mirror of
https://github.com/espressif/esp-idf.git
synced 2025-12-26 13:12:21 +00:00
Merge branch 'contrib/github_pr_17641' into 'master'
Allow the https server to request client certs only with OPTIONAL (GitHub PR) Closes IDFGH-16506 See merge request espressif/esp-idf!42393
This commit is contained in:
Mahavir Jain
@@ -12,87 +12,11 @@ from common_test_methods import get_env_config_variable
|
||||
from pytest_embedded import Dut
|
||||
from pytest_embedded_idf.utils import idf_parametrize
|
||||
|
||||
server_cert_pem = (
|
||||
'-----BEGIN CERTIFICATE-----\n'
|
||||
'MIIDOzCCAiOgAwIBAgIUG/S51QF4EeUkdaqg54oogqIKBZkwDQYJKoZIhvcNAQEL\n'
|
||||
'BQAwJTEjMCEGA1UEAwwaRVNQMzIgSFRUUFMgc2VydmVyIGV4YW1wbGUwHhcNMjUw\n'
|
||||
'NDAyMDcwMzI2WhcNMzUwMzMxMDcwMzI2WjAlMSMwIQYDVQQDDBpFU1AzMiBIVFRQ\n'
|
||||
'UyBzZXJ2ZXIgZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n'
|
||||
'ALBint6nP77RCQcmKgwPtTsGK0uClxg+LwKJ3WXuye3oqnnjqJCwMEneXzGdG09T\n'
|
||||
'sA0SyNPwrEgebLCH80an3gWU4pHDdqGHfJQa2jBL290e/5L5MB+6PTs2NKcojK/k\n'
|
||||
'qcZkn58MWXhDW1NpAnJtjVniK2Ksvr/YIYSbyD+JiEs0MGxEx+kOl9d7hRHJaIzd\n'
|
||||
'GF/vO2pl295v1qXekAlkgNMtYIVAjUy9CMpqaQBCQRL+BmPSJRkXBsYk8GPnieS4\n'
|
||||
'sUsp53DsNvCCtWDT6fd9D1v+BB6nDk/FCPKhtjYOwOAZlX4wWNSZpRNr5dfrxKsb\n'
|
||||
'jAn4PCuR2akdF4G8WLUeDWECAwEAAaNjMGEwHQYDVR0OBBYEFMnmdJKOEepXrHI/\n'
|
||||
'ivM6mVqJgAX8MB8GA1UdIwQYMBaAFMnmdJKOEepXrHI/ivM6mVqJgAX8MA8GA1Ud\n'
|
||||
'EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQBP\n'
|
||||
'AgAagM33DqsDi+UArUxEoqmov1rH0PHXnd/a6Ct/IvNzr0qUH8hW4Lv0tWHfOJY8\n'
|
||||
'pCf7bkejxXlhP/QHb6M+sobN9tN/WupEaeqNg4pCWi+6Caj2uFW9vkQQf2j50lMg\n'
|
||||
'R0oxnd6SMEQArzy3f3yYRp8rliPERY6F2Rtb9HJNh53K51FE60xONPLZ/1dtSgDB\n'
|
||||
'KcJseZfhg6oAUSLjFCYJEn5xa7CsIuQ8Jx2xMo4IkU44BJ8TJS4zw/hP1/vVjjvS\n'
|
||||
'uU2Z0ZOUCQ78/3eMnsFfLMtDUYqXPyhNogm51GeHOR6dk+ICQ+c5gCDkJUnOTqzg\n'
|
||||
'G2JUmXAXxJoUZDfalijl\n'
|
||||
'-----END CERTIFICATE-----\n'
|
||||
)
|
||||
CURRENT_FILE_PATH = os.path.dirname(__file__)
|
||||
|
||||
client_cert_pem = (
|
||||
'-----BEGIN CERTIFICATE-----\n'
|
||||
'MIID7TCCAtWgAwIBAgIUBdm7RStsshnl3CCpknSJhXQK4GcwDQYJKoZIhvcNAQEL\n'
