Commit Graph

29088 Commits

Author SHA1 Message Date
Hosted Weblate
8bffdb430e
Merge remote-tracking branch 'origin/main' 2022-10-11 06:56:13 +02:00
MicroDev
ebe49db909
Merge pull request #7029 from jepler/client-certificate
Add support for SSL client certificate (load_cert_chain) and self-signed certificate (load_verify_locations)
2022-10-11 10:26:06 +05:30
Jeff Epler
0c8b261ec9
picow: Add support of self-signed certificates.
## Testing self-signed certificates and `load_verify_locations`

Obtain the badssl "self-signed" certificate in the correct form:

```sh
openssl s_client -servername self-signed.badssl.com -connect untrusted-root.badssl.com:443 < /dev/null | openssl x509 > self-signed.pem
```

Copy it and the script to CIRCUITPY:
```python
import os
import wifi
import socketpool
import ssl
import adafruit_requests

TEXT_URL = "https://self-signed.badssl.com/"
if not wifi.radio.ipv4_address:
    wifi.radio.connect(os.getenv('WIFI_SSID'), os.getenv('WIFI_PASSWORD'))

pool = socketpool.SocketPool(wifi.radio)
context = ssl.create_default_context()
requests = adafruit_requests.Session(pool, context)

print(f"Fetching from {TEXT_URL} without certificate (should fail)")
try:
    response = requests.get(TEXT_URL)
except Exception as e:
    print(f"Failed: {e}")
else:
    print(f"{response.status_code=}, should have failed with exception")

print("Loading server certificate")
with open("/self-signed.pem", "rb") as certfile:
    context.load_verify_locations(cadata=certfile.read())
requests = adafruit_requests.Session(pool, context)

print(f"Fetching from {TEXT_URL} with certificate (should succeed)")
try:
    response = requests.get(TEXT_URL)
except Exception as e:
    print(f"Unexpected exception: {e}")
else:
    print(f"{response.status_code=}, should be 200 OK")
```
2022-10-10 15:53:56 -05:00
Jeff Epler
c98174eea5
Add support for SSL client certificate (load_cert_chain)
Tested with badssl.com:

 1. Get client certificates from https://badssl.com/download/
 2. Convert public portion with `openssl x509 -in badssl.com-client.pem -out CIRCUITPY/cert.pem`
 3. Convert private portion with `openssl rsa -in badssl.com-client.pem -out CIRCUITPY/privkey.pem` and the password `badssl.com`
 4. Put wifi settings in CIRCUITPY/.env
 5. Run the below Python script:

```py
import os
import wifi
import socketpool
import ssl
import adafruit_requests

TEXT_URL = "https://client.badssl.com/"
wifi.radio.connect(os.getenv('WIFI_SSID'), os.getenv('WIFI_PASSWORD'))

pool = socketpool.SocketPool(wifi.radio)
context = ssl.create_default_context()
requests = adafruit_requests.Session(pool, context)

print(f"Fetching from {TEXT_URL} without certificate (should fail)")
response = requests.get(TEXT_URL)
print(f"{response.status_code=}, should be 400 Bad Request")
input("hit enter to continue\r")

print("Loading client certificate")
context.load_cert_chain("/cert.pem", "privkey.pem")
requests = adafruit_requests.Session(pool, context)

print(f"Fetching from {TEXT_URL} with certificate (should succeed)")
response = requests.get(TEXT_URL)
print(f"{response.status_code=}, should be 200 OK")
```
2022-10-10 15:10:53 -05:00
Hosted Weblate
2ad5c11ca9
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: CircuitPython/main
Translate-URL: https://hosted.weblate.org/projects/circuitpython/main/
2022-10-10 21:13:35 +02:00
Hosted Weblate
83fc85cb6f
Merge remote-tracking branch 'origin/main' 2022-10-10 21:13:32 +02:00
Boran Roni
3a5eb31b4e
Translated using Weblate (Turkish)
Currently translated at 14.5% (145 of 997 strings)

