mirrors
/
micropython
mirror of https://github.com/micropython/micropython.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

extmod/modssl_mbedtls: Make SSLSocket.getpeercert() optional. 

And only enable this method when the relevant feature is available in
mbedtls.  Otherwise, if mbedtls doesn't support getting the peer
certificate, this method always returns None and it's confusing why it does
that.  It's better to remove the method altogether, so the error trying to
use it is more obvious.

Signed-off-by: Damien George <damien@micropython.org>
This commit is contained in:
Damien George 2023-12-12 17:15:24 +11:00
parent c9eb6bc601
commit ef996d15b9
4 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
extmod/modssl_mbedtls.c
View File

@ -554,6 +554,7 @@ cleanup:
mbedtls_raise_error(ret); mbedtls_raise_error(ret);
} }
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
STATIC mp_obj_t mod_ssl_getpeercert(mp_obj_t o_in, mp_obj_t binary_form) { STATIC mp_obj_t mod_ssl_getpeercert(mp_obj_t o_in, mp_obj_t binary_form) {
mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in); mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in);
if (!mp_obj_is_true(binary_form)) { if (!mp_obj_is_true(binary_form)) {
@ -566,6 +567,7 @@ STATIC mp_obj_t mod_ssl_getpeercert(mp_obj_t o_in, mp_obj_t binary_form) {
return mp_obj_new_bytes(peer_cert->raw.p, peer_cert->raw.len); return mp_obj_new_bytes(peer_cert->raw.p, peer_cert->raw.len);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_ssl_getpeercert_obj, mod_ssl_getpeercert); STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_ssl_getpeercert_obj, mod_ssl_getpeercert);
#endif
STATIC mp_obj_t mod_ssl_cipher(mp_obj_t o_in) { STATIC mp_obj_t mod_ssl_cipher(mp_obj_t o_in) {
mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in); mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in);
@ -726,7 +728,9 @@ STATIC const mp_rom_map_elem_t ssl_socket_locals_dict_table[] = {
#if MICROPY_UNIX_COVERAGE #if MICROPY_UNIX_COVERAGE
{ MP_ROM_QSTR(MP_QSTR_ioctl), MP_ROM_PTR(&mp_stream_ioctl_obj) }, { MP_ROM_QSTR(MP_QSTR_ioctl), MP_ROM_PTR(&mp_stream_ioctl_obj) },
#endif #endif
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
{ MP_ROM_QSTR(MP_QSTR_getpeercert), MP_ROM_PTR(&mod_ssl_getpeercert_obj) }, { MP_ROM_QSTR(MP_QSTR_getpeercert), MP_ROM_PTR(&mod_ssl_getpeercert_obj) },
#endif
{ MP_ROM_QSTR(MP_QSTR_cipher), MP_ROM_PTR(&mod_ssl_cipher_obj) }, { MP_ROM_QSTR(MP_QSTR_cipher), MP_ROM_PTR(&mod_ssl_cipher_obj) },
}; };
STATIC MP_DEFINE_CONST_DICT(ssl_socket_locals_dict, ssl_socket_locals_dict_table); STATIC MP_DEFINE_CONST_DICT(ssl_socket_locals_dict, ssl_socket_locals_dict_table);

9
tests/multi_net/sslcontext_getpeercert.py
View File

@ -1,6 +1,7 @@
# Test creating an SSL connection and getting the peer certificate. # Test creating an SSL connection and getting the peer certificate.
try: try:
import io
import os import os
import socket import socket
import ssl import ssl
@ -42,6 +43,12 @@ def instance0():
# Client # Client
def instance1(): def instance1():
s_test = ssl.wrap_socket(io.BytesIO(), server_side=True, do_handshake=False)
s_test.close()
if not hasattr(s_test, "getpeercert"):
print("SKIP")
raise SystemExit
multitest.next() multitest.next()
s = socket.socket() s = socket.socket()
s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
@ -49,7 +56,7 @@ def instance1():
client_ctx.verify_mode = ssl.CERT_REQUIRED client_ctx.verify_mode = ssl.CERT_REQUIRED
client_ctx.load_verify_locations(cafile=cafile) client_ctx.load_verify_locations(cafile=cafile)
s = client_ctx.wrap_socket(s, server_hostname="micropython.local") s = client_ctx.wrap_socket(s, server_hostname="micropython.local")
print(s.getpeercert(True)) print(s.getpeercert(True).hex())
s.write(b"client to server") s.write(b"client to server")
print(s.read(16)) print(s.read(16))
s.close() s.close()

