2bba507148
Previously, any test needing an SSL certificate file would automatically skip if the file could not be found. But that makes it too easy to accidentally skip tests. Instead, change it so that the test fails if the certificate file doesn't exist. That matches, for example, the fact that the test fails if networking (LAN, WiFi) is not active. Signed-off-by: Damien George <damien@micropython.org>
52 lines
1.4 KiB
Python
52 lines
1.4 KiB
Python
# Test creating an SSL connection when server_hostname is required but not specified.
|
|
|
|
try:
|
|
import os
|
|
import socket
|
|
import ssl
|
|
except ImportError:
|
|
print("SKIP")
|
|
raise SystemExit
|
|
|
|
PORT = 8000
|
|
|
|
# These are test certificates. See tests/README.md for details.
|
|
cert = cafile = "ec_cert.der"
|
|
key = "ec_key.der"
|
|
|
|
|
|
# Server
|
|
def instance0():
|
|
multitest.globals(IP=multitest.get_network_ip())
|
|
s = socket.socket()
|
|
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
|
s.bind(socket.getaddrinfo("0.0.0.0", PORT)[0][-1])
|
|
s.listen(1)
|
|
multitest.next()
|
|
s2, _ = s.accept()
|
|
server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
|
server_ctx.load_cert_chain(cert, key)
|
|
multitest.broadcast("ready")
|
|
try:
|
|
s2 = server_ctx.wrap_socket(s2, server_side=True)
|
|
except Exception as e:
|
|
print(e)
|
|
s.close()
|
|
|
|
|
|
# Client
|
|
def instance1():
|
|
multitest.next()
|
|
s = socket.socket()
|
|
s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
|
|
client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
client_ctx.verify_mode = ssl.CERT_REQUIRED
|
|
client_ctx.load_verify_locations(cafile=cafile)
|
|
# The client will reject the SSL connection so wait until the server is ready
|
|
# so that it can see the rejection (otherwise it sees a closed socket).
|
|
multitest.wait("ready")
|
|
try:
|
|
s = client_ctx.wrap_socket(s)
|
|
except Exception as e:
|
|
print(e)
|
|
s.close()
|