diff --git a/tests/extmod/ssl_cadata.py b/tests/extmod/ssl_cadata.py index e66f6ca825..21d86b13fb 100644 --- a/tests/extmod/ssl_cadata.py +++ b/tests/extmod/ssl_cadata.py @@ -10,7 +10,7 @@ except ImportError: # Invalid cadata. try: ssl.wrap_socket(io.BytesIO(), cadata=b"!") -except TypeError: +except AttributeError: # "cadata" keyword argument is not supported by axtls. print("SKIP") raise SystemExit diff --git a/tests/extmod/ssl_keycert.py b/tests/extmod/ssl_keycert.py index badc11e033..53f064fdaf 100644 --- a/tests/extmod/ssl_keycert.py +++ b/tests/extmod/ssl_keycert.py @@ -9,11 +9,6 @@ except ImportError: key = b"0\x82\x019\x02\x01\x00\x02A\x00\xf9\xe0}\xbd\xd7\x9cI\x18\x06\xc3\xcb\xb5\xec@r\xfbD\x18\x80\xaaWoZ{\xcc\xa3\xeb!\"\x0fY\x9e]-\xee\xe4\t!BY\x9f{7\xf3\xf2\x8f}}\r|.\xa8<\ta\xb2\xd7W\xb3\xc9\x19A\xc39\x02\x03\x01\x00\x01\x02@\x07:\x9fh\xa6\x9c6\xe1#\x10\xf7\x0b\xc4Q\xf9\x01\x9b\xee\xb9\x8a4\r\\\xa8\xc8:\xd5\xca\x97\x99\xaa\x16\x04)\xa8\xf9\x13\xdeq\x0ev`\xa7\x83\xc5\x8b`\xdb\xef \x9d\x93\xe8g\x84\x96\xfaV\\\xf4R\xda\xd0\xa1\x02!\x00\xfeR\xbf\n\x91Su\x87L\x98{\xeb%\xed\xfb\x06u)@\xfe\x1b\xde\xa0\xc6@\xab\xc5\xedg\x8e\x10[\x02!\x00\xfb\x86=\x85\xa4'\xde\x85\xb5L\xe0)\x99\xfaL\x8c3A\x02\xa8<\xdew\xad\x00\xe3\x1d\x05\xd8\xb4N\xfb\x02 \x08\xb0M\x04\x90hx\x88q\xcew\xd5U\xcbf\x9b\x16\xdf\x9c\xef\xd1\x85\xee\x9a7Ug\x02\xb0Z\x03'\x02 9\xa0D\xe2$|\xf9\xefz]5\x92rs\xb5+\xfd\xe6,\x1c\xadmn\xcf\xd5?3|\x0em)\x17\x02 5Z\xcc/\xa5?\n\x04%\x9b{N\x9dX\xddI\xbe\xd2\xb0\xa0\x03BQ\x02\x82\xc2\xe0u)\xbd\xb8\xaf" -# This particular key was generated with: -# $ openssl genrsa -out key.pem 512 -# $ openssl rsa -in key.pem -outform DER -out key.der -keypkcs8 = b'0\x82\x01U\x02\x01\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x04\x82\x01?0\x82\x01;\x02\x01\x00\x02A\x00\xae\x07\xbb\xbf \x8eL\\ G\x91\x1b\xc45\x89\x96\x0c\xca\x94\xa5\xc2%F\x84z\xea\xb2Y\xdd\x943\x1a\xe0\x1e\xfe%\xd3\xbc\x85\xf0\x05\x8eI\xca\x83\x8b\x86\xfd\x15P,\xa9t8\xc2s\x11\x7fk*[[w\xdd\x02\x03\x01\x00\x01\x02@?\x02-\xc7\x95Q\xef\xf3\xaa\xfc>]\x7f<\xa3\x03\xe0\xbd\xb7\xf4\x0b\xc6\xd31D\x0f\x95cT\x06D9\xed\xf0X\xa6\x18\xb4\xe7\x96\x8f\x91\xd6\xd7\xbfR\\V\xfd\x0e{\xd3\xa4e\xb4M\x01\xbb\xdf\xf1\xf0\xbcEA\x02!\x00\xd5\xd7f\xcc\x84\xf5Y&\xa7]\x00\x91\xc9\x8e\xb0\xf37\x108D\x7f&!JJ\x836\x83\x9f\n\xf2\x0f\x02!\x00\xd0W\x0ec\xa6\x86C\xf7\x8d\xbe\xf0\xbc2\xe3)|\xbb\xd6\xbb;\xb2\xafG\x05S\x0f-\x14X\n3S\x02 A\xf5\xb20\xcd\xa6<<\x8f\rA\xda\xb68<^\x99\x12x\xb8\xb0\x1b\x9b\xd3%\x8e\xb9\xa6\xf9\xcc\xcf\x83\x02!\x00\xa8.\xee\xdd\xc0\xeb8h\xda\x13^\xb0\xfe\x7fd\xd9]\xa5m\xc66k\xcap`\xe9\xaaav\xe4\xdd#\x02!\x00\xd1\xd0\x93\xe7wZ\xe0p\xd0M\x07\x9e\x13\xa7\xa7\x12\x95\x1e\x13h0O\xc0\x18\x1fa\x10")\x9f&U' - # Invalid key try: ssl.wrap_socket(io.BytesIO(), key=b"!") @@ -31,9 +26,3 @@ try: ssl.wrap_socket(io.BytesIO(), key=key, cert=b"!") except ValueError as er: print(repr(er)) - -# Valid key in PKCS8 format, invalid cert -try: - ssl.wrap_socket(io.BytesIO(), key=keypkcs8, cert=b"!") -except ValueError as er: - print(repr(er)) diff --git a/tests/extmod/ssl_keycert.py.exp b/tests/extmod/ssl_keycert.py.exp index 95140cb998..b72d319c6a 100644 --- a/tests/extmod/ssl_keycert.py.exp +++ b/tests/extmod/ssl_keycert.py.exp @@ -1,4 +1,3 @@ ValueError('invalid key',) TypeError("can't convert 'NoneType' object to str implicitly",) ValueError('invalid cert',) -ValueError('invalid cert',) diff --git a/tests/extmod/ssl_keycert_pkcs8.py b/tests/extmod/ssl_keycert_pkcs8.py new file mode 100644 index 0000000000..beef7275d8 --- /dev/null +++ b/tests/extmod/ssl_keycert_pkcs8.py @@ -0,0 +1,24 @@ +# Test ssl with key/cert passed in + +try: + import io + import ssl +except ImportError: + print("SKIP") + raise SystemExit + +# Only mbedTLS supports PKCS8 keys. +if not hasattr(ssl, "MBEDTLS_VERSION"): + print("SKIP") + raise SystemExit + +# This particular key was generated with: +# $ openssl genrsa -out key.pem 512 +# $ openssl rsa -in key.pem -outform DER -out key.der +keypkcs8 = b'0\x82\x01U\x02\x01\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x04\x82\x01?0\x82\x01;\x02\x01\x00\x02A\x00\xae\x07\xbb\xbf \x8eL\\ G\x91\x1b\xc45\x89\x96\x0c\xca\x94\xa5\xc2%F\x84z\xea\xb2Y\xdd\x943\x1a\xe0\x1e\xfe%\xd3\xbc\x85\xf0\x05\x8eI\xca\x83\x8b\x86\xfd\x15P,\xa9t8\xc2s\x11\x7fk*[[w\xdd\x02\x03\x01\x00\x01\x02@?\x02-\xc7\x95Q\xef\xf3\xaa\xfc>]\x7f<\xa3\x03\xe0\xbd\xb7\xf4\x0b\xc6\xd31D\x0f\x95cT\x06D9\xed\xf0X\xa6\x18\xb4\xe7\x96\x8f\x91\xd6\xd7\xbfR\\V\xfd\x0e{\xd3\xa4e\xb4M\x01\xbb\xdf\xf1\xf0\xbcEA\x02!\x00\xd5\xd7f\xcc\x84\xf5Y&\xa7]\x00\x91\xc9\x8e\xb0\xf37\x108D\x7f&!JJ\x836\x83\x9f\n\xf2\x0f\x02!\x00\xd0W\x0ec\xa6\x86C\xf7\x8d\xbe\xf0\xbc2\xe3)|\xbb\xd6\xbb;\xb2\xafG\x05S\x0f-\x14X\n3S\x02 A\xf5\xb20\xcd\xa6<<\x8f\rA\xda\xb68<^\x99\x12x\xb8\xb0\x1b\x9b\xd3%\x8e\xb9\xa6\xf9\xcc\xcf\x83\x02!\x00\xa8.\xee\xdd\xc0\xeb8h\xda\x13^\xb0\xfe\x7fd\xd9]\xa5m\xc66k\xcap`\xe9\xaaav\xe4\xdd#\x02!\x00\xd1\xd0\x93\xe7wZ\xe0p\xd0M\x07\x9e\x13\xa7\xa7\x12\x95\x1e\x13h0O\xc0\x18\x1fa\x10")\x9f&U' + +# Valid key in PKCS8 format, invalid cert +try: + ssl.wrap_socket(io.BytesIO(), key=keypkcs8, cert=b"!") +except ValueError as er: + print(repr(er)) diff --git a/tests/extmod/ssl_keycert_pkcs8.py.exp b/tests/extmod/ssl_keycert_pkcs8.py.exp new file mode 100644 index 0000000000..9f1cf732e3 --- /dev/null +++ b/tests/extmod/ssl_keycert_pkcs8.py.exp @@ -0,0 +1 @@ +ValueError('invalid cert',) diff --git a/tests/extmod/ssl_sslcontext_verify_mode.py b/tests/extmod/ssl_sslcontext_verify_mode.py index daccc2f4a9..698ff65a89 100644 --- a/tests/extmod/ssl_sslcontext_verify_mode.py +++ b/tests/extmod/ssl_sslcontext_verify_mode.py @@ -1,5 +1,4 @@ # Test ssl.SSLContext.verify_mode attribute. -# It's not available in the axtls implementation, so has an independent test. try: import ssl @@ -7,10 +6,6 @@ except ImportError: print("SKIP") raise SystemExit -if not hasattr(ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT), "verify_mode"): - print("SKIP") - raise SystemExit - # Test default verify_mode for server (client default is different in MicroPython). ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) print(ctx.verify_mode == ssl.CERT_NONE) @@ -18,7 +13,3 @@ print(ctx.verify_mode == ssl.CERT_NONE) # Test setting and getting verify_mode. ctx.verify_mode = ssl.CERT_NONE print(ctx.verify_mode == ssl.CERT_NONE) -ctx.verify_mode = ssl.CERT_OPTIONAL -print(ctx.verify_mode == ssl.CERT_OPTIONAL) -ctx.verify_mode = ssl.CERT_REQUIRED -print(ctx.verify_mode == ssl.CERT_REQUIRED) diff --git a/tests/extmod/ssl_sslcontext_verify_mode2.py b/tests/extmod/ssl_sslcontext_verify_mode2.py new file mode 100644 index 0000000000..1b33e6e867 --- /dev/null +++ b/tests/extmod/ssl_sslcontext_verify_mode2.py @@ -0,0 +1,20 @@ +# Test ssl.SSLContext.verify_mode attribute, with additional CERT_xxx constants. +# These aren't available in the axtls implementation. + +try: + import ssl +except ImportError: + print("SKIP") + raise SystemExit + +if not hasattr(ssl, "OPENSSL_VERSION") and not hasattr(ssl, "MBEDTLS_VERSION"): + print("SKIP") + raise SystemExit + +ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + +# Test setting and getting verify_mode. +ctx.verify_mode = ssl.CERT_OPTIONAL +print(ctx.verify_mode == ssl.CERT_OPTIONAL) +ctx.verify_mode = ssl.CERT_REQUIRED +print(ctx.verify_mode == ssl.CERT_REQUIRED) diff --git a/tests/extmod/tls_sslcontext_ciphers.py b/tests/extmod/tls_sslcontext_ciphers.py index 43f94fb19a..824aadd021 100644 --- a/tests/extmod/tls_sslcontext_ciphers.py +++ b/tests/extmod/tls_sslcontext_ciphers.py @@ -2,7 +2,9 @@ try: import tls -except ImportError: + + tls.SSLContext.get_ciphers +except (ImportError, AttributeError): print("SKIP") raise SystemExit