djsundog/circuitpython
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
873bd00ad4
circuitpython/tests/net_inet/test_tls_sites.py
Damien George e8a4c1dd53 extmod/modssl: Add SSLContext class. 
This commit adds the SSLContext class to the ssl module, and retains the
existing ssl.wrap_socket() function to maintain backwards compatibility.

CPython deprecated the ssl.wrap_socket() function since CPython 3.7 and
instead one should use ssl.SSLContext().wrap_socket().  This commit makes
that possible.

For the axtls implementation:
- ssl.SSLContext is added, although it doesn't hold much state because
  axtls requires calling ssl_ctx_new() for each new socket
- ssl.SSLContext.wrap_socket() is added
- ssl.PROTOCOL_TLS_CLIENT and ssl.PROTOCOL_TLS_SERVER are added

For the mbedtls implementation:
- ssl.SSLContext is added, and holds most of the mbedtls state
- ssl.verify_mode is added (getter and setter)
- ssl.SSLContext.wrap_socket() is added
- ssl.PROTOCOL_TLS_CLIENT and ssl.PROTOCOL_TLS_SERVER are added

The signatures match CPython:
- SSLContext(protocol)
- SSLContext.wrap_socket(sock, *, server_side=False,
    do_handshake_on_connect=True, server_hostname=None)

The existing ssl.wrap_socket() functions retain their existing signature.

Signed-off-by: Damien George <damien@micropython.org>
2023-06-26 16:34:41 +10:00

57 lines
1.1 KiB
Python
Raw Blame History

import socket
import ssl
# CPython only supports server_hostname with SSLContext
if hasattr(ssl, "SSLContext"):
ssl = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
def test_one(site, opts):
ai = socket.getaddrinfo(site, 443)
addr = ai[0][-1]
s = socket.socket()
try:
s.connect(addr)
if "sni" in opts:
s = ssl.wrap_socket(s, server_hostname=opts["host"])
else:
s = ssl.wrap_socket(s)
s.write(b"GET / HTTP/1.0\r\nHost: %s\r\n\r\n" % bytes(site, "latin"))
resp = s.read(4096)
if resp[:7] != b"HTTP/1.":
raise ValueError("response doesn't start with HTTP/1.")
# print(resp)
finally:
s.close()
SITES = [
"google.com",
"www.google.com",
"micropython.org",
"pypi.org",
{"host": "api.pushbullet.com", "sni": True},
]
def main():
for site in SITES:
opts = {}
if isinstance(site, dict):
opts = site
site = opts["host"]
try:
test_one(site, opts)
print(site, "ok")
except Exception as e:
print(site, e)
main()
Reference in New Issue View Git Blame Copy Permalink