micropython/tests/multi_net/sslcontext_check_hostname_error.py at 3e0007308b78893179ce37f9d6a1af344d754454 · dpgeorge/micropython · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Test creating an SSL connection when server_hostname is required but not specified.

try:
    import os
    import socket
    import ssl
except ImportError:
    print("SKIP")
    raise SystemExit

PORT = 8000

# These are test certificates. See tests/README.md for details.
cert = cafile = "ec_cert.der"
key = "ec_key.der"


# Server
def instance0():
    multitest.globals(IP=multitest.get_network_ip())
    s = socket.socket()
    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1])
    s.listen(1)
    multitest.next()
    s2, _ = s.accept()
    server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
    server_ctx.load_cert_chain(cert, key)
    multitest.broadcast("ready")
    try:
        s2 = server_ctx.wrap_socket(s2, server_side=True)
    except Exception as e:
        print(e)
    s.close()


# Client
def instance1():
    if not hasattr(ssl, "CERT_REQUIRED"):
        print("SKIP")
        raise SystemExit
    multitest.next()
    s = socket.socket()
    s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
    client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
    client_ctx.verify_mode = ssl.CERT_REQUIRED
    client_ctx.load_verify_locations(cafile=cafile)
    # The client will reject the SSL connection so wait until the server is ready
    # so that it can see the rejection (otherwise it sees a closed socket).
    multitest.wait("ready")
    try:
        s = client_ctx.wrap_socket(s)
    except Exception as e:
        print(e)
    s.close()