From 1963883aae275eb1c59236d77164ada8bba0dce4 Mon Sep 17 00:00:00 2001 From: Carlosgg Date: Fri, 28 Jan 2022 04:42:46 +0000 Subject: [PATCH 1/2] extmod/modussl_mbedtls.c: Add missing args and constants to ssl module. Add cert_reqs and ca_certs kwargs to ssl.wrap_socket and ssl.CERT_NONE, ssl.CERT_OPTIONAL, ssl.CERT_REQUIRED options to allow certificate validation. Signed-off-by: Carlos Gil --- docs/library/ssl.rst | 7 ++ extmod/modussl_mbedtls.c | 26 ++++- tests/multi_net/ssl_cert_ecc.py | 98 +++++++++++++++++ tests/multi_net/ssl_cert_ecc.py.exp | 4 + tests/multi_net/ssl_cert_rsa.py | 161 ++++++++++++++++++++++++++++ tests/multi_net/ssl_cert_rsa.py.exp | 4 + tests/net_inet/ssl_cert.py | 121 +++++++++++++++++++++ 7 files changed, 420 insertions(+), 1 deletion(-) create mode 100644 tests/multi_net/ssl_cert_ecc.py create mode 100644 tests/multi_net/ssl_cert_ecc.py.exp create mode 100644 tests/multi_net/ssl_cert_rsa.py create mode 100644 tests/multi_net/ssl_cert_rsa.py.exp create mode 100644 tests/net_inet/ssl_cert.py diff --git a/docs/library/ssl.rst b/docs/library/ssl.rst index 4726daa59b4ae..d76c3ba223b53 100644 --- a/docs/library/ssl.rst +++ b/docs/library/ssl.rst @@ -31,6 +31,13 @@ Functions until it completes. Note that in AXTLS the handshake can be deferred until the first read or write but it then blocks until completion. + - *cert_reqs* determines whether the peer (server or client) must present a valid certificate. + Note that for mbedtls based ports, ``ssl.CERT_NONE`` and ``ssl.CERT_OPTIONAL`` will not + validate any certificate, only ``ssl.CERT_REQUIRED`` will. + + - *ca_certs* is the CA certificate chain that will validate the peer's certificate. + + Depending on the underlying module implementation in a particular :term:`MicroPython port`, some or all keyword arguments above may be not supported. diff --git a/extmod/modussl_mbedtls.c b/extmod/modussl_mbedtls.c index 44668ae63bbad..a2eea8bd58080 100644 --- a/extmod/modussl_mbedtls.c +++ b/extmod/modussl_mbedtls.c @@ -63,6 +63,8 @@ struct ssl_args { mp_arg_val_t cert; mp_arg_val_t server_side; mp_arg_val_t server_hostname; + mp_arg_val_t cert_reqs; + mp_arg_val_t ca_certs; mp_arg_val_t do_handshake; }; @@ -191,7 +193,10 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) { goto cleanup; } - mbedtls_ssl_conf_authmode(&o->conf, MBEDTLS_SSL_VERIFY_NONE); + + mbedtls_ssl_conf_authmode(&o->conf, args->cert_reqs.u_int); + + mbedtls_ssl_conf_rng(&o->conf, mbedtls_ctr_drbg_random, &o->ctr_drbg); #ifdef MBEDTLS_DEBUG_C mbedtls_ssl_conf_dbg(&o->conf, mbedtls_debug, NULL); @@ -237,6 +242,20 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) { } } + if (args->ca_certs.u_obj != mp_const_none) { + size_t cacert_len; + const byte *cacert = (const byte *)mp_obj_str_get_data(args->ca_certs.u_obj, &cacert_len); + // len should include terminating null + ret = mbedtls_x509_crt_parse(&o->cacert, cacert, cacert_len + 1); + if (ret != 0) { + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; // use general error for all cert errors + goto cleanup; + } + + mbedtls_ssl_conf_ca_chain(&o->conf, &o->cacert, NULL); + + } + if (args->do_handshake.u_bool) { while ((ret = mbedtls_ssl_handshake(&o->ssl)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { @@ -395,6 +414,8 @@ STATIC mp_obj_t mod_ssl_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_ { MP_QSTR_cert, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} }, { MP_QSTR_server_side, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} }, { MP_QSTR_server_hostname, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} }, + { MP_QSTR_cert_reqs, MP_ARG_KW_ONLY | MP_ARG_INT, {.u_int = MBEDTLS_SSL_VERIFY_NONE}}, + { MP_QSTR_ca_certs, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} }, { MP_QSTR_do_handshake, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = true} }, }; @@ -412,6 +433,9 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_KW(mod_ssl_wrap_socket_obj, 1, mod_ssl_wrap_socke STATIC const mp_rom_map_elem_t mp_module_ssl_globals_table[] = { { MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_ussl) }, { MP_ROM_QSTR(MP_QSTR_wrap_socket), MP_ROM_PTR(&mod_ssl_wrap_socket_obj) }, + { MP_ROM_QSTR(MP_QSTR_CERT_NONE), MP_ROM_INT(MBEDTLS_SSL_VERIFY_NONE) }, + { MP_ROM_QSTR(MP_QSTR_CERT_OPTIONAL), MP_ROM_INT(MBEDTLS_SSL_VERIFY_OPTIONAL) }, + { MP_ROM_QSTR(MP_QSTR_CERT_REQUIRED), MP_ROM_INT(MBEDTLS_SSL_VERIFY_REQUIRED) }, }; STATIC MP_DEFINE_CONST_DICT(mp_module_ssl_globals, mp_module_ssl_globals_table); diff --git a/tests/multi_net/ssl_cert_ecc.py b/tests/multi_net/ssl_cert_ecc.py new file mode 100644 index 0000000000000..c306a924622d7 --- /dev/null +++ b/tests/multi_net/ssl_cert_ecc.py @@ -0,0 +1,98 @@ +# Simple test creating an SSL connection and transferring some data +# This test won't run under CPython because it requires key/cert + +try: + import ubinascii as binascii, usocket as socket, ussl as ssl +except ImportError: + print("SKIP") + raise SystemExit + +PORT = 8000 +_MBEDTLS = hasattr(ssl, "CERT_REQUIRED") + +# This self-signed key/cert pair is randomly generated and to be used for +# testing/demonstration only. You should always generate your own key/cert. +if _MBEDTLS: + cert = b"""-----BEGIN CERTIFICATE----- + MIICSTCCAe+gAwIBAgIJAK7kDH3KW/pbMAoGCCqGSM49BAMCMIGAMQswCQYDVQQG + EwJBVTEMMAoGA1UECAwDRm9vMQwwCgYDVQQHDANCYXIxFDASBgNVBAoMC01pY3Jv + UHl0aG9uMQswCQYDVQQLDAJNUDEWMBQGA1UEAwwNZXNwaG9tZS5sb2NhbDEaMBgG + CSqGSIb3DQEJARYLZm9vQGJhci5jb20wHhcNMjIwNzEyMTcxOTU5WhcNMzIwNzA5 + MTcxOTU5WjCBgDELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA0ZvbzEMMAoGA1UEBwwD + QmFyMRQwEgYDVQQKDAtNaWNyb1B5dGhvbjELMAkGA1UECwwCTVAxFjAUBgNVBAMM + DWVzcGhvbWUubG9jYWwxGjAYBgkqhkiG9w0BCQEWC2Zvb0BiYXIuY29tMFkwEwYH + KoZIzj0CAQYIKoZIzj0DAQcDQgAEmuTTWsQ44oUgEt/fpjm33x2JbS8FdiVnC2Cc + 4QFUsr8AqVTOwCzqqDO6MvXask8WyBjmROV0NS1QAp8zM8CnlqNQME4wHQYDVR0O + BBYEFLS6piYUhW4Z3l6DSyNC6BuJetg9MB8GA1UdIwQYMBaAFLS6piYUhW4Z3l6D + SyNC6BuJetg9MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgaoRjizC+ + AvvlQQjl6Jw3lFCxvuYrwy4YwNKgqJDyz8UCIQCFyMWi4kkniUZxhCZwuvJiPXl/ + HFSxkQyQfayCKkApCA== + -----END CERTIFICATE-----""" + + key = b"""-----BEGIN EC PARAMETERS----- + BggqhkjOPQMBBw== + -----END EC PARAMETERS----- + -----BEGIN EC PRIVATE KEY----- + MHcCAQEEII9I4GhoeGqhgOz5Ybqh5NTEwLQmli1jIzvrr6/6clLSoAoGCCqGSM49 + AwEHoUQDQgAEmuTTWsQ44oUgEt/fpjm33x2JbS8FdiVnC2Cc4QFUsr8AqVTOwCzq + qDO6MvXask8WyBjmROV0NS1QAp8zM8Cnlg== + -----END EC PRIVATE KEY-----""" + +else: + key = binascii.unhexlify( + b"3082013b020100024100cc20643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef" + b"610a6a6ba14abb891745cd18a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f" + b"872d0203010001024100bb17a54aeb3dd7ae4edec05e775ca9632cf02d29c2a089b563b0" + b"d05cdf95aeca507de674553f28b4eadaca82d5549a86058f9996b07768686a5b02cb240d" + b"d9f1022100f4a63f5549e817547dca97b5c658038e8593cb78c5aba3c4642cc4cd031d86" + b"8f022100d598d870ffe4a34df8de57047a50b97b71f4d23e323f527837c9edae88c79483" + b"02210098560c89a70385c36eb07fd7083235c4c1184e525d838aedf7128958bedfdbb102" + b"2051c0dab7057a8176ca966f3feb81123d4974a733df0f958525f547dfd1c271f9022044" + b"6c2cafad455a671a8cf398e642e1be3b18a3d3aec2e67a9478f83c964c4f1f" + ) + + cert = binascii.unhexlify( + b"308201d53082017f020203e8300d06092a864886f70d01010505003075310b3009060355" + b"0406130258583114301206035504080c0b54686550726f76696e63653110300e06035504" + b"070c075468654369747931133011060355040a0c0a436f6d70616e7958595a3113301106" + b"0355040b0c0a436f6d70616e7958595a3114301206035504030c0b546865486f73744e61" + b"6d65301e170d3139313231383033333935355a170d3239313231353033333935355a3075" + b"310b30090603550406130258583114301206035504080c0b54686550726f76696e636531" + b"10300e06035504070c075468654369747931133011060355040a0c0a436f6d70616e7958" + b"595a31133011060355040b0c0a436f6d70616e7958595a3114301206035504030c0b5468" + b"65486f73744e616d65305c300d06092a864886f70d0101010500034b003048024100cc20" + b"643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef610a6a6ba14abb891745cd18" + b"a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f872d0203010001300d06092a" + b"864886f70d0101050500034100b0513fe2829e9ecbe55b6dd14c0ede7502bde5d46153c8" + b"e960ae3ebc247371b525caeb41bbcf34686015a44c50d226e66aef0a97a63874ca5944ef" + b"979b57f0b3" + ) + +# Server +def instance0(): + multitest.globals(IP=multitest.get_network_ip()) + s = socket.socket() + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1]) + s.listen(1) + multitest.next() + s2, _ = s.accept() + s2 = ssl.wrap_socket(s2, server_side=True, key=key, cert=cert) + print(s2.read(16)) + s2.write(b"server to client") + s2.close() + s.close() + + +# Client +def instance1(): + multitest.next() + s = socket.socket() + s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) + if _MBEDTLS: + s = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs=cert) + else: + s = ssl.wrap_socket(s) + s.write(b"client to server") + print(s.read(16)) + s.close() diff --git a/tests/multi_net/ssl_cert_ecc.py.exp b/tests/multi_net/ssl_cert_ecc.py.exp new file mode 100644 index 0000000000000..909c496d019e1 --- /dev/null +++ b/tests/multi_net/ssl_cert_ecc.py.exp @@ -0,0 +1,4 @@ +--- instance0 --- +b'client to server' +--- instance1 --- +b'server to client' diff --git a/tests/multi_net/ssl_cert_rsa.py b/tests/multi_net/ssl_cert_rsa.py new file mode 100644 index 0000000000000..6910a34d64116 --- /dev/null +++ b/tests/multi_net/ssl_cert_rsa.py @@ -0,0 +1,161 @@ +# Simple test creating an SSL connection and transferring some data +# This test won't run under CPython because it requires key/cert + +try: + import ubinascii as binascii, usocket as socket, ussl as ssl +except ImportError: + print("SKIP") + raise SystemExit + +PORT = 8000 +_MBEDTLS = hasattr(ssl, "CERT_REQUIRED") + +# This self-signed key/cert pair is randomly generated and to be used for +# testing/demonstration only. You should always generate your own key/cert. +if _MBEDTLS: + cert = b"""-----BEGIN CERTIFICATE----- + MIIF1zCCA7+gAwIBAgIJALxjtIpwDD1JMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD + VQQGEwJBVTEMMAoGA1UECAwDRm9vMQwwCgYDVQQHDANCYXIxFDASBgNVBAoMC01p + Y3JvUHl0aG9uMQwwCgYDVQQLDANmb28xFjAUBgNVBAMMDWVzcGhvbWUubG9jYWwx + GjAYBgkqhkiG9w0BCQEWC2Zvb0BiYXIuY29tMB4XDTIyMDcxMjE4MDAxM1oXDTIz + MDcxMjE4MDAxM1owgYExCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANGb28xDDAKBgNV + BAcMA0JhcjEUMBIGA1UECgwLTWljcm9QeXRob24xDDAKBgNVBAsMA2ZvbzEWMBQG + A1UEAwwNZXNwaG9tZS5sb2NhbDEaMBgGCSqGSIb3DQEJARYLZm9vQGJhci5jb20w + ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOPA9zCrNEMs5gWrRNSsCq + /YpiQxM+qw3MnURKt9n/ZqaBWhAdLTy9chQK/DT4w8rtzhbpUoNQ8+DlY0PySFB9 + guQbUau1Fcv2Dlphny28qGhNF0w7CVHix7pXbH+wZFOjWXdVgQpqTEXrCSXIVatT + d4XfRr8pFFhxMw/wZBoQGiTwgwwguuhluouzJgbKrEVVgSrPGfWVUzSc5w+3/2NR + LwRE+PQblzGD6r+WeZAwh8bNadw63L51TdAgfqV8UOktgAvOYljRYYu3SdP8ASOb + bRr20/nK2jrLsxKh2FpZz6vSiy5XLFakgYzhcMoreBoEdJxiOSBsZK2eBXSEFDpM + Ur3vYYnEZAXBqWQkictkCpN638JodXjforQOuvoFITZCocy8JlVXzUDeUzJM/xv7 + pvXCFfZXuPnyJgq2KTYl0OIDu6l1vHrG3/PmBMmw0qKkullBwNyNLg6UOcVkR7QE + jA5s+wNRd0L/b3whQKBZVKoeKSR9Gui/19sNuN1F0JVxD7eChO3ihQ/AwhI1QGr4 + PmBErd+ThTFkA+KiVEK5/7/HsBxskpLlo1MeakhJbAFt4TczNKUvAbfGoOzhJhk2 + eI0hYcU6iYWglG1tMZIlsjDZbQVepGkv63H9r0t3Wsn7w44blD5mF89h0z6TCrKI + o+pHMLTyeEqAGODfyKEecwIDAQABo1AwTjAdBgNVHQ4EFgQUvGBI/jzSeCV+i3yQ + 3tu86DabILgwHwYDVR0jBBgwFoAUvGBI/jzSeCV+i3yQ3tu86DabILgwDAYDVR0T + BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEACSODVLQzeaPStW6SjKyOoo4sAc+B + SOVMC71AVeLlfVeGl9Hiw5Lx/jvJIR1PJ+0b5jHnVHpjkNfxIaniChlf3ac/dVGI + sWzzlxSSSpaG3XzHSUITNQOMBkDCxrFd9E102UqXKF7ip7B1zMnZ1jLipZBgMM9Z + veFKsQZgt89H7J164vNZY0VPdnNaPawSpKTJBxg+nM8+B9WUhMGC5n7cfDXOFcfh + By+ujJlloSYaHzEUfUr40ev47nwUK63+Z+MfsySnmim8lOiTcLcNjPfNKyqkJ6Sf + d4SYkefE1ZEfb9pSczo8FpsBiMLZkY8pbdjiNPiWLw215HxhWUSARU4tmlhQ1MaW + oPs7ZlNKRZHEndqMxvGwAIxiWqXgCR7PvVHZcVxguF5OidSmz6uyrN+BUY62FAO4 + +HZ8XAAhb3MOCPIpWd/2laCBzHJsSrNa4/ZTiiMfgxpukSBvO2kalL35U0PsAu96 + rELaKnCEbNXxPdKVWl8XN6TDxsA7BB0zTB2t0eMF8HyDtLTgUJ7B0j6V+CApCULq + r4vqMEzVpQWPwNRiT/H/4TSOe8VMdWoSrLJY6150JvsGKoK4jsJ0ycE7Pv+LAQlH + YuFm9JDNJbFOdi23CHhYWaM32P0ACP5gKpDikzze0zWemM4/vAQSCGa9TZbWtvf1 + Pe+FTUACEZa3oGs= + -----END CERTIFICATE-----""" + + key = b"""-----BEGIN PRIVATE KEY----- + MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDOPA9zCrNEMs5g + WrRNSsCq/YpiQxM+qw3MnURKt9n/ZqaBWhAdLTy9chQK/DT4w8rtzhbpUoNQ8+Dl + Y0PySFB9guQbUau1Fcv2Dlphny28qGhNF0w7CVHix7pXbH+wZFOjWXdVgQpqTEXr + CSXIVatTd4XfRr8pFFhxMw/wZBoQGiTwgwwguuhluouzJgbKrEVVgSrPGfWVUzSc + 5w+3/2NRLwRE+PQblzGD6r+WeZAwh8bNadw63L51TdAgfqV8UOktgAvOYljRYYu3 + SdP8ASObbRr20/nK2jrLsxKh2FpZz6vSiy5XLFakgYzhcMoreBoEdJxiOSBsZK2e + BXSEFDpMUr3vYYnEZAXBqWQkictkCpN638JodXjforQOuvoFITZCocy8JlVXzUDe + UzJM/xv7pvXCFfZXuPnyJgq2KTYl0OIDu6l1vHrG3/PmBMmw0qKkullBwNyNLg6U + OcVkR7QEjA5s+wNRd0L/b3whQKBZVKoeKSR9Gui/19sNuN1F0JVxD7eChO3ihQ/A + whI1QGr4PmBErd+ThTFkA+KiVEK5/7/HsBxskpLlo1MeakhJbAFt4TczNKUvAbfG + oOzhJhk2eI0hYcU6iYWglG1tMZIlsjDZbQVepGkv63H9r0t3Wsn7w44blD5mF89h + 0z6TCrKIo+pHMLTyeEqAGODfyKEecwIDAQABAoICAQCO+g6P6BwuLLbtEBUt/KQk + J1BYHT5rVPVlJKai0mE88nJ+/Oxs/d69TChfEUi8Kik2wokZyw2lAt6oyS/i+YVr + 7mGsGuvayDi15m98fHmd8HcW8w7zYtu1SFiEoYDIzlU5yx2zVpnc5fIXJyldgR8c + 56EVERwYI7XJDOiA9TUocqenYoL28f2KAVE2qydMPTB4Petq1wluM9gm6v33xwOY + 1eq00o+RzTkTxpx6et6e9pK5+CkpWb5k3sRqssKRtBpkZABLXd1Lk7/kGzfu3u9L + otFty7nCi5b1f7lsIO1KlHH/rmQ7JU8QD4yXArX2evY2no2IfyheXVIMWqXTp55d + 6WQy5tLj3qaOWCCMB1+xGcbT1BSbfhJHII1rM3xwJyvvxB1X8nhhjxqC3jNxczRt + wTVNgKfJB1r5nbsqFHM8BrcWAMZnemuyjA5Pxj22IiKAR6LLdHTcgUHDXzpZfD4r + ypkR0o65/RoMkV6fnBz9ZD1P2MrIZ/IVOAFo7De4z6KFZOYoirBKfWfKRLTIN1IU + p/+qHmvpLEsTj8/WvquiUbMaUKbi7yQclVSh3HELSstj50n1hJ5T0/SRXG6yqaAJ + urBOkyhBqzSuKesACgh3fWOZFpwtw9eVLfW8LQbpCjITnGonk9OBfk/q2sLMrFVN + ODqNQVaRQMKRaIkiDTpeQQKCAQEA/WA9GP7veqxhvaO2dKV6s4dIvN5cPv26Inlj + j46kE8wmud2gN1wRaoeYopWywoOqqtfMoNvZuzMiqagV9tCqX8T5r/j72o/5FAke + 3nrv2wehGcmy4rK9p3asSXBguOiKgusgxi8m80NWZpdybnGqRv1O+tb0L8ikeIVj + JNcsv16zkYMXFi1vws/XdZaaIHd1n6LIIg2s3C67A+w5/u0/K0FUScv0CnEmvPAd + EGjjpF7AEYHyxo1+BbRyC/5KMI4WSBI8kSFKX4385YcnxM2Tlqi0A7czpxdEmy8Z + cNuXo7hGcnH/pujHzJ4uHA94koSunv536qwBExRjycEymhujUwKCAQEA0F7Wq5uf + vfeg9fkfaNw7rFeJMy1uzkYQP7HvEJ/Jcv3Jnt8xB6I9ZtHN/mvd39G7OVLM0Qtc + IK0bPgqmpRJx7POn7ypl4Cn1138jjRI1tSqdyjRRwWXXCpnLrqXGEOVFWXlpbbdp + GR588tsh9kGVnkuhxcCq4mDHJJYrasJiHZLp33reuCtSLTe0LLRUADu+YNmRW/dz + euzPiMftEmOiL0Mac05h/nFzqTfd92rSp5mUwFI43vwV9oRoWOnt8nripWfHxcc1 + 6l0vvvZaIZW8Bdgsvwakd7KchMkugFTCuyXYxvGdQ+9f0fzhPCzbw2HDm67DezmS + ALMtSmeYugtUYQKCAQEAjkFJLE59r/c2jR1sZANAZ6lNylRhoDAeIBrdLg1cy4y0 + NWhb+pjjYlcs+CNqENGRsYelaK7miLbGAFDRvBgdf9V8hjMZW/W3V2tjfG+zWNro + tSzMFYFa/7meM0E33LkagzR12y9ABBZLXSAsbBu/CUpQ3H5w7J8O0Ge7aUSx5+PI + l6rs/FOYSt0cT/W1JQNM88qV6KCa66gE8cfgK+ORsrxkEWbD5lTu9ectujfZj0Bv + P6Ug5B8uoQ9VdKxZhPdRRTeP77+sHQf/8/I0/saY1V50ax2hj2994k7ITtfLRG1C + iCC+8zwAaT5qDvEUtdZun++o7gWSON8aw3yH54Qa5wKCAQAHIafROcNO2iHNKViU + 2yzDqj9M3Bo1vxohQ/K9q+pWIC99W4AvFbNqSHX3ZjOyzFfPD3FpGi1uBN6w0eaA + MdBqXrB5tAbGlEkQtg4+bsgdyjaaTA4cQ2MHvtnEwXG09FPaSxh7o9JaBLwcB7ny + 1q3LPCVuQjjXBJ7sNqOHxN1cy8FrX6YtwXXPjF+DRCy30VOjtu6NqjtukppLwSPx + BC3x1icamS0razCdMwdKx4IsMEpyBp5hq1kJFeEIYgE90kzdgl7I+xdyTPwsWfwd + uCU2Qf7ODukkG53VwZjw1XXQt+viazSJtbCe3DvNNm/TEQ6DzohsOD0x/u/m4wLM + I0UhAoIBAAj3ejPQCB6b48GxrIuODuu3LfLrabldLtdJNbnauOFwI8w4RlNUAjxR + g7UaaiAoj7shgRcr4cL9uLREQZRU5bN/fzvfEeKM9HRrJVNOti9+h7u/KO2jcCQ2 + iziX+8ZhtAqT4EoYPbkhnASodkPt9di12/49Qk6R1VjV4+L6As4ZhO5p+4UYRw7u + Ln2w4d9axFcfeKeiUpvB/vXjLUaZSGmo2MxHhp4XTYTnl2vo67iPLMtxpgOovbBq + 8+st29YggvQNeYfkfy4yHrXrKij++rJjQJ+J3JfrxyOht1FBjN0+poS6ixejMKMG + pvvPUbqDVjrthaT4hv/xoiQjdI2DeYw= + -----END PRIVATE KEY-----""" + +else: + key = binascii.unhexlify( + b"3082013b020100024100cc20643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef" + b"610a6a6ba14abb891745cd18a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f" + b"872d0203010001024100bb17a54aeb3dd7ae4edec05e775ca9632cf02d29c2a089b563b0" + b"d05cdf95aeca507de674553f28b4eadaca82d5549a86058f9996b07768686a5b02cb240d" + b"d9f1022100f4a63f5549e817547dca97b5c658038e8593cb78c5aba3c4642cc4cd031d86" + b"8f022100d598d870ffe4a34df8de57047a50b97b71f4d23e323f527837c9edae88c79483" + b"02210098560c89a70385c36eb07fd7083235c4c1184e525d838aedf7128958bedfdbb102" + b"2051c0dab7057a8176ca966f3feb81123d4974a733df0f958525f547dfd1c271f9022044" + b"6c2cafad455a671a8cf398e642e1be3b18a3d3aec2e67a9478f83c964c4f1f" + ) + + cert = binascii.unhexlify( + b"308201d53082017f020203e8300d06092a864886f70d01010505003075310b3009060355" + b"0406130258583114301206035504080c0b54686550726f76696e63653110300e06035504" + b"070c075468654369747931133011060355040a0c0a436f6d70616e7958595a3113301106" + b"0355040b0c0a436f6d70616e7958595a3114301206035504030c0b546865486f73744e61" + b"6d65301e170d3139313231383033333935355a170d3239313231353033333935355a3075" + b"310b30090603550406130258583114301206035504080c0b54686550726f76696e636531" + b"10300e06035504070c075468654369747931133011060355040a0c0a436f6d70616e7958" + b"595a31133011060355040b0c0a436f6d70616e7958595a3114301206035504030c0b5468" + b"65486f73744e616d65305c300d06092a864886f70d0101010500034b003048024100cc20" + b"643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef610a6a6ba14abb891745cd18" + b"a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f872d0203010001300d06092a" + b"864886f70d0101050500034100b0513fe2829e9ecbe55b6dd14c0ede7502bde5d46153c8" + b"e960ae3ebc247371b525caeb41bbcf34686015a44c50d226e66aef0a97a63874ca5944ef" + b"979b57f0b3" + ) + +# Server +def instance0(): + multitest.globals(IP=multitest.get_network_ip()) + s = socket.socket() + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1]) + s.listen(1) + multitest.next() + s2, _ = s.accept() + s2 = ssl.wrap_socket(s2, server_side=True, key=key, cert=cert) + print(s2.read(16)) + s2.write(b"server to client") + s2.close() + s.close() + + +# Client +def instance1(): + multitest.next() + s = socket.socket() + s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) + if _MBEDTLS: + s = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs=cert) + else: + s = ssl.wrap_socket(s) + s.write(b"client to server") + print(s.read(16)) + s.close() diff --git a/tests/multi_net/ssl_cert_rsa.py.exp b/tests/multi_net/ssl_cert_rsa.py.exp new file mode 100644 index 0000000000000..909c496d019e1 --- /dev/null +++ b/tests/multi_net/ssl_cert_rsa.py.exp @@ -0,0 +1,4 @@ +--- instance0 --- +b'client to server' +--- instance1 --- +b'server to client' diff --git a/tests/net_inet/ssl_cert.py b/tests/net_inet/ssl_cert.py new file mode 100644 index 0000000000000..4eefc353b1d64 --- /dev/null +++ b/tests/net_inet/ssl_cert.py @@ -0,0 +1,121 @@ +try: + import usocket as _socket +except: + import _socket +try: + import ussl as ssl +except: + import ssl + + +ca_cert_chain = b"""-----BEGIN CERTIFICATE----- +MIIFHzCCBAegAwIBAgISBDNT3d/NtE1ppCrdRpyVve9rMA0GCSqGSIb3DQEBCwUA +MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD +EwJSMzAeFw0yMjA1MjYwNzQ1MTJaFw0yMjA4MjQwNzQ1MTFaMBcxFTATBgNVBAMT +DGRwZ2VvcmdlLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALt3 +Kx60TijbUvhOSCgCY4BDwYcmTTKoBm9bpXrhaYoCJEX05lCXghnEuWvudjvRsfuK +paKo1i03lzCcdOoAorcqlwTVO09XKdEAtNi7bBpbr8ajqB7ptRm9aGLWi2p0lTGp ++uyNY6LUjNgCf/VJvFddPOS8q0TNhakdgG8BR31PDAxuWy3wA2YTv8Ppj089elEY +UmPhFIm1YSnMH3Owjtukwv0r3pe03AJ760Lgm4hHZO2S0H/qH0gyoWkHbq+e7Ba8 +4gtursn7M6E2vWBNgFsV1fZTyIRmyWBRgIVSIxGU4ultzmfJQI/hRgD8cnOnZrrC +Ns3+1bwFMXSiuKIhBU0CAwEAAaOCAkgwggJEMA4GA1UdDwEB/wQEAwIFoDAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E +FgQUHlWp/zVL6yP4hjPIT5MgkdnuU6wwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA +5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu +by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w +FwYDVR0RBBAwDoIMZHBnZW9yZ2UubmV0MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG +CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5 +cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAKXm+8J45OSHwVnOfY6V3 +5b5XfZxgCvj5TV0mXCVdx4QAAAGA/4qQPwAABAMASDBGAiEAlvSRyAAttg6WPIdn +hKh8ErL9qJBDq3OtcHntRxMCTAsCIQDhofbSXGUEyIe9pdavm+lMQUn3Pm5NjApj +sZC0klwBpgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABgP+K +kb0AAAQDAEcwRQIhAK29v0DD0yJ+m9pTfmRl+7f81NBJhAoEOUIwP7reiCxFAiBU ++JL/eDTynJYoP4ApO0Fkld6K7NpssZQf8ORlwVs/STANBgkqhkiG9w0BAQsFAAOC +AQEAVBMxcjf0FdQrsLetAZBkWi6ONVQYzTA1YSOzP1WMuenmd6uQY+j50iJv7RPX +KW4tmI0qjIWU32xlFxZLrZyWiplUXt4Vq19YvEygWk9pzjR4QBr/lmsk5YPKfY9u +z7faFDn/r4UrUdgGtaqO4HpVoXSQ9TGs9hYwdXyJPfIvsX431g8K+Fw/Kd9g3vlQ +IVFcjsVN9dafdz3e5VvKCXrZOqct5WbhcYqkfm4ehl7/PA16D0Y8b/8uWzemWxut +T1laVGkPtQuPqd1ZdralR1Jsjk6CgxhGuEH60u4xY7QwyRcS83951z/6jJPIE5Ss +H3+JgRraIhzr2urkEQaedBPK/g== +-----END CERTIFICATE----- + 1 s:/C=US/O=Let's Encrypt/CN=R3 + i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 +-----BEGIN CERTIFICATE----- +MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw +WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP +R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx +sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm +NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg +Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG +/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB +Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA +FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw +Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB +gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W +PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl +ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz +CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm +lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 +avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 +yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O +yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids +hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ +HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv +MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX +nLRbwHOoq7hHwg== +-----END CERTIFICATE----- + 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 + i:/O=Digital Signature Trust Co./CN=DST Root CA X3 +-----BEGIN CERTIFICATE----- +MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC +ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL +wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D +LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK +4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 +bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y +sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ +Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 +FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc +SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql +PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND +TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 +c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx ++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB +ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu +b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E +U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu +MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC +5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW +9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG +WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O +he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC +Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 +-----END CERTIFICATE-----""" + + +def main(use_stream=True): + s = _socket.socket() + ai = _socket.getaddrinfo("micropython.org", 443) + print("Address infos:", ai) + addr = ai[0][-1] + print("Connect address:", addr) + s.connect(addr) + s = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_cert_chain) + print(s) + s.close() + return True + + +main() From 4c86723eb7e4498b45f19ad9f0d10b8347ebf095 Mon Sep 17 00:00:00 2001 From: Carlosgg Date: Mon, 18 Jul 2022 18:05:28 +0100 Subject: [PATCH 2/2] extmod/modussl_mbedtls.c: Switch ca_certs to cadata. Rename ca_certs kwarg in ssl.wrap_socket to cadata to avoid name clash with CPython ca_certs. Signed-off-by: Carlos Gil --- docs/library/ssl.rst | 7 +- extmod/modussl_mbedtls.c | 8 +- tests/multi_net/ssl_cert_ecc.py | 98 ------------ tests/multi_net/ssl_cert_ecc.py.exp | 4 - tests/multi_net/ssl_cert_rsa.py | 229 +++++++++++++--------------- tests/net_inet/ssl_cert.py | 153 +++++++------------ tests/net_inet/ssl_cert.py.exp | 1 + 7 files changed, 172 insertions(+), 328 deletions(-) delete mode 100644 tests/multi_net/ssl_cert_ecc.py delete mode 100644 tests/multi_net/ssl_cert_ecc.py.exp create mode 100644 tests/net_inet/ssl_cert.py.exp diff --git a/docs/library/ssl.rst b/docs/library/ssl.rst index d76c3ba223b53..21444fa9de4b2 100644 --- a/docs/library/ssl.rst +++ b/docs/library/ssl.rst @@ -13,7 +13,7 @@ facilities for network sockets, both client-side and server-side. Functions --------- -.. function:: ssl.wrap_socket(sock, server_side=False, keyfile=None, certfile=None, cert_reqs=CERT_NONE, ca_certs=None, do_handshake=True) +.. function:: ssl.wrap_socket(sock, server_side=False, keyfile=None, certfile=None, cert_reqs=CERT_NONE, cadata=None, server_hostname=None, do_handshake=True) Takes a `stream` *sock* (usually socket.socket instance of ``SOCK_STREAM`` type), and returns an instance of ssl.SSLSocket, which wraps the underlying stream in @@ -35,7 +35,10 @@ Functions Note that for mbedtls based ports, ``ssl.CERT_NONE`` and ``ssl.CERT_OPTIONAL`` will not validate any certificate, only ``ssl.CERT_REQUIRED`` will. - - *ca_certs* is the CA certificate chain that will validate the peer's certificate. + - *cadata* is the CA certificate chain (in *DER* format) that will validate the peer's certificate. + + - *server_hostname* determines which hostname to connect to, allowing the server + to present the proper certificate (this is known as Server Name Indication (SNI)) Depending on the underlying module implementation in a particular diff --git a/extmod/modussl_mbedtls.c b/extmod/modussl_mbedtls.c index a2eea8bd58080..3b7e5a9d51e64 100644 --- a/extmod/modussl_mbedtls.c +++ b/extmod/modussl_mbedtls.c @@ -64,7 +64,7 @@ struct ssl_args { mp_arg_val_t server_side; mp_arg_val_t server_hostname; mp_arg_val_t cert_reqs; - mp_arg_val_t ca_certs; + mp_arg_val_t cadata; mp_arg_val_t do_handshake; }; @@ -242,9 +242,9 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) { } } - if (args->ca_certs.u_obj != mp_const_none) { + if (args->cadata.u_obj != mp_const_none) { size_t cacert_len; - const byte *cacert = (const byte *)mp_obj_str_get_data(args->ca_certs.u_obj, &cacert_len); + const byte *cacert = (const byte *)mp_obj_str_get_data(args->cadata.u_obj, &cacert_len); // len should include terminating null ret = mbedtls_x509_crt_parse(&o->cacert, cacert, cacert_len + 1); if (ret != 0) { @@ -415,7 +415,7 @@ STATIC mp_obj_t mod_ssl_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_ { MP_QSTR_server_side, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} }, { MP_QSTR_server_hostname, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} }, { MP_QSTR_cert_reqs, MP_ARG_KW_ONLY | MP_ARG_INT, {.u_int = MBEDTLS_SSL_VERIFY_NONE}}, - { MP_QSTR_ca_certs, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} }, + { MP_QSTR_cadata, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} }, { MP_QSTR_do_handshake, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = true} }, }; diff --git a/tests/multi_net/ssl_cert_ecc.py b/tests/multi_net/ssl_cert_ecc.py deleted file mode 100644 index c306a924622d7..0000000000000 --- a/tests/multi_net/ssl_cert_ecc.py +++ /dev/null @@ -1,98 +0,0 @@ -# Simple test creating an SSL connection and transferring some data -# This test won't run under CPython because it requires key/cert - -try: - import ubinascii as binascii, usocket as socket, ussl as ssl -except ImportError: - print("SKIP") - raise SystemExit - -PORT = 8000 -_MBEDTLS = hasattr(ssl, "CERT_REQUIRED") - -# This self-signed key/cert pair is randomly generated and to be used for -# testing/demonstration only. You should always generate your own key/cert. -if _MBEDTLS: - cert = b"""-----BEGIN CERTIFICATE----- - MIICSTCCAe+gAwIBAgIJAK7kDH3KW/pbMAoGCCqGSM49BAMCMIGAMQswCQYDVQQG - EwJBVTEMMAoGA1UECAwDRm9vMQwwCgYDVQQHDANCYXIxFDASBgNVBAoMC01pY3Jv - UHl0aG9uMQswCQYDVQQLDAJNUDEWMBQGA1UEAwwNZXNwaG9tZS5sb2NhbDEaMBgG - CSqGSIb3DQEJARYLZm9vQGJhci5jb20wHhcNMjIwNzEyMTcxOTU5WhcNMzIwNzA5 - MTcxOTU5WjCBgDELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA0ZvbzEMMAoGA1UEBwwD - QmFyMRQwEgYDVQQKDAtNaWNyb1B5dGhvbjELMAkGA1UECwwCTVAxFjAUBgNVBAMM - DWVzcGhvbWUubG9jYWwxGjAYBgkqhkiG9w0BCQEWC2Zvb0BiYXIuY29tMFkwEwYH - KoZIzj0CAQYIKoZIzj0DAQcDQgAEmuTTWsQ44oUgEt/fpjm33x2JbS8FdiVnC2Cc - 4QFUsr8AqVTOwCzqqDO6MvXask8WyBjmROV0NS1QAp8zM8CnlqNQME4wHQYDVR0O - BBYEFLS6piYUhW4Z3l6DSyNC6BuJetg9MB8GA1UdIwQYMBaAFLS6piYUhW4Z3l6D - SyNC6BuJetg9MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgaoRjizC+ - AvvlQQjl6Jw3lFCxvuYrwy4YwNKgqJDyz8UCIQCFyMWi4kkniUZxhCZwuvJiPXl/ - HFSxkQyQfayCKkApCA== - -----END CERTIFICATE-----""" - - key = b"""-----BEGIN EC PARAMETERS----- - BggqhkjOPQMBBw== - -----END EC PARAMETERS----- - -----BEGIN EC PRIVATE KEY----- - MHcCAQEEII9I4GhoeGqhgOz5Ybqh5NTEwLQmli1jIzvrr6/6clLSoAoGCCqGSM49 - AwEHoUQDQgAEmuTTWsQ44oUgEt/fpjm33x2JbS8FdiVnC2Cc4QFUsr8AqVTOwCzq - qDO6MvXask8WyBjmROV0NS1QAp8zM8Cnlg== - -----END EC PRIVATE KEY-----""" - -else: - key = binascii.unhexlify( - b"3082013b020100024100cc20643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef" - b"610a6a6ba14abb891745cd18a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f" - b"872d0203010001024100bb17a54aeb3dd7ae4edec05e775ca9632cf02d29c2a089b563b0" - b"d05cdf95aeca507de674553f28b4eadaca82d5549a86058f9996b07768686a5b02cb240d" - b"d9f1022100f4a63f5549e817547dca97b5c658038e8593cb78c5aba3c4642cc4cd031d86" - b"8f022100d598d870ffe4a34df8de57047a50b97b71f4d23e323f527837c9edae88c79483" - b"02210098560c89a70385c36eb07fd7083235c4c1184e525d838aedf7128958bedfdbb102" - b"2051c0dab7057a8176ca966f3feb81123d4974a733df0f958525f547dfd1c271f9022044" - b"6c2cafad455a671a8cf398e642e1be3b18a3d3aec2e67a9478f83c964c4f1f" - ) - - cert = binascii.unhexlify( - b"308201d53082017f020203e8300d06092a864886f70d01010505003075310b3009060355" - b"0406130258583114301206035504080c0b54686550726f76696e63653110300e06035504" - b"070c075468654369747931133011060355040a0c0a436f6d70616e7958595a3113301106" - b"0355040b0c0a436f6d70616e7958595a3114301206035504030c0b546865486f73744e61" - b"6d65301e170d3139313231383033333935355a170d3239313231353033333935355a3075" - b"310b30090603550406130258583114301206035504080c0b54686550726f76696e636531" - b"10300e06035504070c075468654369747931133011060355040a0c0a436f6d70616e7958" - b"595a31133011060355040b0c0a436f6d70616e7958595a3114301206035504030c0b5468" - b"65486f73744e616d65305c300d06092a864886f70d0101010500034b003048024100cc20" - b"643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef610a6a6ba14abb891745cd18" - b"a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f872d0203010001300d06092a" - b"864886f70d0101050500034100b0513fe2829e9ecbe55b6dd14c0ede7502bde5d46153c8" - b"e960ae3ebc247371b525caeb41bbcf34686015a44c50d226e66aef0a97a63874ca5944ef" - b"979b57f0b3" - ) - -# Server -def instance0(): - multitest.globals(IP=multitest.get_network_ip()) - s = socket.socket() - s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1]) - s.listen(1) - multitest.next() - s2, _ = s.accept() - s2 = ssl.wrap_socket(s2, server_side=True, key=key, cert=cert) - print(s2.read(16)) - s2.write(b"server to client") - s2.close() - s.close() - - -# Client -def instance1(): - multitest.next() - s = socket.socket() - s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) - if _MBEDTLS: - s = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs=cert) - else: - s = ssl.wrap_socket(s) - s.write(b"client to server") - print(s.read(16)) - s.close() diff --git a/tests/multi_net/ssl_cert_ecc.py.exp b/tests/multi_net/ssl_cert_ecc.py.exp deleted file mode 100644 index 909c496d019e1..0000000000000 --- a/tests/multi_net/ssl_cert_ecc.py.exp +++ /dev/null @@ -1,4 +0,0 @@ ---- instance0 --- -b'client to server' ---- instance1 --- -b'server to client' diff --git a/tests/multi_net/ssl_cert_rsa.py b/tests/multi_net/ssl_cert_rsa.py index 6910a34d64116..05b2b9fbd1d5d 100644 --- a/tests/multi_net/ssl_cert_rsa.py +++ b/tests/multi_net/ssl_cert_rsa.py @@ -8,128 +8,120 @@ raise SystemExit PORT = 8000 -_MBEDTLS = hasattr(ssl, "CERT_REQUIRED") + # This self-signed key/cert pair is randomly generated and to be used for # testing/demonstration only. You should always generate your own key/cert. -if _MBEDTLS: - cert = b"""-----BEGIN CERTIFICATE----- - MIIF1zCCA7+gAwIBAgIJALxjtIpwDD1JMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD - VQQGEwJBVTEMMAoGA1UECAwDRm9vMQwwCgYDVQQHDANCYXIxFDASBgNVBAoMC01p - Y3JvUHl0aG9uMQwwCgYDVQQLDANmb28xFjAUBgNVBAMMDWVzcGhvbWUubG9jYWwx - GjAYBgkqhkiG9w0BCQEWC2Zvb0BiYXIuY29tMB4XDTIyMDcxMjE4MDAxM1oXDTIz - MDcxMjE4MDAxM1owgYExCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANGb28xDDAKBgNV - BAcMA0JhcjEUMBIGA1UECgwLTWljcm9QeXRob24xDDAKBgNVBAsMA2ZvbzEWMBQG - A1UEAwwNZXNwaG9tZS5sb2NhbDEaMBgGCSqGSIb3DQEJARYLZm9vQGJhci5jb20w - ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOPA9zCrNEMs5gWrRNSsCq - /YpiQxM+qw3MnURKt9n/ZqaBWhAdLTy9chQK/DT4w8rtzhbpUoNQ8+DlY0PySFB9 - guQbUau1Fcv2Dlphny28qGhNF0w7CVHix7pXbH+wZFOjWXdVgQpqTEXrCSXIVatT - d4XfRr8pFFhxMw/wZBoQGiTwgwwguuhluouzJgbKrEVVgSrPGfWVUzSc5w+3/2NR - LwRE+PQblzGD6r+WeZAwh8bNadw63L51TdAgfqV8UOktgAvOYljRYYu3SdP8ASOb - bRr20/nK2jrLsxKh2FpZz6vSiy5XLFakgYzhcMoreBoEdJxiOSBsZK2eBXSEFDpM - Ur3vYYnEZAXBqWQkictkCpN638JodXjforQOuvoFITZCocy8JlVXzUDeUzJM/xv7 - pvXCFfZXuPnyJgq2KTYl0OIDu6l1vHrG3/PmBMmw0qKkullBwNyNLg6UOcVkR7QE - jA5s+wNRd0L/b3whQKBZVKoeKSR9Gui/19sNuN1F0JVxD7eChO3ihQ/AwhI1QGr4 - PmBErd+ThTFkA+KiVEK5/7/HsBxskpLlo1MeakhJbAFt4TczNKUvAbfGoOzhJhk2 - eI0hYcU6iYWglG1tMZIlsjDZbQVepGkv63H9r0t3Wsn7w44blD5mF89h0z6TCrKI - o+pHMLTyeEqAGODfyKEecwIDAQABo1AwTjAdBgNVHQ4EFgQUvGBI/jzSeCV+i3yQ - 3tu86DabILgwHwYDVR0jBBgwFoAUvGBI/jzSeCV+i3yQ3tu86DabILgwDAYDVR0T - BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEACSODVLQzeaPStW6SjKyOoo4sAc+B - SOVMC71AVeLlfVeGl9Hiw5Lx/jvJIR1PJ+0b5jHnVHpjkNfxIaniChlf3ac/dVGI - sWzzlxSSSpaG3XzHSUITNQOMBkDCxrFd9E102UqXKF7ip7B1zMnZ1jLipZBgMM9Z - veFKsQZgt89H7J164vNZY0VPdnNaPawSpKTJBxg+nM8+B9WUhMGC5n7cfDXOFcfh - By+ujJlloSYaHzEUfUr40ev47nwUK63+Z+MfsySnmim8lOiTcLcNjPfNKyqkJ6Sf - d4SYkefE1ZEfb9pSczo8FpsBiMLZkY8pbdjiNPiWLw215HxhWUSARU4tmlhQ1MaW - oPs7ZlNKRZHEndqMxvGwAIxiWqXgCR7PvVHZcVxguF5OidSmz6uyrN+BUY62FAO4 - +HZ8XAAhb3MOCPIpWd/2laCBzHJsSrNa4/ZTiiMfgxpukSBvO2kalL35U0PsAu96 - rELaKnCEbNXxPdKVWl8XN6TDxsA7BB0zTB2t0eMF8HyDtLTgUJ7B0j6V+CApCULq - r4vqMEzVpQWPwNRiT/H/4TSOe8VMdWoSrLJY6150JvsGKoK4jsJ0ycE7Pv+LAQlH - YuFm9JDNJbFOdi23CHhYWaM32P0ACP5gKpDikzze0zWemM4/vAQSCGa9TZbWtvf1 - Pe+FTUACEZa3oGs= - -----END CERTIFICATE-----""" - key = b"""-----BEGIN PRIVATE KEY----- - MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDOPA9zCrNEMs5g - WrRNSsCq/YpiQxM+qw3MnURKt9n/ZqaBWhAdLTy9chQK/DT4w8rtzhbpUoNQ8+Dl - Y0PySFB9guQbUau1Fcv2Dlphny28qGhNF0w7CVHix7pXbH+wZFOjWXdVgQpqTEXr - CSXIVatTd4XfRr8pFFhxMw/wZBoQGiTwgwwguuhluouzJgbKrEVVgSrPGfWVUzSc - 5w+3/2NRLwRE+PQblzGD6r+WeZAwh8bNadw63L51TdAgfqV8UOktgAvOYljRYYu3 - SdP8ASObbRr20/nK2jrLsxKh2FpZz6vSiy5XLFakgYzhcMoreBoEdJxiOSBsZK2e - BXSEFDpMUr3vYYnEZAXBqWQkictkCpN638JodXjforQOuvoFITZCocy8JlVXzUDe - UzJM/xv7pvXCFfZXuPnyJgq2KTYl0OIDu6l1vHrG3/PmBMmw0qKkullBwNyNLg6U - OcVkR7QEjA5s+wNRd0L/b3whQKBZVKoeKSR9Gui/19sNuN1F0JVxD7eChO3ihQ/A - whI1QGr4PmBErd+ThTFkA+KiVEK5/7/HsBxskpLlo1MeakhJbAFt4TczNKUvAbfG - oOzhJhk2eI0hYcU6iYWglG1tMZIlsjDZbQVepGkv63H9r0t3Wsn7w44blD5mF89h - 0z6TCrKIo+pHMLTyeEqAGODfyKEecwIDAQABAoICAQCO+g6P6BwuLLbtEBUt/KQk - J1BYHT5rVPVlJKai0mE88nJ+/Oxs/d69TChfEUi8Kik2wokZyw2lAt6oyS/i+YVr - 7mGsGuvayDi15m98fHmd8HcW8w7zYtu1SFiEoYDIzlU5yx2zVpnc5fIXJyldgR8c - 56EVERwYI7XJDOiA9TUocqenYoL28f2KAVE2qydMPTB4Petq1wluM9gm6v33xwOY - 1eq00o+RzTkTxpx6et6e9pK5+CkpWb5k3sRqssKRtBpkZABLXd1Lk7/kGzfu3u9L - otFty7nCi5b1f7lsIO1KlHH/rmQ7JU8QD4yXArX2evY2no2IfyheXVIMWqXTp55d - 6WQy5tLj3qaOWCCMB1+xGcbT1BSbfhJHII1rM3xwJyvvxB1X8nhhjxqC3jNxczRt - wTVNgKfJB1r5nbsqFHM8BrcWAMZnemuyjA5Pxj22IiKAR6LLdHTcgUHDXzpZfD4r - ypkR0o65/RoMkV6fnBz9ZD1P2MrIZ/IVOAFo7De4z6KFZOYoirBKfWfKRLTIN1IU - p/+qHmvpLEsTj8/WvquiUbMaUKbi7yQclVSh3HELSstj50n1hJ5T0/SRXG6yqaAJ - urBOkyhBqzSuKesACgh3fWOZFpwtw9eVLfW8LQbpCjITnGonk9OBfk/q2sLMrFVN - ODqNQVaRQMKRaIkiDTpeQQKCAQEA/WA9GP7veqxhvaO2dKV6s4dIvN5cPv26Inlj - j46kE8wmud2gN1wRaoeYopWywoOqqtfMoNvZuzMiqagV9tCqX8T5r/j72o/5FAke - 3nrv2wehGcmy4rK9p3asSXBguOiKgusgxi8m80NWZpdybnGqRv1O+tb0L8ikeIVj - JNcsv16zkYMXFi1vws/XdZaaIHd1n6LIIg2s3C67A+w5/u0/K0FUScv0CnEmvPAd - EGjjpF7AEYHyxo1+BbRyC/5KMI4WSBI8kSFKX4385YcnxM2Tlqi0A7czpxdEmy8Z - cNuXo7hGcnH/pujHzJ4uHA94koSunv536qwBExRjycEymhujUwKCAQEA0F7Wq5uf - vfeg9fkfaNw7rFeJMy1uzkYQP7HvEJ/Jcv3Jnt8xB6I9ZtHN/mvd39G7OVLM0Qtc - IK0bPgqmpRJx7POn7ypl4Cn1138jjRI1tSqdyjRRwWXXCpnLrqXGEOVFWXlpbbdp - GR588tsh9kGVnkuhxcCq4mDHJJYrasJiHZLp33reuCtSLTe0LLRUADu+YNmRW/dz - euzPiMftEmOiL0Mac05h/nFzqTfd92rSp5mUwFI43vwV9oRoWOnt8nripWfHxcc1 - 6l0vvvZaIZW8Bdgsvwakd7KchMkugFTCuyXYxvGdQ+9f0fzhPCzbw2HDm67DezmS - ALMtSmeYugtUYQKCAQEAjkFJLE59r/c2jR1sZANAZ6lNylRhoDAeIBrdLg1cy4y0 - NWhb+pjjYlcs+CNqENGRsYelaK7miLbGAFDRvBgdf9V8hjMZW/W3V2tjfG+zWNro - tSzMFYFa/7meM0E33LkagzR12y9ABBZLXSAsbBu/CUpQ3H5w7J8O0Ge7aUSx5+PI - l6rs/FOYSt0cT/W1JQNM88qV6KCa66gE8cfgK+ORsrxkEWbD5lTu9ectujfZj0Bv - P6Ug5B8uoQ9VdKxZhPdRRTeP77+sHQf/8/I0/saY1V50ax2hj2994k7ITtfLRG1C - iCC+8zwAaT5qDvEUtdZun++o7gWSON8aw3yH54Qa5wKCAQAHIafROcNO2iHNKViU - 2yzDqj9M3Bo1vxohQ/K9q+pWIC99W4AvFbNqSHX3ZjOyzFfPD3FpGi1uBN6w0eaA - MdBqXrB5tAbGlEkQtg4+bsgdyjaaTA4cQ2MHvtnEwXG09FPaSxh7o9JaBLwcB7ny - 1q3LPCVuQjjXBJ7sNqOHxN1cy8FrX6YtwXXPjF+DRCy30VOjtu6NqjtukppLwSPx - BC3x1icamS0razCdMwdKx4IsMEpyBp5hq1kJFeEIYgE90kzdgl7I+xdyTPwsWfwd - uCU2Qf7ODukkG53VwZjw1XXQt+viazSJtbCe3DvNNm/TEQ6DzohsOD0x/u/m4wLM - I0UhAoIBAAj3ejPQCB6b48GxrIuODuu3LfLrabldLtdJNbnauOFwI8w4RlNUAjxR - g7UaaiAoj7shgRcr4cL9uLREQZRU5bN/fzvfEeKM9HRrJVNOti9+h7u/KO2jcCQ2 - iziX+8ZhtAqT4EoYPbkhnASodkPt9di12/49Qk6R1VjV4+L6As4ZhO5p+4UYRw7u - Ln2w4d9axFcfeKeiUpvB/vXjLUaZSGmo2MxHhp4XTYTnl2vo67iPLMtxpgOovbBq - 8+st29YggvQNeYfkfy4yHrXrKij++rJjQJ+J3JfrxyOht1FBjN0+poS6ixejMKMG - pvvPUbqDVjrthaT4hv/xoiQjdI2DeYw= - -----END PRIVATE KEY-----""" +# To generate a new self-signed key/cert pair with openssl do: +# $ openssl req -x509 -newkey rsa:4096 -keyout rsa_key.pem -out rsa_cert.pem -days 365 -node + +# Convert them to DER format: +# $ openssl rsa -in rsa_key.pem -out rsa_key.der -outform DER +# $ openssl x509 -in rsa_cert.pem -out rsa_key.der -outform DER -else: - key = binascii.unhexlify( - b"3082013b020100024100cc20643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef" - b"610a6a6ba14abb891745cd18a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f" - b"872d0203010001024100bb17a54aeb3dd7ae4edec05e775ca9632cf02d29c2a089b563b0" - b"d05cdf95aeca507de674553f28b4eadaca82d5549a86058f9996b07768686a5b02cb240d" - b"d9f1022100f4a63f5549e817547dca97b5c658038e8593cb78c5aba3c4642cc4cd031d86" - b"8f022100d598d870ffe4a34df8de57047a50b97b71f4d23e323f527837c9edae88c79483" - b"02210098560c89a70385c36eb07fd7083235c4c1184e525d838aedf7128958bedfdbb102" - b"2051c0dab7057a8176ca966f3feb81123d4974a733df0f958525f547dfd1c271f9022044" - b"6c2cafad455a671a8cf398e642e1be3b18a3d3aec2e67a9478f83c964c4f1f" - ) +cert = binascii.unhexlify( + b"308205d7308203bfa003020102020900bc63b48a700c3d49300d06092a864886f70d01010b050030" + b"8181310b3009060355040613024155310c300a06035504080c03466f6f310c300a06035504070c03" + b"42617231143012060355040a0c0b4d6963726f507974686f6e310c300a060355040b0c03666f6f31" + b"16301406035504030c0d657370686f6d652e6c6f63616c311a301806092a864886f70d010901160b" + b"666f6f406261722e636f6d301e170d3232303731323138303031335a170d32333037313231383030" + b"31335a308181310b3009060355040613024155310c300a06035504080c03466f6f310c300a060355" + b"04070c0342617231143012060355040a0c0b4d6963726f507974686f6e310c300a060355040b0c03" + b"666f6f3116301406035504030c0d657370686f6d652e6c6f63616c311a301806092a864886f70d01" + b"0901160b666f6f406261722e636f6d30820222300d06092a864886f70d01010105000382020f0030" + b"82020a0282020100ce3c0f730ab34432ce605ab44d4ac0aafd8a6243133eab0dcc9d444ab7d9ff66" + b"a6815a101d2d3cbd72140afc34f8c3caedce16e9528350f3e0e56343f248507d82e41b51abb515cb" + b"f60e5a619f2dbca8684d174c3b0951e2c7ba576c7fb06453a3597755810a6a4c45eb0925c855ab53" + b"7785df46bf29145871330ff0641a101a24f0830c20bae865ba8bb32606caac4555812acf19f59553" + b"349ce70fb7ff63512f0444f8f41b973183eabf9679903087c6cd69dc3adcbe754dd0207ea57c50e9" + b"2d800bce6258d1618bb749d3fc01239b6d1af6d3f9cada3acbb312a1d85a59cfabd28b2e572c56a4" + b"818ce170ca2b781a04749c6239206c64ad9e057484143a4c52bdef6189c46405c1a9642489cb640a" + b"937adfc2687578dfa2b40ebafa05213642a1ccbc265557cd40de53324cff1bfba6f5c215f657b8f9" + b"f2260ab6293625d0e203bba975bc7ac6dff3e604c9b0d2a2a4ba5941c0dc8d2e0e9439c56447b404" + b"8c0e6cfb03517742ff6f7c2140a05954aa1e29247d1ae8bfd7db0db8dd45d095710fb78284ede285" + b"0fc0c21235406af83e6044addf9385316403e2a25442b9ffbfc7b01c6c9292e5a3531e6a48496c01" + b"6de1373334a52f01b7c6a0ece1261936788d2161c53a8985a0946d6d319225b230d96d055ea4692f" + b"eb71fdaf4b775ac9fbc38e1b943e6617cf61d33e930ab288a3ea4730b4f2784a8018e0dfc8a11e73" + b"0203010001a350304e301d0603551d0e04160414bc6048fe3cd278257e8b7c90dedbbce8369b20b8" + b"301f0603551d23041830168014bc6048fe3cd278257e8b7c90dedbbce8369b20b8300c0603551d13" + b"040530030101ff300d06092a864886f70d01010b0500038202010009238354b43379a3d2b56e928c" + b"ac8ea28e2c01cf8148e54c0bbd4055e2e57d578697d1e2c392f1fe3bc9211d4f27ed1be631e7547a" + b"6390d7f121a9e20a195fdda73f755188b16cf39714924a9686dd7cc749421335038c0640c2c6b15d" + b"f44d74d94a97285ee2a7b075ccc9d9d632e2a5906030cf59bde14ab10660b7cf47ec9d7ae2f35963" + b"454f76735a3dac12a4a4c907183e9ccf3e07d59484c182e67edc7c35ce15c7e1072fae8c9965a126" + b"1a1f31147d4af8d1ebf8ee7c142badfe67e31fb324a79a29bc94e89370b70d8cf7cd2b2aa427a49f" + b"77849891e7c4d5911f6fda52733a3c169b0188c2d9918f296dd8e234f8962f0db5e47c6159448045" + b"4e2d9a5850d4c696a0fb3b66534a4591c49dda8cc6f1b0008c625aa5e0091ecfbd51d9715c60b85e" + b"4e89d4a6cfabb2acdf81518eb61403b8f8767c5c00216f730e08f22959dff695a081cc726c4ab35a" + b"e3f6538a231f831a6e91206f3b691a94bdf95343ec02ef7aac42da2a70846cd5f13dd2955a5f1737" + b"a4c3c6c03b041d334c1dadd1e305f07c83b4b4e0509ec1d23e95f820290942eaaf8bea304cd5a505" + b"8fc0d4624ff1ffe1348e7bc54c756a12acb258eb5e7426fb062a82b88ec274c9c13b3eff8b010947" + b"62e166f490cd25b14e762db708785859a337d8fd0008fe602a90e2933cded3359e98ce3fbc041208" + b"66bd4d96d6b6f7f53def854d40021196b7a06b" +) - cert = binascii.unhexlify( - b"308201d53082017f020203e8300d06092a864886f70d01010505003075310b3009060355" - b"0406130258583114301206035504080c0b54686550726f76696e63653110300e06035504" - b"070c075468654369747931133011060355040a0c0a436f6d70616e7958595a3113301106" - b"0355040b0c0a436f6d70616e7958595a3114301206035504030c0b546865486f73744e61" - b"6d65301e170d3139313231383033333935355a170d3239313231353033333935355a3075" - b"310b30090603550406130258583114301206035504080c0b54686550726f76696e636531" - b"10300e06035504070c075468654369747931133011060355040a0c0a436f6d70616e7958" - b"595a31133011060355040b0c0a436f6d70616e7958595a3114301206035504030c0b5468" - b"65486f73744e616d65305c300d06092a864886f70d0101010500034b003048024100cc20" - b"643fd3d9c21a0acba4f48f61aadd675f52175a9dcf07fbef610a6a6ba14abb891745cd18" - b"a1d4c056580d8ff1a639460f867013c8391cdc9f2e573b0f872d0203010001300d06092a" - b"864886f70d0101050500034100b0513fe2829e9ecbe55b6dd14c0ede7502bde5d46153c8" - b"e960ae3ebc247371b525caeb41bbcf34686015a44c50d226e66aef0a97a63874ca5944ef" - b"979b57f0b3" - ) +key = binascii.unhexlify( + b"308209290201000282020100ce3c0f730ab34432ce605ab44d4ac0aafd8a6243133eab0dcc9d444a" + b"b7d9ff66a6815a101d2d3cbd72140afc34f8c3caedce16e9528350f3e0e56343f248507d82e41b51" + b"abb515cbf60e5a619f2dbca8684d174c3b0951e2c7ba576c7fb06453a3597755810a6a4c45eb0925" + b"c855ab537785df46bf29145871330ff0641a101a24f0830c20bae865ba8bb32606caac4555812acf" + b"19f59553349ce70fb7ff63512f0444f8f41b973183eabf9679903087c6cd69dc3adcbe754dd0207e" + b"a57c50e92d800bce6258d1618bb749d3fc01239b6d1af6d3f9cada3acbb312a1d85a59cfabd28b2e" + b"572c56a4818ce170ca2b781a04749c6239206c64ad9e057484143a4c52bdef6189c46405c1a96424" + b"89cb640a937adfc2687578dfa2b40ebafa05213642a1ccbc265557cd40de53324cff1bfba6f5c215" + b"f657b8f9f2260ab6293625d0e203bba975bc7ac6dff3e604c9b0d2a2a4ba5941c0dc8d2e0e9439c5" + b"6447b4048c0e6cfb03517742ff6f7c2140a05954aa1e29247d1ae8bfd7db0db8dd45d095710fb782" + b"84ede2850fc0c21235406af83e6044addf9385316403e2a25442b9ffbfc7b01c6c9292e5a3531e6a" + b"48496c016de1373334a52f01b7c6a0ece1261936788d2161c53a8985a0946d6d319225b230d96d05" + b"5ea4692feb71fdaf4b775ac9fbc38e1b943e6617cf61d33e930ab288a3ea4730b4f2784a8018e0df" + b"c8a11e73020301000102820201008efa0e8fe81c2e2cb6ed10152dfca4242750581d3e6b54f56524" + b"a6a2d2613cf2727efcec6cfddebd4c285f1148bc2a2936c28919cb0da502dea8c92fe2f9856bee61" + b"ac1aebdac838b5e66f7c7c799df07716f30ef362dbb5485884a180c8ce5539cb1db35699dce5f217" + b"27295d811f1ce7a115111c1823b5c90ce880f5352872a7a76282f6f1fd8a015136ab274c3d30783d" + b"eb6ad7096e33d826eafdf7c70398d5eab4d28f91cd3913c69c7a7ade9ef692b9f8292959be64dec4" + b"6ab2c291b41a6464004b5ddd4b93bfe41b37eedeef4ba2d16dcbb9c28b96f57fb96c20ed4a9471ff" + b"ae643b254f100f8c9702b5f67af6369e8d887f285e5d520c5aa5d3a79e5de96432e6d2e3dea68e58" + b"208c075fb119c6d3d4149b7e1247208d6b337c70272befc41d57f278618f1a82de337173346dc135" + b"4d80a7c9075af99dbb2a14733c06b71600c6677a6bb28c0e4fc63db622228047a2cb7474dc8141c3" + b"5f3a597c3e2bca9911d28eb9fd1a0c915e9f9c1cfd643d4fd8cac867f215380168ec37b8cfa28564" + b"e6288ab04a7d67ca44b4c8375214a7ffaa1e6be92c4b138fcfd6beaba251b31a50a6e2ef241c9554" + b"a1dc710b4acb63e749f5849e53d3f4915c6eb2a9a009bab04e932841ab34ae29eb000a08777d6399" + b"169c2dc3d7952df5bc2d06e90a32139c6a2793d3817e4feadac2ccac554d383a8d41569140c29168" + b"89220d3a5e410282010100fd603d18feef7aac61bda3b674a57ab38748bcde5c3efdba2279638f8e" + b"a413cc26b9dda0375c116a8798a295b2c283aaaad7cca0dbd9bb3322a9a815f6d0aa5fc4f9aff8fb" + b"da8ff914091ede7aefdb07a119c9b2e2b2bda776ac497060b8e88a82eb20c62f26f343566697726e" + b"71aa46fd4efad6f42fc8a478856324d72cbf5eb3918317162d6fc2cfd775969a2077759fa2c8220d" + b"acdc2ebb03ec39feed3f2b415449cbf40a7126bcf01d1068e3a45ec01181f2c68d7e05b4720bfe4a" + b"308e1648123c91214a5f8dfce58727c4cd9396a8b403b733a717449b2f1970db97a3b8467271ffa6" + b"e8c7cc9e2e1c0f789284ae9efe77eaac01131463c9c1329a1ba3530282010100d05ed6ab9b9fbdf7" + b"a0f5f91f68dc3bac5789332d6ece46103fb1ef109fc972fdc99edf3107a23d66d1cdfe6bdddfd1bb" + b"3952ccd10b5c20ad1b3e0aa6a51271ecf3a7ef2a65e029f5d77f238d1235b52a9dca3451c165d70a" + b"99cbaea5c610e5455979696db769191e7cf2db21f641959e4ba1c5c0aae260c724962b6ac2621d92" + b"e9df7adeb82b522d37b42cb454003bbe60d9915bf7737aeccf88c7ed1263a22f431a734e61fe7173" + b"a937ddf76ad2a79994c05238defc15f6846858e9edf27ae2a567c7c5c735ea5d2fbef65a2195bc05" + b"d82cbf06a477b29c84c92e8054c2bb25d8c6f19d43ef5fd1fce13c2cdbc361c39baec37b399200b3" + b"2d4a6798ba0b546102820101008e41492c4e7daff7368d1d6c64034067a94dca5461a0301e201add" + b"2e0d5ccb8cb435685bfa98e362572cf8236a10d191b187a568aee688b6c60050d1bc181d7fd57c86" + b"33195bf5b7576b637c6fb358dae8b52ccc15815affb99e334137dcb91a833475db2f4004164b5d20" + b"2c6c1bbf094a50dc7e70ec9f0ed067bb6944b1e7e3c897aaecfc53984add1c4ff5b525034cf3ca95" + b"e8a09aeba804f1c7e02be391b2bc641166c3e654eef5e72dba37d98f406f3fa520e41f2ea10f5574" + b"ac5984f75145378fefbfac1d07fff3f234fec698d55e746b1da18f6f7de24ec84ed7cb446d428820" + b"bef33c00693e6a0ef114b5d66e9fefa8ee059238df1ac37c87e7841ae7028201000721a7d139c34e" + b"da21cd295894db2cc3aa3f4cdc1a35bf1a2143f2bdabea56202f7d5b802f15b36a4875f76633b2cc" + b"57cf0f71691a2d6e04deb0d1e68031d06a5eb079b406c6944910b60e3e6ec81dca369a4c0e1c4363" + b"07bed9c4c171b4f453da4b187ba3d25a04bc1c07b9f2d6adcb3c256e4238d7049eec36a387c4dd5c" + b"cbc16b5fa62dc175cf8c5f83442cb7d153a3b6ee8daa3b6e929a4bc123f1042df1d6271a992d2b6b" + b"309d33074ac7822c304a72069e61ab590915e10862013dd24cdd825ec8fb17724cfc2c59fc1db825" + b"3641fece0ee9241b9dd5c198f0d575d0b7ebe26b3489b5b09edc3bcd366fd3110e83ce886c383d31" + b"feefe6e302cc2345210282010008f77a33d0081e9be3c1b1ac8b8e0eebb72df2eb69b95d2ed74935" + b"b9dab8e17023cc38465354023c5183b51a6a20288fbb2181172be1c2fdb8b444419454e5b37f7f3b" + b"df11e28cf4746b25534eb62f7e87bbbf28eda37024368b3897fbc661b40a93e04a183db9219c04a8" + b"7643edf5d8b5dbfe3d424e91d558d5e3e2fa02ce1984ee69fb8518470eee2e7db0e1df5ac4571f78" + b"a7a2529bc1fef5e32d46994869a8d8cc47869e174d84e7976be8ebb88f2ccb71a603a8bdb06af3eb" + b"2ddbd62082f40d7987e47f2e321eb5eb2a28fefab263409f89dc97ebc723a1b751418cdd3ea684ba" + b"8b17a330a306a6fbcf51ba83563aed85a4f886fff1a22423748d83798c" +) # Server def instance0(): @@ -152,10 +144,7 @@ def instance1(): multitest.next() s = socket.socket() s.connect(socket.getaddrinfo(IP, PORT)[0][-1]) - if _MBEDTLS: - s = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs=cert) - else: - s = ssl.wrap_socket(s) + s = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, cadata=cert) s.write(b"client to server") print(s.read(16)) s.close() diff --git a/tests/net_inet/ssl_cert.py b/tests/net_inet/ssl_cert.py index 4eefc353b1d64..2c18e9205aca1 100644 --- a/tests/net_inet/ssl_cert.py +++ b/tests/net_inet/ssl_cert.py @@ -4,118 +4,71 @@ import _socket try: import ussl as ssl + import ubinascii as binascii except: import ssl + import binascii -ca_cert_chain = b"""-----BEGIN CERTIFICATE----- -MIIFHzCCBAegAwIBAgISBDNT3d/NtE1ppCrdRpyVve9rMA0GCSqGSIb3DQEBCwUA -MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD -EwJSMzAeFw0yMjA1MjYwNzQ1MTJaFw0yMjA4MjQwNzQ1MTFaMBcxFTATBgNVBAMT -DGRwZ2VvcmdlLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALt3 -Kx60TijbUvhOSCgCY4BDwYcmTTKoBm9bpXrhaYoCJEX05lCXghnEuWvudjvRsfuK -paKo1i03lzCcdOoAorcqlwTVO09XKdEAtNi7bBpbr8ajqB7ptRm9aGLWi2p0lTGp -+uyNY6LUjNgCf/VJvFddPOS8q0TNhakdgG8BR31PDAxuWy3wA2YTv8Ppj089elEY -UmPhFIm1YSnMH3Owjtukwv0r3pe03AJ760Lgm4hHZO2S0H/qH0gyoWkHbq+e7Ba8 -4gtursn7M6E2vWBNgFsV1fZTyIRmyWBRgIVSIxGU4ultzmfJQI/hRgD8cnOnZrrC -Ns3+1bwFMXSiuKIhBU0CAwEAAaOCAkgwggJEMA4GA1UdDwEB/wQEAwIFoDAdBgNV -HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E -FgQUHlWp/zVL6yP4hjPIT5MgkdnuU6wwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA -5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu -by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w -FwYDVR0RBBAwDoIMZHBnZW9yZ2UubmV0MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG -CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5 -cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAKXm+8J45OSHwVnOfY6V3 -5b5XfZxgCvj5TV0mXCVdx4QAAAGA/4qQPwAABAMASDBGAiEAlvSRyAAttg6WPIdn -hKh8ErL9qJBDq3OtcHntRxMCTAsCIQDhofbSXGUEyIe9pdavm+lMQUn3Pm5NjApj -sZC0klwBpgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABgP+K -kb0AAAQDAEcwRQIhAK29v0DD0yJ+m9pTfmRl+7f81NBJhAoEOUIwP7reiCxFAiBU -+JL/eDTynJYoP4ApO0Fkld6K7NpssZQf8ORlwVs/STANBgkqhkiG9w0BAQsFAAOC -AQEAVBMxcjf0FdQrsLetAZBkWi6ONVQYzTA1YSOzP1WMuenmd6uQY+j50iJv7RPX -KW4tmI0qjIWU32xlFxZLrZyWiplUXt4Vq19YvEygWk9pzjR4QBr/lmsk5YPKfY9u -z7faFDn/r4UrUdgGtaqO4HpVoXSQ9TGs9hYwdXyJPfIvsX431g8K+Fw/Kd9g3vlQ -IVFcjsVN9dafdz3e5VvKCXrZOqct5WbhcYqkfm4ehl7/PA16D0Y8b/8uWzemWxut -T1laVGkPtQuPqd1ZdralR1Jsjk6CgxhGuEH60u4xY7QwyRcS83951z/6jJPIE5Ss -H3+JgRraIhzr2urkEQaedBPK/g== ------END CERTIFICATE----- - 1 s:/C=US/O=Let's Encrypt/CN=R3 - i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 ------BEGIN CERTIFICATE----- -MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw -WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP -R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx -sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm -NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg -Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG -/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC -AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB -Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA -FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw -Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB -gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W -PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl -ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz -CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm -lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 -avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 -yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O -yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids -hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ -HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv -MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX -nLRbwHOoq7hHwg== ------END CERTIFICATE----- - 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 - i:/O=Digital Signature Trust Co./CN=DST Root CA X3 ------BEGIN CERTIFICATE----- -MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC -ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL -wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D -LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK -4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 -bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y -sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ -Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 -FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc -SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql -PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND -TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw -SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 -c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx -+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB -ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu -b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E -U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu -MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC -5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW -9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG -WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O -he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC -Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 ------END CERTIFICATE-----""" +# This certificate was obtained from micropython.org using openssl: +# $ openssl s_client -showcerts -connect micropython.org:443 /dev/null +# The certificate is from Let's Encrypt: +# 1 s:/C=US/O=Let's Encrypt/CN=R3 +# i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 +# Validity +# Not Before: Sep 4 00:00:00 2020 GMT +# Not After : Sep 15 16:00:00 2025 GMT +# Copy PEM content to a file (certmpy.pem) and convert to DER e.g. +# $ openssl x509 -in certmpy.pem -out certmpy.der -outform DER + +ca_cert_chain = binascii.unhexlify( + b"30820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886" + b"f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65" + b"742053656375726974792052657365617263682047726f7570311530130603550403130c49535247" + b"20526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a" + b"3032310b300906035504061302555331163014060355040a130d4c6574277320456e637279707431" + b"0b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a" + b"0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af" + b"8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7" + b"edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5" + b"aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726f" + b"fb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a2" + b"5ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706" + b"fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d" + b"0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b060105050703" + b"0130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cb" + b"ae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a" + b"58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a" + b"2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa018861668747470" + b"3a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c01020130" + b"0d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3" + b"f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e" + b"94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce" + b"12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c3" + b"2ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226" + b"949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f5" + b"1897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ff" + b"a540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d" + b"7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e70" + b"8b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9" + b"abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe" + b"1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d" + b"8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec62538" + b"44506decce005518fee94964d44eca979cb45bc073a8abb847c2" +) def main(use_stream=True): s = _socket.socket() ai = _socket.getaddrinfo("micropython.org", 443) - print("Address infos:", ai) addr = ai[0][-1] - print("Connect address:", addr) s.connect(addr) - s = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_cert_chain) - print(s) + s = ssl.wrap_socket( + s, cert_reqs=ssl.CERT_REQUIRED, cadata=ca_cert_chain, server_hostname="micropython.org" + ) + s.write(b"GET / HTTP/1.0\r\n\r\n") + print(s.read(17)) s.close() - return True main() diff --git a/tests/net_inet/ssl_cert.py.exp b/tests/net_inet/ssl_cert.py.exp new file mode 100644 index 0000000000000..fb69ecf1a66aa --- /dev/null +++ b/tests/net_inet/ssl_cert.py.exp @@ -0,0 +1 @@ +b'HTTP/1.1 200 OK\r\n'