tve
diff --git a/‎docs/library/ussl.rst
Lines changed: 9 additions & 5 deletions b/‎docs/library/ussl.rst
Lines changed: 9 additions & 5 deletions
diff --git a/‎extmod/modussl_axtls.c
Lines changed: 96 additions & 7 deletions b/‎extmod/modussl_axtls.c
Lines changed: 96 additions & 7 deletions
@@ -18,8 +18,7 @@ Functions
    Takes a `stream` *sock* (usually usocket.socket instance of ``SOCK_STREAM`` type),
    and returns an instance of ssl.SSLSocket, which wraps the underlying stream in
    an SSL context. Returned object has the usual `stream` interface methods like
-   ``read()``, ``write()``, etc. In MicroPython, the returned object does not expose
-   socket interface and methods like ``recv()``, ``send()``. In particular, a
+   ``read()``, ``write()``, etc.  as well as ``recv()``, ``send()``. In particular, a
    server-side SSL socket should be created from a normal socket returned from
    :meth:`~usocket.socket.accept()` on a non-SSL listening server socket.
 
@@ -31,9 +30,14 @@ Functions
    - ``ca_certs``: root certificates to use for certificate checking.
    - ``server_hostname``: specifies the hostname of the server for verification purposes
      as well for SNI (Server Name Identification).
-   - ``do_handshake``: if True, initiates the TLS handshake and waits for its completion;
-     if False, proceeds without handshake and performs is with the first write making it
-     non-blocking if asyncio is used, see git commit 9c7c082.
+   - ``do_handshake``: determines whether the handshake is done as part of the ``wrap_socket``
+     or whether it is deferred to be done as part of the initial reads or writes
+     (there is no ``do_handshake`` method as in CPython).
+     For blocking sockets doing the handshake immediately is standard. For non-blocking
+     sockets (i.e. when the *sock* passed into ``wrap_socket`` is in non-blocking mode)
+     the handshake should generally be deferred because otherwise ``wrap_socket`` blocks
+     until it completes. Note that in AXTLS the handshake can be deferred until the first
+     read or write but it then blocks until completion.
 
    Depending on the underlying module implementation in a particular
    `MicroPython port`, some or all keyword arguments above may be not supported.
 
@@ -54,6 +54,44 @@ struct ssl_args {
 
 STATIC const mp_obj_type_t ussl_socket_type;
 
+// Table of errors
+struct ssl_errs {
+    int16_t errnum;
+    const char *errstr;
+};
+STATIC const struct ssl_errs ssl_error_tab[] = {
+    { SSL_NOT_OK, "NOT_OK" },
+    { SSL_ERROR_DEAD, "DEAD" },
+    { SSL_ERROR_RECORD_OVERFLOW, "RECORD_OVERFLOW" },
+    { SSL_ERROR_SOCK_SETUP_FAILURE, "SOCK_SETUP_FAILURE" },
+    { SSL_ERROR_INVALID_HANDSHAKE, "INVALID_HANDSHAKE" },
+    { SSL_ERROR_INVALID_PROT_MSG, "INVALID_PROT_MSG" },
+    { SSL_ERROR_INVALID_HMAC, "INVALID_HMAC" },
+    { SSL_ERROR_INVALID_VERSION, "INVALID_VERSION" },
+    { SSL_ERROR_UNSUPPORTED_EXTENSION, "UNSUPPORTED_EXTENSION" },
+    { SSL_ERROR_INVALID_SESSION, "INVALID_SESSION" },
+    { SSL_ERROR_NO_CIPHER, "NO_CIPHER" },
+    { SSL_ERROR_INVALID_CERT_HASH_ALG, "INVALID_CERT_HASH_ALG" },
+    { SSL_ERROR_BAD_CERTIFICATE, "BAD_CERTIFICATE" },
+    { SSL_ERROR_INVALID_KEY, "INVALID_KEY" },
+    { SSL_ERROR_FINISHED_INVALID, "FINISHED_INVALID" },
+    { SSL_ERROR_NO_CERT_DEFINED, "NO_CERT_DEFINED" },
+    { SSL_ERROR_NO_CLIENT_RENOG, "NO_CLIENT_RENOG" },
+    { SSL_ERROR_NOT_SUPPORTED, "NOT_SUPPORTED" },
+    { 0, 0 },
+};
+
+STATIC NORETURN void ussl_raise_error(int err) {
+    for (int i=0; ssl_error_tab[i].errnum; i++) {
+        if (ssl_error_tab[i].errnum == err) {
+            //printf("AXTLS error: SSL_%s\n", ssl_error_tab[i].errstr);
+            mp_raise_msg_varg(&mp_type_OSError, "AXTLS %d: %s", err, ssl_error_tab[i].errstr);
+        }
+    }
+    mp_raise_msg_varg(&mp_type_OSError, "AXTLS %d", err);
+}
+
+
 STATIC mp_obj_ssl_socket_t *ussl_socket_new(mp_obj_t sock, struct ssl_args *args) {
     #if MICROPY_PY_USSL_FINALISER
     mp_obj_ssl_socket_t *o = m_new_obj_with_finaliser(mp_obj_ssl_socket_t);
@@ -104,12 +142,16 @@ STATIC mp_obj_ssl_socket_t *ussl_socket_new(mp_obj_t sock, struct ssl_args *args
         o->ssl_sock = ssl_client_new(o->ssl_ctx, (long)sock, NULL, 0, ext);
 
