53 lines
1.6 KiB
Python
53 lines
1.6 KiB
Python
import os
|
|
import socket
|
|
import ssl
|
|
|
|
# This certificate was obtained from micropython.org using openssl:
|
|
# $ openssl s_client -showcerts -connect micropython.org:443 </dev/null 2>/dev/null
|
|
# The certificate is from Let's Encrypt:
|
|
# 1 s:/C=US/O=Let's Encrypt/CN=R3
|
|
# i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
|
|
# Validity
|
|
# Not Before: Sep 4 00:00:00 2020 GMT
|
|
# Not After : Sep 15 16:00:00 2025 GMT
|
|
# Copy PEM content to a file (certmpy.pem) and convert to DER e.g.
|
|
# $ openssl x509 -in certmpy.pem -out certmpy.der -outform DER
|
|
# Then convert to hex format, eg using binascii.hexlify(data).
|
|
|
|
|
|
ca_cert_chain = "mpycert.der"
|
|
try:
|
|
os.stat(ca_cert_chain)
|
|
except OSError:
|
|
print("SKIP")
|
|
raise SystemExit
|
|
|
|
|
|
def main(use_stream=True):
|
|
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
|
|
context.verify_mode = ssl.CERT_REQUIRED
|
|
assert context.verify_mode == ssl.CERT_REQUIRED
|
|
|
|
context.load_verify_locations(cafile=ca_cert_chain)
|
|
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
addr = socket.getaddrinfo("micropython.org", 443)[0][-1]
|
|
|
|
# CPython can wrap the socket even if not connected yet.
|
|
# ssl_sock = context.wrap_socket(s, server_hostname='micropython.org')
|
|
# ssl_sock.connect(addr)
|
|
|
|
# MicroPython needs to connect first, CPython can do this too.
|
|
s.connect(addr)
|
|
# server_hostname must match CN (Common Name) in the certificate
|
|
# presented by the server
|
|
ssl_sock = context.wrap_socket(s, server_hostname="micropython.org")
|
|
ssl_sock.write(b"GET / HTTP/1.0\r\n\r\n")
|
|
print(ssl_sock.read(17))
|
|
assert isinstance(ssl_sock.cipher(), tuple)
|
|
ssl_sock.close()
|
|
|
|
|
|
main()
|