QUERY · ISSUE

ussl.wrapsocket and mbedtls

openby tsc87opened 2018-02-28updated 2023-03-28

extmod

The function arguments for ussl.wrapsocket for ESP32 do not match with the documentation. ussl.wrap_socket(sock, server_side=False, keyfile=None, certfile=None, cert_reqs=CERT_NONE, ca_certs=None)
It seems that the modussl_mbedtls file has a modified function that has parameters listed as "key" and "cert" and missing argument for ca_cert.
Also, in socket_new, the call to mbedtls_ctr_drbg_seed takes null_entropy_func instead of mbedtls_entropy_func.
How to make the ussl.wrapsocket working for ESP32 for use with AWS IoT?

CANDIDATE · PULL REQUEST

add modussl_mbedtls.c methods and exceptions. esp32/unix

closedby tuxlinuxienopened 2019-12-18updated 2023-09-05

extmod

Changes

This pull requests adds:

send
recv
do_handshake

methods to ussl (mbedtls version only) plus few exceptions.

The goal is to fully support non-blocking ssl sockets and reduce the number of call to poll by throwing the exact I/O error like SSL_WANT_READ or SSL_WANT_WRITE. the user has now the possibility to call do_handshake() later if ussl.wrap_socket was set with do_handshake = False

Tests

successfully tested on micropython/ports/esp-32 (esp-ifd rev 6ccb4cf5b7d1fdddb8c2492f9cbc926abaf230df) and micropython/ports/unix

Example

# this snippet SHOULD be seen as an example
# on how to use these new methods and is not
# optimized.

import usocket
import ussl
import uselect

# [...]
# create socket and ussl_wrap(sock)
# [...]

def do_handshake(sock, is_ssl):
    if not is_ssl:
        return
    poller = uselect.poll()
    poller.register(sock)
    while True:
        try:
            sock.do_handshake()
            break
        except ussl.SSLWantReadError:
            poller.modify(sock, uselect.POLLIN)
            poller.poll(5000)
            continue
        except ussl.SSLWantWriteError:
            poller.modify(sock, uselect.POLLOUT)
            poller.poll(5000)
            continue
        except ussl.SSLInProgress:
            continue

def reader(sock):
    poller = uselect.poll()
    poller.register(sock)
    while True:
        try:
            buff = sock.recv(4096)
        except ussl.SSLWantReadError:
            poller.modify(sock, uselect.POLLIN)
            poller.poll(5000)
            continue
        except ussl.SSLWantWriteError:
            poller.modify(sock, uselect.POLLOUT)
            poller.poll(5000)
            continue
        except Exception:
            raise
        if not buff:
            break
        yield buff
    return []

def sender(sock, buffer):
    poller = uselect.poll()
    poller.register(sock)
    while buffer:
        try:
            sent = sock.send(buffer)
        except ussl.SSLWantReadError:
            poller.modify(sock, uselect.POLLIN)
            poller.poll(5000)
            continue
        except ussl.SSLWantWriteError:
            poller.modify(sock, uselect.POLLOUT)
            poller.poll(5000)
            continue
        except Exception:
            raise
        buffer = buffer[sent:]