Translation: CircuitPython/main
Translate-URL: https://hosted.weblate.org/projects/circuitpython/main/tr/
2022-10-10 20:23:14 +02:00
Dan Halbert
14c9028c1f
Merge pull request #7026 from dhalbert/minor-space-savings
save about 112 bytes
2022-10-10 13:55:56 -04:00
Dan Halbert
de95463deb
Merge pull request #7023 from dhalbert/wifi-scanning-fixes
update esp-idf; allow start/stop channels in wifi scanning
2022-10-10 13:54:54 -04:00
Dan Halbert
8d344459cd
Merge pull request #7021 from jepler/pico-w-vbus-sense
pico w: pins improvements
2022-10-10 11:56:30 -04:00
Dan Halbert
6dcbb61081 fix test that used MpyError 2022-10-09 20:27:39 -04:00
Dan Halbert
86a0f9a861 save about 112 bytes 2022-10-09 19:22:39 -04:00
Dan Halbert
747dc7746d handle scan channel bounds but note they do nothing for RP2040 CYW43 2022-10-07 16:22:17 -04:00
Dan Halbert
21c0c4c1a6 update esp-idf; allow start/stop channels in wifi scanning 2022-10-07 15:29:09 -04:00
MicroDev
fc549fe345
Merge pull request #7014 from jepler/restore-nvm-module
restore nvm module
2022-10-08 00:12:41 +05:30
MicroDev
858a1ff253
Merge pull request #7022 from tekktrik/doc/fix-nested-list
Fixed nested unordered list rendering
2022-10-07 22:18:41 +05:30
Alec Delaney
ab1a7ebcd5
Fixed nested unordered list rendering
Also changed to dashes just to remain stylistically similar to the other unordered lists.
2022-10-07 11:13:45 -04:00
Dan Halbert
78b278e091 disable rainbowio on arduino_zero 2022-10-07 10:39:30 -04:00
Jeff Epler
f882571366
pico w: pins improvements
Closes: #7017

 * Remove the 'GP23' alias for CYW1
 * Remove the 'CYW0' alias for CYW0
 * Switch VBUS_SENSE to CYW2, remove 'GP24' alias

Code that wants to use SMPS_MODE, VBUS_SENSE and LED while being
portable to the W and non-W variants should use those names, not alias
names.

 * Remove A3 / VOLTAGE_MONITOR

Right now this cannot be used. The ability to check the voltage monitor
should be added back in some fashion in the future.
2022-10-07 08:48:36 -05:00
Dan Halbert
ab32d2a8b8
Merge pull request #7018 from weblate/weblate-circuitpython-main
Translations update from Hosted Weblate
2022-10-07 08:35:46 -04:00
Hosted Weblate
89260c5bfc
Merge remote-tracking branch 'origin/main' 2022-10-07 14:32:26 +02:00
Dan Halbert
041885da1b
Merge pull request #7011 from jepler/pico-w-resize-circuitpy-again
switch flash split to leave 512kB for CIRCUITPY
2022-10-07 08:32:18 -04:00
Hosted Weblate
3d0a7e6e58
Merge remote-tracking branch 'origin/main' 2022-10-07 04:46:10 +02:00
MicroDev
c7f6303041
Merge pull request #7019 from Neradoc/add-CywPin-class-not-string
Have cyw43.CywPin reference the class, not a string
2022-10-07 08:16:03 +05:30
Neradoc
3a6382d1ea cyw43.CywPin should be the class, not a string 2022-10-07 02:11:05 +02:00
Hosted Weblate
a673ee73c4
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: CircuitPython/main
Translate-URL: https://hosted.weblate.org/projects/circuitpython/main/
2022-10-07 00:32:24 +02:00
Mark
6b0c08682c
Merge pull request #7016 from jepler/remove-multiterminal
Remove multiterminal
2022-10-06 17:32:08 -05:00
Dan Halbert
833f55922c
Remove multiterminal
This module has not been built in years, since the (removed) esp8266 port.
Delete the code, as it is not likely to be useful in its current form.

