docs/ussl: Add basic description of axTLS-based modussl.
In particular, disclose the fact that server certificates are not validated.
This commit is contained in:
Paul Sokolovsky
parent
cb7693bab4
commit
bca4c9e465
|
|
@ -8,6 +8,29 @@ This module provides access to Transport Layer Security (often known as
|
||||||
“Secure Sockets Layer”) encryption and peer authentication facilities for
|
“Secure Sockets Layer”) encryption and peer authentication facilities for
|
||||||
network sockets, both client-side and server-side.
|
network sockets, both client-side and server-side.
|
||||||
|
|
||||||
|
.. only:: not port_wipy
|
||||||
|
|
||||||
|
Functions
|
||||||
|
---------
|
||||||
|
|
||||||
|
.. function:: ssl.wrap_socket(sock, server_side=False)
|
||||||
|
|
||||||
|
Takes a stream `sock` (usually usocket.socket instance of ``SOCK_STREAM`` type),
|
||||||
|
and returns an instance of ssl.SSLSocket, which wraps the underlying stream in
|
||||||
|
an SSL context. Returned object has the usual stream interface methods like
|
||||||
|
`read()`, `write()`, etc. In MicroPython, the returned object does not expose
|
||||||
|
socket interface and methods like `recv()`, `send()`. In particular, a
|
||||||
|
server-side SSL socket should be created from a normal socket returned from
|
||||||
|
`accept()` on a non-SSL listening server socket.
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
Currently, this function does NOT validate server certificates, which makes
|
||||||
|
an SSL connection established prone to man-in-the-middle attacks.
|
||||||
|
|
||||||
|
|
||||||
|
.. only:: port_wipy
|
||||||
|
|
||||||
Functions
|
Functions
|
||||||
---------
|
---------
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue