extmod/modssl_mbedtls: Fix cipher iteration in SSLContext.get_ciphers.

Prior to this commit it would skip every second cipher returned from
mbedtls.

The corresponding test is also updated and now passes on esp32, rp2, stm32
and unix.

Signed-off-by: Damien George <damien@micropython.org>
This commit is contained in:
Damien George 2024-01-29 15:11:46 +11:00
parent 8b6e89a8ca
commit 2531a15200
3 changed files with 7 additions and 5 deletions

View File

@ -311,10 +311,6 @@ STATIC mp_obj_t ssl_context_get_ciphers(mp_obj_t self_in) {
for (const int *cipher_list = mbedtls_ssl_list_ciphersuites(); *cipher_list; ++cipher_list) {
const char *cipher_name = mbedtls_ssl_get_ciphersuite_name(*cipher_list);
mp_obj_list_append(list, MP_OBJ_FROM_PTR(mp_obj_new_str(cipher_name, strlen(cipher_name))));
cipher_list++;
if (!*cipher_list) {
break;
}
}
return list;
}

View File

@ -12,6 +12,8 @@ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ciphers = ctx.get_ciphers()
for ci in ciphers:
# Only print those ciphers know to exist on all ports.
if ("TLS-ECDHE-ECDSA-WITH-AES" in ci or "TLS-RSA-WITH-AES" in ci) and "CBC" in ci:
print(ci)
ctx.set_ciphers(ciphers[:1])

View File

@ -1,6 +1,10 @@
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-RSA-WITH-AES-256-CBC-SHA256
TLS-RSA-WITH-AES-256-CBC-SHA
TLS-RSA-WITH-AES-128-CBC-SHA256
TLS-RSA-WITH-AES-128-CBC-SHA
object 'str' isn't a tuple or list
(-24192, 'MBEDTLS_ERR_SSL_BAD_CONFIG')