Skip to content

extmod/modssl_mbedtls: Add cert time validation. #11896

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

extmod/modssl_mbedtls: Add cert time validation. #11896

wants to merge 2 commits into from

Conversation

Carglglz
Copy link
Contributor

@Carglglz Carglglz commented Jun 28, 2023
edited
Loading

This enables cert time validation in unix and esp32 port.

In esp32 port MBEDTLS_PLATFORM_TIME_ALT macro is needed due to esp32 using EPOCH 1/1/2000 to get current time in
seconds which is not what mbedtls expects. MBEDTLS_PLATFORM_TIME_ALT gives the option to define
an alternative function to get current time.

Follow-up to:

@Carglglz Carglglz mentioned this pull request Jun 28, 2023
Merged
@github-actions
Copy link

github-actions bot commented Jun 28, 2023
edited
Loading

Code size report:

   bare-arm:    +0 +0.000% 
minimal x86:    +0 +0.000% 
   unix x64: +19187 +2.403% standard[incl +680(data)]
      stm32:    +0 +0.000% PYBV10
     mimxrt:    +0 +0.000% TEENSY40
        rp2:    +0 +0.000% PICO
       samd:    +0 +0.000% ADAFRUIT_ITSYBITSY_M4_EXPRESS

@codecov
Copy link

codecov bot commented Jul 4, 2023
edited
Loading

Codecov Report

Merging #11896 (926b4c2) into master (8851800) will increase coverage by 0.02%.
The diff coverage is 98.48%.

❗ Current head 926b4c2 differs from pull request most recent head 431ad8b. Consider uploading reports for the commit 431ad8b to get more accurate results

@@            Coverage Diff             @@
##           master   #11896      +/-   ##
==========================================
+ Coverage   98.38%   98.41%   +0.02%     
==========================================
  Files         158      158              
  Lines       20898    20962      +64     
==========================================
+ Hits        20561    20629      +68     
+ Misses        337      333       -4
Files Changed Coverage Δ
ports/unix/mpconfigport.h 100.00% <ø> (ø)
extmod/modssl_mbedtls.c 95.13% <98.48%> (+3.24%) ⬆️

... and 2 files with indirect coverage changes

This was referenced Jul 4, 2023
Merged
Closed
@Carglglz Carglglz force-pushed the ssl-cert-time branch 3 times, most recently from 7f2d947 to a1533ae Compare July 7, 2023 15:13
@dpgeorge dpgeorge added port-esp32 extmod Relates to extmod/ directory in source port-unix labels Jul 11, 2023
@Carglglz Carglglz force-pushed the ssl-cert-time branch 2 times, most recently from 76af29c to d85c05e Compare July 15, 2023 17:08
@Carglglz Carglglz mentioned this pull request Jul 17, 2023
Merged
@Carglglz Carglglz force-pushed the ssl-cert-time branch 3 times, most recently from f08c2a8 to 926b4c2 Compare August 14, 2023 13:31
@Carglglz
extmod/modssl_mbedtls: Add SSLContext methods.
606b0ba 
This commit adds a `# MICROPY_SSL_MBEDTLS_EXTRAS` macro that enables:

1) Methods to SSLContext class that match CPython signature:

	- `SSLContext.load_cert_chain(certfile, keyfile=)`
	- `SSLContext.load_verify_locations(cadata=)`
	- `SSLContext.get_ciphers()` --> ["CIPHERSUITE"]
	- `SSLContext.set_ciphers(["CIPHERSUITE"])`

2) `sslsocket.cipher()` to get current ciphersuite and protocol
   version.

3) `ssl.MBEDTLS_VERSION` string constant

4) Tests in `net_inet` and `multi_net`

Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
@Carglglz
extmod/modssl_mbedtls: Add cert time validation.
431ad8b 
This enables cert time validation in unix and esp32 port.

In esp32 port MBEDTLS_PLATFORM_TIME_ALT macro
is needed due to esp32 using EPOCH 1/1/2000 to get current time in
seconds which is not what mbedtls expects.
MBEDTLS_PLATFORM_TIME_ALT gives the option to define
an alternative function to get current time.

Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
@Carglglz Carglglz mentioned this pull request Sep 6, 2023
Merged
@Carglglz
Copy link
Contributor Author

Follow in
#13099 & #13100

@Carglglz Carglglz closed this Nov 30, 2023
@Carglglz Carglglz deleted the ssl-cert-time branch January 21, 2024 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
extmod Relates to extmod/ directory in source port-esp32 port-unix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Carglglz @dpgeorge