2
tests/multi_net/sslcontext_getpeercert.py.exp
View File

@ -1,5 +1,5 @@
--- instance0 --- --- instance0 ---
b'client to server' b'client to server'
--- instance1 --- --- instance1 ---
None 3082058930820371a00302010202141b3da08b15005eea265d0b57b8ba99812ab274cb300d06092a864886f70d01010b05003054310b30090603550406130241553113301106035504080c0a536f6d652d537461746531143012060355040a0c0b4d6963726f507974686f6e311a301806035504030c116d6963726f707974686f6e2e6c6f63616c301e170d3233313131393032323932375a170d3238313131373032323932375a3054310b30090603550406130241553113301106035504080c0a536f6d652d537461746531143012060355040a0c0b4d6963726f507974686f6e311a301806035504030c116d6963726f707974686f6e2e6c6f63616c30820222300d06092a864886f70d01010105000382020f003082020a0282020100deee37780ebca47e0f414ba033ebe692d2bc374a0eb1f42556bf266ad704208116ee0d8b2fd0b518074ad0981c4fd1322de81696ccea838884b06f56d3ebe49cf0561050f6f8ced5f7f4f13d086b28779a9647bbfae6c3f3ad68a5b28ee8a1ceb260d87ea300316599c4dd9f6082f89164b590df8695add518339f6730dec4f05b1ef63548329b0a48823035b23737f3303b56aa251dd8dcf0c20e6c1d291374c185ae657b349c20721c7c01a1b393c96d4c5f2bc8e2dfca7dab896e2fa84dee53d2bb6dbd1056970fa1812315e8ee9d92b3cb93e0b563d274bf07dd79600ef403b91d4ce814418b28cfaeb2b7d8401e64f6d4f39283df3204f2fe01f2fd289f5d2078d9ee2f96b6de1fd4284d9274fa38b0ad9ffcce8ffe66673be2cf304ee1b27c7cacaaf4ca76f1e84419e6e80f540add3e91cd469903e9ceb6bd2b1c33caa59acb5516ce8ac00e73d7a551bb65d39bd6af04411e81c20e6bd474d797a0bcd498e26720bd60ae4f900bb1afa59c7ac7a336273c7734ca5874ea63fb8ec787ab702041442da11a922baf5fbeb9eeea4f9f49cb1f659b561806d2169dbed07c43558c908c94e16491fe1a22cd92b8f33c1184353bdc985c88722f65e48024910f723035c0d33b789928296fb193cec6350884243b00bf51422ad09fb7012bd9cad4716803422be0d111deace913fac8cb2be1e96fa8449068430e5424bd0bd10203010001a3533051301d0603551d0e041604147d392a82ab464936fd7d74226694556a2945fd8d301f0603551d230418301680147d392a82ab464936fd7d74226694556a2945fd8d300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382020100ae40c015e3eade8dabc84ee357ac9d694e7cd69ce4a1b265880273d16257119aa72fb2aa8b841e2899bea3e8690146f24d963a37825c93bf745447dc6ab09b5f2947671dca13b1e71f5c3e43011d74cdc688ed1215b3016071ae7235d77f79d7bb81f097bb04a08ccf400717721b29e2ea913eb23614610597deee477ed716db7e8ebe11aed39c7035f48259dfa54d88871c1f67159d52ce11eb111fa00708a7d7081c07fd92d54abbaec7ff1b50ce2f6f358857d2f55d1c7b5aa6dd66b9c3c2e654397e2d5330aca9834ff8fd749ce968c706fe3bb1b8510a379ec1910d7ece0212c34d56a2073fb7f25c88fe298568e448d03ec30b348f7d9a8836390216a6da7a8efed50dfb8c21a8531efc158e7f4398f87af18d1bd2926d08d34364bf5d85e88040dff3d3f1da6268dbc0cafa64f544c065380fa695a8d015b385aed0a1fd9ff1d7c2b28a549e04c1132b421f85a85640acac11c69416859fb9b461eeddffa92ae303b35c7233537077068de558dd02715e25aee976a97879038d2952be0d327892ab2fc78716b0d7aab4b923d5d79905f7f8b6a18c42e466fec62f84b6e5957deae0964dab8436b0e0cd4e08012661bafb9588fbfd7068fd6c08ab79101a4bdfe21d95cd0ee0aad7dd8a3ed128071c0ec2d063dc6dfa63189e51bf5d9259e776d7623f745a73f4e12e5c2b90493de1c6436b339e1400891e3e35c31057
b'server to client' b'server to client'

7
tests/net_hosted/ssl_getpeercert.py
View File

@ -1,8 +1,15 @@
# test ssl.getpeercert() method # test ssl.getpeercert() method
import io
import socket import socket
import ssl import ssl
s_test = ssl.wrap_socket(io.BytesIO(), server_side=True, do_handshake=False)
s_test.close()
if not hasattr(s_test, "getpeercert"):
print("SKIP")
raise SystemExit
def test(peer_addr): def test(peer_addr):
s = socket.socket() s = socket.socket()