ussl.wrapsocket and mbedtls
The function arguments for ussl.wrapsocket for ESP32 do not match with the documentation. ussl.wrap_socket(sock, server_side=False, keyfile=None, certfile=None, cert_reqs=CERT_NONE, ca_certs=None)
It seems that the modussl_mbedtls file has a modified function that has parameters listed as "key" and "cert" and missing argument for ca_cert.
Also, in socket_new, the call to mbedtls_ctr_drbg_seed takes null_entropy_func instead of mbedtls_entropy_func.
How to make the ussl.wrapsocket working for ESP32 for use with AWS IoT?
extmod/uasyncio: Add ssl support to start_server.
here's example code starting a server with ssl.
(N.B. This code assumes the private key and certificate were previously created)
import ussl as ssl
basePath = "./"
with open(basePath + b"cert.key", "rb") as fd:
sslKey = fd.read()
with open(basePath + b"cert.cert", "rb") as fd:
sslCert = fd.read()
context = lambda sock: ssl.wrap_socket(sock, server_side=1, key=sslKey, cert=sslCert)
server = await asyncio.start_server(lambda r, w: handler(r, w)
, '0.0.0.0', 1965
, ssl=context)
I noticed there is a much more complete open PR to solve this issue in #5840 . My PR is just an attempt to solve the same issue just from a different angle.
@tve please review this.
This PR works in the unix port but it needs further changes for the esp32 port. In the esp32 port, I noticed that mbedtls wasn't working correctly (esp-idf seems to require a specific (older) micropython version. Or was it the reverse?) and thus decided to try axtls. I had a lot more success with axtls but it still required some code changes to make it work.
edit : I fixed the pasted example code formatting.