From 803452a1acd2a567ae1c2063e82b7128b5a702b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20D=C3=B6rre?= Date: Thu, 1 Feb 2024 12:36:19 +0000 Subject: [PATCH 1/2] umqtt.simple: Simplify check for user being unused. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There don't seem to be any MQTT implementations that expect an empty username (instead of the field missing), so the check for unused `user` can be simplified. Signed-off-by: Felix Dörre --- micropython/umqtt.simple/umqtt/simple.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/micropython/umqtt.simple/umqtt/simple.py b/micropython/umqtt.simple/umqtt/simple.py index 2b269473b..c59c6d9de 100644 --- a/micropython/umqtt.simple/umqtt/simple.py +++ b/micropython/umqtt.simple/umqtt/simple.py @@ -75,7 +75,7 @@ def connect(self, clean_session=True): sz = 10 + 2 + len(self.client_id) msg[6] = clean_session << 1 - if self.user is not None: + if self.user: sz += 2 + len(self.user) + 2 + len(self.pswd) msg[6] |= 0xC0 if self.keepalive: @@ -101,7 +101,7 @@ def connect(self, clean_session=True): if self.lw_topic: self._send_str(self.lw_topic) self._send_str(self.lw_msg) - if self.user is not None: + if self.user: self._send_str(self.user) self._send_str(self.pswd) resp = self.sock.read(4) From 35d41dbb0e4acf1518f520220d405ebe2db257d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20D=C3=B6rre?= Date: Thu, 1 Feb 2024 12:36:19 +0000 Subject: [PATCH 2/2] ssl: Restructure micropython SSL interface to a new tls module. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MicroPython now supplies SSL/TLS functionality in a new built-in `tls` module. The `ssl` module is now implemented purely in Python, in this repository. Other libraries are updated to work with this scheme. Signed-off-by: Felix Dörre --- .../bundles/bundle-networking/manifest.py | 3 +- micropython/umqtt.simple/manifest.py | 2 +- micropython/umqtt.simple/umqtt/simple.py | 8 +- micropython/urllib.urequest/manifest.py | 2 +- .../urllib.urequest/urllib/urequest.py | 6 +- python-ecosys/requests/manifest.py | 2 +- python-ecosys/requests/requests/__init__.py | 6 +- python-stdlib/ssl/manifest.py | 4 +- python-stdlib/ssl/ssl.py | 92 +++++++++++++------ 9 files changed, 81 insertions(+), 44 deletions(-) diff --git a/micropython/bundles/bundle-networking/manifest.py b/micropython/bundles/bundle-networking/manifest.py index 79d5e9d9d..7ad3540da 100644 --- a/micropython/bundles/bundle-networking/manifest.py +++ b/micropython/bundles/bundle-networking/manifest.py @@ -1,10 +1,11 @@ metadata( - version="0.1.0", + version="0.2.0", description="Common networking packages for all network-capable deployments of MicroPython.", ) require("mip") require("ntptime") +require("ssl") require("requests") require("webrepl") diff --git a/micropython/umqtt.simple/manifest.py b/micropython/umqtt.simple/manifest.py index 19617a5ee..b418995c5 100644 --- a/micropython/umqtt.simple/manifest.py +++ b/micropython/umqtt.simple/manifest.py @@ -1,4 +1,4 @@ -metadata(description="Lightweight MQTT client for MicroPython.", version="1.3.4") +metadata(description="Lightweight MQTT client for MicroPython.", version="1.4.0") # Originally written by Paul Sokolovsky. diff --git a/micropython/umqtt.simple/umqtt/simple.py b/micropython/umqtt.simple/umqtt/simple.py index c59c6d9de..e84e585c4 100644 --- a/micropython/umqtt.simple/umqtt/simple.py +++ b/micropython/umqtt.simple/umqtt/simple.py @@ -16,8 +16,7 @@ def __init__( user=None, password=None, keepalive=0, - ssl=False, - ssl_params={}, + ssl=None, ): if port == 0: port = 8883 if ssl else 1883 @@ -26,7 +25,6 @@ def __init__( self.server = server self.port = port self.ssl = ssl - self.ssl_params = ssl_params self.pid = 0 self.cb = None self.user = user @@ -67,9 +65,7 @@ def connect(self, clean_session=True): addr = socket.getaddrinfo(self.server, self.port)[0][-1] self.sock.connect(addr) if self.ssl: - import ussl - - self.sock = ussl.wrap_socket(self.sock, **self.ssl_params) + self.sock = self.ssl.wrap_socket(self.sock, server_hostname=self.server) premsg = bytearray(b"\x10\0\0\0\0\0") msg = bytearray(b"\x04MQTT\x04\x02\0\0") diff --git a/micropython/urllib.urequest/manifest.py b/micropython/urllib.urequest/manifest.py index e3e8f13f4..2790208a7 100644 --- a/micropython/urllib.urequest/manifest.py +++ b/micropython/urllib.urequest/manifest.py @@ -1,4 +1,4 @@ -metadata(version="0.6.0") +metadata(version="0.7.0") # Originally written by Paul Sokolovsky. diff --git a/micropython/urllib.urequest/urllib/urequest.py b/micropython/urllib.urequest/urllib/urequest.py index 4c654d45e..2eff43c36 100644 --- a/micropython/urllib.urequest/urllib/urequest.py +++ b/micropython/urllib.urequest/urllib/urequest.py @@ -12,7 +12,7 @@ def urlopen(url, data=None, method="GET"): if proto == "http:": port = 80 elif proto == "https:": - import ussl + import tls port = 443 else: @@ -29,7 +29,9 @@ def urlopen(url, data=None, method="GET"): try: s.connect(ai[-1]) if proto == "https:": - s = ussl.wrap_socket(s, server_hostname=host) + context = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT) + context.verify_mode = tls.CERT_NONE + s = context.wrap_socket(s, server_hostname=host) s.write(method) s.write(b" /") diff --git a/python-ecosys/requests/manifest.py b/python-ecosys/requests/manifest.py index 1c46a7384..97df1560e 100644 --- a/python-ecosys/requests/manifest.py +++ b/python-ecosys/requests/manifest.py @@ -1,3 +1,3 @@ -metadata(version="0.8.1", pypi="requests") +metadata(version="0.9.0", pypi="requests") package("requests") diff --git a/python-ecosys/requests/requests/__init__.py b/python-ecosys/requests/requests/__init__.py index fd751e623..740102916 100644 --- a/python-ecosys/requests/requests/__init__.py +++ b/python-ecosys/requests/requests/__init__.py @@ -63,7 +63,7 @@ def request( if proto == "http:": port = 80 elif proto == "https:": - import ussl + import tls port = 443 else: @@ -90,7 +90,9 @@ def request( try: s.connect(ai[-1]) if proto == "https:": - s = ussl.wrap_socket(s, server_hostname=host) + context = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT) + context.verify_mode = tls.CERT_NONE + s = context.wrap_socket(s, server_hostname=host) s.write(b"%s /%s HTTP/1.0\r\n" % (method, path)) if "Host" not in headers: s.write(b"Host: %s\r\n" % host) diff --git a/python-stdlib/ssl/manifest.py b/python-stdlib/ssl/manifest.py index 1dae2f6e7..5dd041794 100644 --- a/python-stdlib/ssl/manifest.py +++ b/python-stdlib/ssl/manifest.py @@ -1,3 +1,3 @@ -metadata(version="0.1.0") +metadata(version="0.2.0") -module("ssl.py") +module("ssl.py", opt=3) diff --git a/python-stdlib/ssl/ssl.py b/python-stdlib/ssl/ssl.py index 9262f5fb5..19847d6d3 100644 --- a/python-stdlib/ssl/ssl.py +++ b/python-stdlib/ssl/ssl.py @@ -1,36 +1,72 @@ -from ussl import * -import ussl as _ussl +import tls +from tls import ( + CERT_NONE, + CERT_OPTIONAL, + CERT_REQUIRED, + MBEDTLS_VERSION, + PROTOCOL_TLS_CLIENT, + PROTOCOL_TLS_SERVER, +) -# Constants -for sym in "CERT_NONE", "CERT_OPTIONAL", "CERT_REQUIRED": - if sym not in globals(): - globals()[sym] = object() + +class SSLContext: + def __init__(self, *args): + self._context = tls.SSLContext(*args) + self._context.verify_mode = CERT_NONE + + @property + def verify_mode(self): + return self._context.verify_mode + + @verify_mode.setter + def verify_mode(self, val): + self._context.verify_mode = val + + def load_cert_chain(self, certfile, keyfile): + if isinstance(certfile, str): + with open(certfile, "rb") as f: + certfile = f.read() + if isinstance(keyfile, str): + with open(keyfile, "rb") as f: + keyfile = f.read() + self._context.load_cert_chain(certfile, keyfile) + + def load_verify_locations(self, cafile=None, cadata=None): + if cafile: + with open(cafile, "rb") as f: + cadata = f.read() + self._context.load_verify_locations(cadata) + + def wrap_socket( + self, sock, server_side=False, do_handshake_on_connect=True, server_hostname=None + ): + return self._context.wrap_socket( + sock, + server_side=server_side, + do_handshake_on_connect=do_handshake_on_connect, + server_hostname=server_hostname, + ) def wrap_socket( sock, - keyfile=None, - certfile=None, server_side=False, + key=None, + cert=None, cert_reqs=CERT_NONE, - *, - ca_certs=None, - server_hostname=None + cadata=None, + server_hostname=None, + do_handshake=True, ): - # TODO: More arguments accepted by CPython could also be handled here. - # That would allow us to accept ca_certs as a positional argument, which - # we should. - kw = {} - if keyfile is not None: - kw["keyfile"] = keyfile - if certfile is not None: - kw["certfile"] = certfile - if server_side is not False: - kw["server_side"] = server_side - if cert_reqs is not CERT_NONE: - kw["cert_reqs"] = cert_reqs - if ca_certs is not None: - kw["ca_certs"] = ca_certs - if server_hostname is not None: - kw["server_hostname"] = server_hostname - return _ussl.wrap_socket(sock, **kw) + con = SSLContext(PROTOCOL_TLS_SERVER if server_side else PROTOCOL_TLS_CLIENT) + if cert or key: + con.load_cert_chain(cert, key) + if cadata: + con.load_verify_locations(cadata=cadata) + con.verify_mode = cert_reqs + return con.wrap_socket( + sock, + server_side=server_side, + do_handshake_on_connect=do_handshake, + server_hostname=server_hostname, + ) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy