Previously, any test needing an SSL certificate file would automatically
skip if the file could not be found. But that makes it too easy to
accidentally skip tests.
Instead, change it so that the test fails if the certificate file doesn't
exist. That matches, for example, the fact that the test fails if
networking (LAN, WiFi) is not active.
Signed-off-by: Damien George <damien@micropython.org>
The Let's Encrypt root certificate has changed so needs updating in these
tests.
Also use `bytes.fromhex()` instead of `binascii.unhexlify()`, to eliminate
the need for the `binascii` module. Both of these features are controlled
by `MICROPY_PY_BUILTINS_BYTES_HEX`, so the test will still work on the same
targets that it previously did.
Signed-off-by: Damien George <damien@micropython.org>
This commit adds:
1) Methods to SSLContext class that match CPython signature:
- `SSLContext.load_cert_chain(certfile, keyfile)`
- `SSLContext.load_verify_locations(cafile=, cadata=)`
- `SSLContext.get_ciphers()` --> ["CIPHERSUITE"]
- `SSLContext.set_ciphers(["CIPHERSUITE"])`
2) `sslsocket.cipher()` to get current ciphersuite and protocol
version.
3) `ssl.MBEDTLS_VERSION` string constant.
4) Certificate verification errors info instead of
`MBEDTLS_ERR_X509_CERT_VERIFY_FAILED`.
5) Tests in `net_inet` and `multi_net` to test these new methods.
`SSLContext.load_cert_chain` method allows loading key and cert from disk
passing a filepath in `certfile` or `keyfile` options.
`SSLContext.load_verify_locations`'s `cafile` option enables the same
functionality for ca files.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
