extmod/modssl_mbedtls: Fix cipher iteration in SSLContext.get_ciphers.
Prior to this commit it would skip every second cipher returned from mbedtls. The corresponding test is also updated and now passes on esp32, rp2, stm32 and unix. Signed-off-by: Damien George <damien@micropython.org>
This commit is contained in:
parent
8b6e89a8ca
commit
2531a15200
|
@ -311,10 +311,6 @@ STATIC mp_obj_t ssl_context_get_ciphers(mp_obj_t self_in) {
|
|||
for (const int *cipher_list = mbedtls_ssl_list_ciphersuites(); *cipher_list; ++cipher_list) {
|
||||
const char *cipher_name = mbedtls_ssl_get_ciphersuite_name(*cipher_list);
|
||||
mp_obj_list_append(list, MP_OBJ_FROM_PTR(mp_obj_new_str(cipher_name, strlen(cipher_name))));
|
||||
cipher_list++;
|
||||
if (!*cipher_list) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
|
|
@ -12,6 +12,8 @@ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|||
ciphers = ctx.get_ciphers()
|
||||
|
||||
for ci in ciphers:
|
||||
# Only print those ciphers know to exist on all ports.
|
||||
if ("TLS-ECDHE-ECDSA-WITH-AES" in ci or "TLS-RSA-WITH-AES" in ci) and "CBC" in ci:
|
||||
print(ci)
|
||||
|
||||
ctx.set_ciphers(ciphers[:1])
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
|
||||
TLS-RSA-WITH-AES-256-CBC-SHA256
|
||||
TLS-RSA-WITH-AES-256-CBC-SHA
|
||||
TLS-RSA-WITH-AES-128-CBC-SHA256
|
||||
TLS-RSA-WITH-AES-128-CBC-SHA
|
||||
object 'str' isn't a tuple or list
|
||||
(-24192, 'MBEDTLS_ERR_SSL_BAD_CONFIG')
|
||||
|
|
Loading…
Reference in New Issue