micropython-lib/python-stdlib/ssl/ssl.py

import tls
from tls import *


class SSLContext:
    def __init__(self, *args):
        self._context = tls.SSLContext(*args)
        self._context.verify_mode = CERT_NONE

    @property
    def verify_mode(self):
        return self._context.verify_mode

    @verify_mode.setter
    def verify_mode(self, val):
        self._context.verify_mode = val

    def load_cert_chain(self, certfile, keyfile):
        if isinstance(certfile, str):
            with open(certfile, "rb") as f:
                certfile = f.read()
        if isinstance(keyfile, str):
            with open(keyfile, "rb") as f:
                keyfile = f.read()
        self._context.load_cert_chain(certfile, keyfile)

    def load_verify_locations(self, cafile=None, cadata=None):
        if cafile:
            with open(cafile, "rb") as f:
                cadata = f.read()
        self._context.load_verify_locations(cadata)

    def wrap_socket(
        self, sock, server_side=False, do_handshake_on_connect=True, server_hostname=None
    ):
        return self._context.wrap_socket(
            sock,
            server_side=server_side,
            do_handshake_on_connect=do_handshake_on_connect,
            server_hostname=server_hostname,
        )


def wrap_socket(
    sock,
    server_side=False,
    key=None,
    cert=None,
    cert_reqs=CERT_NONE,
    cadata=None,
    server_hostname=None,
    do_handshake=True,
):
    con = SSLContext(PROTOCOL_TLS_SERVER if server_side else PROTOCOL_TLS_CLIENT)
    if cert or key:
        con.load_cert_chain(cert, key)
    if cadata:
        con.load_verify_locations(cadata=cadata)
    con.verify_mode = cert_reqs
    return con.wrap_socket(
        sock,
        server_side=server_side,
        do_handshake_on_connect=do_handshake,
        server_hostname=server_hostname,
    )
ssl: Restructure micropython SSL interface to a new tls module. MicroPython now supplies SSL/TLS functionality in a new built-in `tls` module. The `ssl` module is now implemented purely in Python, in this repository. Other libraries are updated to work with this scheme. Signed-off-by: Felix Dörre <felix@dogcraft.de> 2024-02-01 12:36:19 +00:00			`import tls`
ssl: Use "from tls import *" to be compatible with axtls. axtls doesn't define all the CERT_xxx constants, nor the MBEDTLS_VERSION constant. This change means that `tls.SSLContext` is imported into the module, but that's subsequently overridden by the class definition in this module. Signed-off-by: Damien George <damien@micropython.org> 2024-03-28 06:41:01 +00:00			`from tls import *`
ssl: Add more constants. Beyond imported from ussl. 2017-08-22 22:07:05 +00:00
ssl: Restructure micropython SSL interface to a new tls module. MicroPython now supplies SSL/TLS functionality in a new built-in `tls` module. The `ssl` module is now implemented purely in Python, in this repository. Other libraries are updated to work with this scheme. Signed-off-by: Felix Dörre <felix@dogcraft.de> 2024-02-01 12:36:19 +00:00
			`class SSLContext:`
			`def __init__(self, *args):`
			`self._context = tls.SSLContext(*args)`
			`self._context.verify_mode = CERT_NONE`

			`@property`
			`def verify_mode(self):`
			`return self._context.verify_mode`

			`@verify_mode.setter`
			`def verify_mode(self, val):`
			`self._context.verify_mode = val`

			`def load_cert_chain(self, certfile, keyfile):`
			`if isinstance(certfile, str):`
			`with open(certfile, "rb") as f:`
			`certfile = f.read()`
			`if isinstance(keyfile, str):`
			`with open(keyfile, "rb") as f:`
			`keyfile = f.read()`
			`self._context.load_cert_chain(certfile, keyfile)`

			`def load_verify_locations(self, cafile=None, cadata=None):`
			`if cafile:`
			`with open(cafile, "rb") as f:`
			`cadata = f.read()`
			`self._context.load_verify_locations(cadata)`

			`def wrap_socket(`
			`self, sock, server_side=False, do_handshake_on_connect=True, server_hostname=None`
			`):`
			`return self._context.wrap_socket(`
			`sock,`
			`server_side=server_side,`
			`do_handshake_on_connect=do_handshake_on_connect,`
			`server_hostname=server_hostname,`
			`)`
ssl: Wrap ussl.wrap_socket(). Arguments whose values are the default are not passed to ussl, because many arguments are not accepted by current ussl implementations, even if the desired behavior is the same as when they are omitted. 2017-08-22 22:08:35 +00:00

all: Run black over all code. Signed-off-by: Jim Mussared <jim.mussared@gmail.com> 2021-05-27 05:50:04 +00:00			`def wrap_socket(`
			`sock,`
			`server_side=False,`
ssl: Restructure micropython SSL interface to a new tls module. MicroPython now supplies SSL/TLS functionality in a new built-in `tls` module. The `ssl` module is now implemented purely in Python, in this repository. Other libraries are updated to work with this scheme. Signed-off-by: Felix Dörre <felix@dogcraft.de> 2024-02-01 12:36:19 +00:00			`key=None,`
			`cert=None,`
all: Run black over all code. Signed-off-by: Jim Mussared <jim.mussared@gmail.com> 2021-05-27 05:50:04 +00:00			`cert_reqs=CERT_NONE,`
ssl: Restructure micropython SSL interface to a new tls module. MicroPython now supplies SSL/TLS functionality in a new built-in `tls` module. The `ssl` module is now implemented purely in Python, in this repository. Other libraries are updated to work with this scheme. Signed-off-by: Felix Dörre <felix@dogcraft.de> 2024-02-01 12:36:19 +00:00			`cadata=None,`
			`server_hostname=None,`
			`do_handshake=True,`
all: Run black over all code. Signed-off-by: Jim Mussared <jim.mussared@gmail.com> 2021-05-27 05:50:04 +00:00			`):`
ssl: Restructure micropython SSL interface to a new tls module. MicroPython now supplies SSL/TLS functionality in a new built-in `tls` module. The `ssl` module is now implemented purely in Python, in this repository. Other libraries are updated to work with this scheme. Signed-off-by: Felix Dörre <felix@dogcraft.de> 2024-02-01 12:36:19 +00:00			`con = SSLContext(PROTOCOL_TLS_SERVER if server_side else PROTOCOL_TLS_CLIENT)`
			`if cert or key:`
			`con.load_cert_chain(cert, key)`
			`if cadata:`
			`con.load_verify_locations(cadata=cadata)`
			`con.verify_mode = cert_reqs`
			`return con.wrap_socket(`
			`sock,`
			`server_side=server_side,`
			`do_handshake_on_connect=do_handshake,`
			`server_hostname=server_hostname,`
			`)`