From d5191edf7ff81f5f07243cb2a318508c1e9cc5df Mon Sep 17 00:00:00 2001
From: Eric Poulsen <eric@zyxod.com>
Date: Tue, 15 Aug 2017 07:49:11 -0700
Subject: [PATCH] extmod/modussl_mbedtls.c: Add ussl.getpeercert() method.

Behaviour is as per CPython but only the binary form is implemented here.
A test is included.
---
 extmod/modussl_mbedtls.c                | 12 ++++++++++++
 tests/net_hosted/ssl_getpeercert.py     | 21 +++++++++++++++++++++
 tests/net_hosted/ssl_getpeercert.py.exp |  1 +
 3 files changed, 34 insertions(+)
 create mode 100644 tests/net_hosted/ssl_getpeercert.py
 create mode 100644 tests/net_hosted/ssl_getpeercert.py.exp

diff --git a/extmod/modussl_mbedtls.c b/extmod/modussl_mbedtls.c
index 597eaee73d..12ec60a756 100644
--- a/extmod/modussl_mbedtls.c
+++ b/extmod/modussl_mbedtls.c
@@ -34,6 +34,7 @@
 #include "py/nlr.h"
 #include "py/runtime.h"
 #include "py/stream.h"
+#include "py/obj.h"
 
 // mbedtls_time_t
 #include "mbedtls/platform.h"
@@ -189,6 +190,16 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
     return o;
 }
 
+STATIC mp_obj_t mod_ssl_getpeercert(mp_obj_t o_in, mp_obj_t binary_form) {
+    mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in);
+    if (!mp_obj_is_true(binary_form)) {
+        mp_raise_NotImplementedError(NULL);
+    }
+    const mbedtls_x509_crt* peer_cert = mbedtls_ssl_get_peer_cert(&o->ssl);
+    return mp_obj_new_bytes(peer_cert->raw.p, peer_cert->raw.len);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_ssl_getpeercert_obj, mod_ssl_getpeercert);
+
 STATIC void socket_print(const mp_print_t *print, mp_obj_t self_in, mp_print_kind_t kind) {
     (void)kind;
     mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(self_in);
@@ -259,6 +270,7 @@ STATIC const mp_rom_map_elem_t ussl_socket_locals_dict_table[] = {
     { MP_ROM_QSTR(MP_QSTR_write), MP_ROM_PTR(&mp_stream_write_obj) },
     { MP_ROM_QSTR(MP_QSTR_setblocking), MP_ROM_PTR(&socket_setblocking_obj) },
     { MP_ROM_QSTR(MP_QSTR_close), MP_ROM_PTR(&socket_close_obj) },
+    { MP_ROM_QSTR(MP_QSTR_getpeercert), MP_ROM_PTR(&mod_ssl_getpeercert_obj) },
 };
 
 STATIC MP_DEFINE_CONST_DICT(ussl_socket_locals_dict, ussl_socket_locals_dict_table);
diff --git a/tests/net_hosted/ssl_getpeercert.py b/tests/net_hosted/ssl_getpeercert.py
new file mode 100644
index 0000000000..e265c830d0
--- /dev/null
+++ b/tests/net_hosted/ssl_getpeercert.py
@@ -0,0 +1,21 @@
+# test ssl.getpeercert() method
+
+try:
+    import usocket as socket
+    import ussl as ssl
+except:
+    import socket
+    import ssl
+
+
+def test(peer_addr):
+    s = socket.socket()
+    s.connect(peer_addr)
+    s = ssl.wrap_socket(s)
+    cert = s.getpeercert(True)
+    print(type(cert), len(cert) > 100)
+    s.close()
+
+
+if __name__ == "__main__":
+    test(socket.getaddrinfo('micropython.org', 443)[0][-1])
diff --git a/tests/net_hosted/ssl_getpeercert.py.exp b/tests/net_hosted/ssl_getpeercert.py.exp
new file mode 100644
index 0000000000..ff7ef5adf1
--- /dev/null
+++ b/tests/net_hosted/ssl_getpeercert.py.exp
@@ -0,0 +1 @@
+<class 'bytes'> True