         if (args->do_handshake.u_bool) {
-            int res = ssl_handshake_status(o->ssl_sock);
-
-            if (res != SSL_OK) {
-                printf("ssl_handshake_status: %d\n", res);
-                ssl_display_error(res);
-                mp_raise_OSError(MP_EIO);
+            int r = ssl_handshake_status(o->ssl_sock);
+
+            if (r != SSL_OK) {
+                ssl_display_error(r);
+                if (r == SSL_CLOSE_NOTIFY || r == SSL_ERROR_CONN_LOST) { // EOF
+                    r = MP_ENOTCONN;
+                } else if (r == SSL_EAGAIN) {
+                    r = MP_EAGAIN;
+                }
+                ussl_raise_error(r);
             }
         }
 
@@ -173,6 +215,22 @@ STATIC mp_uint_t ussl_socket_read(mp_obj_t o_in, void *buf, mp_uint_t size, int
     return size;
 }
 
+STATIC mp_obj_t ussl_socket_recv(mp_obj_t self_in, mp_obj_t len_in) {
+    size_t len = mp_obj_get_int(len_in);
+    vstr_t vstr;
+    vstr_init_len(&vstr, len);
+
+    int errcode;
+    mp_uint_t ret = ussl_socket_read(self_in, vstr.buf, len, &errcode);
+    if (ret == MP_STREAM_ERROR) {
+        mp_raise_OSError(errcode);
+    }
+
+    vstr.len = ret;
+    return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_2(ussl_socket_recv_obj, ussl_socket_recv);
+
 STATIC mp_uint_t ussl_socket_write(mp_obj_t o_in, const void *buf, mp_uint_t size, int *errcode) {
     mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in);
 
@@ -181,14 +239,43 @@ STATIC mp_uint_t ussl_socket_write(mp_obj_t o_in, const void *buf, mp_uint_t siz
         return MP_STREAM_ERROR;
     }
 
-    mp_int_t r = ssl_write(o->ssl_sock, buf, size);
+    mp_int_t r;
+eagain:
+    r = ssl_write(o->ssl_sock, buf, size);
+    if (r == SSL_OK) {
+        // see comment in read method
+        if (o->blocking) {
+            goto eagain;
+        } else {
+            r = SSL_EAGAIN;
+        }
+    }
     if (r < 0) {
+        if (r == SSL_CLOSE_NOTIFY || r == SSL_ERROR_CONN_LOST) {
+            return 0; // EOF
+        }
+        if (r == SSL_EAGAIN) {
+            r = MP_EAGAIN;
+        }
         *errcode = r;
         return MP_STREAM_ERROR;
     }
     return r;
 }
 
+STATIC mp_obj_t ussl_socket_send(mp_obj_t self_in, mp_obj_t buf_in) {
+    mp_buffer_info_t bufinfo;
+    mp_get_buffer_raise(buf_in, &bufinfo, MP_BUFFER_READ);
+
+    int errcode;
+    mp_uint_t r = ussl_socket_write(self_in, bufinfo.buf, bufinfo.len, &errcode);
+    if (r == MP_STREAM_ERROR) {
+        mp_raise_OSError(errcode);
+    }
+    return mp_obj_new_int(r);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_2(ussl_socket_send_obj, ussl_socket_send);
+
 STATIC mp_uint_t ussl_socket_ioctl(mp_obj_t o_in, mp_uint_t request, uintptr_t arg, int *errcode) {
     mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(o_in);
     if (request == MP_STREAM_CLOSE && self->ssl_sock != NULL) {
@@ -216,7 +303,9 @@ STATIC const mp_rom_map_elem_t ussl_socket_locals_dict_table[] = {
     { MP_ROM_QSTR(MP_QSTR_read), MP_ROM_PTR(&mp_stream_read_obj) },
     { MP_ROM_QSTR(MP_QSTR_readinto), MP_ROM_PTR(&mp_stream_readinto_obj) },
     { MP_ROM_QSTR(MP_QSTR_readline), MP_ROM_PTR(&mp_stream_unbuffered_readline_obj) },
+    { MP_ROM_QSTR(MP_QSTR_recv), MP_ROM_PTR(&ussl_socket_recv_obj) },
     { MP_ROM_QSTR(MP_QSTR_write), MP_ROM_PTR(&mp_stream_write_obj) },
+    { MP_ROM_QSTR(MP_QSTR_send), MP_ROM_PTR(&ussl_socket_send_obj) },
     { MP_ROM_QSTR(MP_QSTR_setblocking), MP_ROM_PTR(&ussl_socket_setblocking_obj) },
     { MP_ROM_QSTR(MP_QSTR_close), MP_ROM_PTR(&mp_stream_close_obj) },
     #if MICROPY_PY_USSL_FINALISER