From 20a86eff5382d874f8f95a8009f76155c43a6aa9 Mon Sep 17 00:00:00 2001 From: Damien George Date: Thu, 28 Mar 2024 17:59:56 +1100 Subject: [PATCH] tests/net_inet: Add simpler tls sites test, and skip existing on axtls. Ports that use axtls cannot run the `test_tls_sites.py` test because the sites it connects to use advanced ciphers. So skip this test on such ports, and add a new, simpler test that doesn't require certificate verification and works with axtls. Signed-off-by: Damien George --- tests/net_inet/test_tls_sites.py | 7 ++++ tests/net_inet/test_tls_sites_simple.py | 43 +++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 tests/net_inet/test_tls_sites_simple.py diff --git a/tests/net_inet/test_tls_sites.py b/tests/net_inet/test_tls_sites.py index d60f4872b6..3637194ad7 100644 --- a/tests/net_inet/test_tls_sites.py +++ b/tests/net_inet/test_tls_sites.py @@ -1,8 +1,15 @@ +# Test making HTTPS requests to sites that may require advanced ciphers. + import sys import select import socket import ssl +# Don't run if ssl doesn't support required certificates (eg axtls). +if not hasattr(ssl, "CERT_REQUIRED"): + print("SKIP") + raise SystemExit + def test_one(site, opts): ai = socket.getaddrinfo(site, 443, socket.AF_INET) diff --git a/tests/net_inet/test_tls_sites_simple.py b/tests/net_inet/test_tls_sites_simple.py new file mode 100644 index 0000000000..9dece9d99c --- /dev/null +++ b/tests/net_inet/test_tls_sites_simple.py @@ -0,0 +1,43 @@ +# Test making HTTPS requests to sites that allow simple ciphers. + +import sys +import socket +import ssl + +SITES = ( + ("micropython.org", "/ks/test.html"), + ("pypi.org", "/"), +) + + +def test_one(site, path): + ai = socket.getaddrinfo(site, 443, socket.AF_INET) + addr = ai[0][-1] + + # Create SSLContext. + ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + if sys.implementation.name != "micropython": + # CPython compatibility: disable check_hostname + ssl_context.check_hostname = False + ssl_context.verify_mode = ssl.CERT_NONE + + s = socket.socket(socket.AF_INET) + s.connect(addr) + s = ssl_context.wrap_socket(s) + + s.write(b"GET %s HTTP/1.0\r\nHost: %s\r\n\r\n" % (bytes(path, "ascii"), bytes(site, "ascii"))) + resp = s.read(4096) + s.close() + + if resp.startswith(b"HTTP/1."): + print(site, "ok") + else: + print(site, "response doesn't start with HTTP/1.") + + +def main(): + for site, path in SITES: + test_one(site, path) + + +main()