Closes: #7015
2022-10-06 14:02:47 -05:00
Dan Halbert
c45e085fc4
Merge pull request #7010 from weblate/weblate-circuitpython-main
Translations update from Hosted Weblate
2022-10-06 14:50:09 -04:00
Jeff Epler
f431b2459c
restore nvm module 2022-10-06 13:18:19 -05:00
Jeff Epler
644d293641
Fix CIRCUITPY drive offset in flash correctly, accounting for NVM
.. and fix nvm to read/right the correct area.

.. putting a comment in link.ld to explain it all

Closes #7012
2022-10-06 12:39:46 -05:00
Jeff Epler
07cd2ff065
restore 4kB gap pending resolution of #7011 2022-10-06 11:20:48 -05:00
Hosted Weblate
21510b2e73
Merge remote-tracking branch 'origin/main' 2022-10-06 17:20:17 +02:00
Dan Halbert
8d82e4ba5f
Merge pull request #7008 from MicroDev1/patch
Cleanup `mpconfigboard.mk` of espressif boards
2022-10-06 11:20:11 -04:00
Jeff Epler
6e2c24083a
switch flash split to leave 512kB for CIRCUITPY 2022-10-06 10:12:22 -05:00
Hosted Weblate
e9376d0f8f
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: CircuitPython/main
Translate-URL: https://hosted.weblate.org/projects/circuitpython/main/
2022-10-06 16:51:51 +02:00
Dan Halbert
e0517c7379
Merge pull request #6999 from jepler/picow-ssl
pico_w: implement ssl with caveats
2022-10-06 10:51:36 -04:00
Jeff Epler
ecd140213b
populate nina-fw submodule whe needed 2022-10-06 08:14:50 -05:00
microDev
4f753251db
cleanup mpconfigboard.mk of espressif boards
- move `INTERNAL_FLASH_FILESYSTEM` to `mpconfigport.mk`
- move `LONGINT_IMPL` to `mpconfigport.mk`
- move `CFG_TUD_TASK_QUEUE_SZ` to `Makefile`
2022-10-06 16:15:01 +05:30
Dan Halbert
ee286588a7
Merge pull request #7003 from jepler/dotenv-emoji
Add unicode support to dotenv
2022-10-05 21:42:35 -04:00
Dan Halbert
8b6fff2f13
Merge pull request #6989 from kylefmohr/main
Add Espressif ESP32-S2-DevKitC-1-N8R2 variant
2022-10-05 21:42:12 -04:00
Dan Halbert
296960dd89 shorten board.c 2022-10-05 20:23:19 -04:00
Neradoc
d31acdef6c
we don't use AUTORESET_DELAY_MS 2022-10-06 02:19:48 +02:00
Jeff Epler
27e6623657
Add unicode support to dotenv
Newly passing tests:
```
aa🐍bb=key with emoji
value_with_emoji=aa🐍bb
```
2022-10-05 18:18:07 -05:00
Dan Halbert
4fb1a6a950
Merge pull request #7001 from dhalbert/dotenv-spaces-fix
Allow spaces before = in dotenv
2022-10-05 17:40:23 -04:00
Dan Halbert
3d91ea444a run black on tools/ci_check_duplicate_usb_vid_pid.py 2022-10-05 17:37:33 -04:00
Jeff Epler
2dc283f578
close underlying socket object when closing ssl socket 2022-10-05 15:10:14 -05:00
Jeff Epler
4a9389d347
remove debug message 2022-10-05 14:57:04 -05:00
Jeff Epler
14f2309b6f
Enable more key exchange methods
This is intended (but not entirely verified) to match our esp32 builds.
It does fix accessing https://circuitpython.org, which failed before with
"MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE".

It still doesn't work on a personal website of mine with valid letsencrypt
certificate but I haven't verified whether it works on esp32s2 with CP.
That site only allows TLS 1.3, while this mbedtls only supports up to
1.2.
The version of mbedtls we adopted based on micropython's use has no
TLS 1.3 support, but the one in espressif esp-idf does.
2022-10-05 14:56:27 -05:00
Jeff Epler
fabfdcf6fe
More ssl work 2022-10-05 14:56:26 -05:00