Skip to content

Commit 2531a15

Browse files
dpgeorgedpgeorge
committed
extmod/modssl_mbedtls: Fix cipher iteration in SSLContext.get_ciphers.
Prior to this commit it would skip every second cipher returned from mbedtls. The corresponding test is also updated and now passes on esp32, rp2, stm32 and unix. Signed-off-by: Damien George <damien@micropython.org>
1 parent 8b6e89a commit 2531a15

File tree

3 files changed

+7
-5
lines changed

3 files changed

+7
-5
lines changed

extmod/modssl_mbedtls.c

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -311,10 +311,6 @@ STATIC mp_obj_t ssl_context_get_ciphers(mp_obj_t self_in) {
311311
for (const int *cipher_list = mbedtls_ssl_list_ciphersuites(); *cipher_list; ++cipher_list) {
312312
const char *cipher_name = mbedtls_ssl_get_ciphersuite_name(*cipher_list);
313313
mp_obj_list_append(list, MP_OBJ_FROM_PTR(mp_obj_new_str(cipher_name, strlen(cipher_name))));
314-
cipher_list++;
315-
if (!*cipher_list) {
316-
break;
317-
}
318314
}
319315
return list;
320316
}

tests/extmod/ssl_sslcontext_ciphers.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,9 @@
1212
ciphers = ctx.get_ciphers()
1313

1414
for ci in ciphers:
15-
print(ci)
15+
# Only print those ciphers know to exist on all ports.
16+
if ("TLS-ECDHE-ECDSA-WITH-AES" in ci or "TLS-RSA-WITH-AES" in ci) and "CBC" in ci:
17+
print(ci)
1618

1719
ctx.set_ciphers(ciphers[:1])
1820

tests/extmod/ssl_sslcontext_ciphers.py.exp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,10 @@
11
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
2+
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
23
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
4+
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
35
TLS-RSA-WITH-AES-256-CBC-SHA256
6+
TLS-RSA-WITH-AES-256-CBC-SHA
47
TLS-RSA-WITH-AES-128-CBC-SHA256
8+
TLS-RSA-WITH-AES-128-CBC-SHA
59
object 'str' isn't a tuple or list
610
(-24192, 'MBEDTLS_ERR_SSL_BAD_CONFIG')

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy