRED) },
+
+    { MP_OBJ_NEW_QSTR(MP_QSTR_PROTOCOL_SSLv3),      MP_OBJ_NEW_SMALL_INT(SL_SO_SEC_METHOD_SSLV3) },
+    { MP_OBJ_NEW_QSTR(MP_QSTR_PROTOCOL_TLSv1),      MP_OBJ_NEW_SMALL_INT(SL_SO_SEC_METHOD_TLSV1) },
+    { MP_OBJ_NEW_QSTR(MP_QSTR_PROTOCOL_TLSv1_1),    MP_OBJ_NEW_SMALL_INT(SL_SO_SEC_METHOD_TLSV1_1) },
+    { MP_OBJ_NEW_QSTR(MP_QSTR_PROTOCOL_TLSv1_2),    MP_OBJ_NEW_SMALL_INT(SL_SO_SEC_METHOD_TLSV1_2) },
 };
 
 STATIC MP_DEFINE_CONST_DICT(mp_module_ussl_globals, mp_module_ussl_globals_table);