0c8b261ec9
## Testing self-signed certificates and `load_verify_locations` Obtain the badssl "self-signed" certificate in the correct form: ```sh openssl s_client -servername self-signed.badssl.com -connect untrusted-root.badssl.com:443 < /dev/null | openssl x509 > self-signed.pem ``` Copy it and the script to CIRCUITPY: ```python import os import wifi import socketpool import ssl import adafruit_requests TEXT_URL = "https://self-signed.badssl.com/" if not wifi.radio.ipv4_address: wifi.radio.connect(os.getenv('WIFI_SSID'), os.getenv('WIFI_PASSWORD')) pool = socketpool.SocketPool(wifi.radio) context = ssl.create_default_context() requests = adafruit_requests.Session(pool, context) print(f"Fetching from {TEXT_URL} without certificate (should fail)") try: response = requests.get(TEXT_URL) except Exception as e: print(f"Failed: {e}") else: print(f"{response.status_code=}, should have failed with exception") print("Loading server certificate") with open("/self-signed.pem", "rb") as certfile: context.load_verify_locations(cadata=certfile.read()) requests = adafruit_requests.Session(pool, context) print(f"Fetching from {TEXT_URL} with certificate (should succeed)") try: response = requests.get(TEXT_URL) except Exception as e: print(f"Unexpected exception: {e}") else: print(f"{response.status_code=}, should be 200 OK") ``` |
||
|---|---|---|
| .. | ||
| __init__.c | ||
| __init__.h | ||
| SSLContext.c | ||
| SSLContext.h | ||
| SSLSocket.c | ||
| SSLSocket.h | ||