|
||||
'BQAwgYUxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdKaWFuZ3N1MQ8wDQYDVQQHDAZT\n'
|
||||
'dXpob3UxEjAQBgNVBAoMCUVzcHJlc3NpZjEMMAoGA1UECwwDY29tMRIwEAYDVQQD\n'
|
||||
'DAkxMjcuMC4wLjExHTAbBgkqhkiG9w0BCQEWDmVzcDMyeEBlc3AuY29tMB4XDTIx\n'
|
||||
'MTAwNTExMTMxMFoXDTMxMTAwMzExMTMxMFowgYUxCzAJBgNVBAYTAkNOMRAwDgYD\n'
|
||||
'VQQIDAdKaWFuZ3N1MQ8wDQYDVQQHDAZTdXpob3UxEjAQBgNVBAoMCUVzcHJlc3Np\n'
|
||||
'ZjEMMAoGA1UECwwDY29tMRIwEAYDVQQDDAkxMjcuMC4wLjExHTAbBgkqhkiG9w0B\n'
|
||||
'CQEWDmVzcDMyeEBlc3AuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n'
|
||||
'AQEAu2nP0HPtgKvRUwFuOs72caf4oyeK33OVfa6fGGttr/QYyw9PrwtdFDyEWEiI\n'
|
||||
'4P4hnxNC+bvNSYtJUzF9EmkqrUtKxhBsRVTKWOqumcgtiMWOxpdVKl0936ne2Pqh\n'
|
||||
'SweddrQwvPDFuB3hRikRX11+d5vkjFBV9FoZobKHWemDkXSc2R99xRie5PJoEfoz\n'
|
||||
'rmu5zjCaPHxzkyZsmH4MILfTuhUGc/Eye9Nl+lpY5KLjM14ZMQLK1CHRuI/oqCN6\n'
|
||||
'1WQrgUY5EyXGe0jXHTVhlL2RN8njxJ/4r3JnK/BQkcXTIMPOP8jIv9Sy1HhxfXKy\n'
|
||||
'HzLqOBn0Ft+mOADrpAWX8WnwUQIDAQABo1MwUTAdBgNVHQ4EFgQUpu4d8d+IywjB\n'
|
||||
'HMiKX84L+1ri8BIwHwYDVR0jBBgwFoAUpu4d8d+IywjBHMiKX84L+1ri8BIwDwYD\n'
|
||||
'VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAXm5Hn/aKKO3RnHqqfxok\n'
|
||||
'Hbw5yA2L2T6VPj2puI0Sh5GW62INjM0Kszy3L5mQqLUSsjcEcFAZmpeo14ytPRLG\n'
|
||||
'o6+WG/4er3hBA7D8oDni7hp8Qs+/EtNuEuoU+qQiKsT2DvA5rafT7laNfvjgqaoJ\n'
|
||||
'YMTCvzKLnMBaglB+qC9grgvJwMN0RTzHyY6UySdNZmcf5QXWLWjsX8E8/u4iSq8l\n'
|
||||
'eZlddTjh7HGGEOim7AkvKR9VYAvKGOV+FvUzCxPpoTr6kS2NGwnR7QnvKADECtLj\n'
|
||||
'gf+hW1FalMn0yTVspg4+BNbIThh0thbsvPDUTekMNfaRKKHZpJP2Ty3LkCbANLBR\n'
|
||||
'tQ==\n'
|
||||
'-----END CERTIFICATE-----\n'
|
||||
)
|
||||
|
||||
|
||||
client_key_pem = (
|
||||
'-----BEGIN PRIVATE KEY-----\n'
|
||||
'MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7ac/Qc+2Aq9FT\n'
|
||||
'AW46zvZxp/ijJ4rfc5V9rp8Ya22v9BjLD0+vC10UPIRYSIjg/iGfE0L5u81Ji0lT\n'
|
||||
'MX0SaSqtS0rGEGxFVMpY6q6ZyC2IxY7Gl1UqXT3fqd7Y+qFLB512tDC88MW4HeFG\n'
|
||||
'KRFfXX53m+SMUFX0WhmhsodZ6YORdJzZH33FGJ7k8mgR+jOua7nOMJo8fHOTJmyY\n'
|
||||
'fgwgt9O6FQZz8TJ702X6WljkouMzXhkxAsrUIdG4j+ioI3rVZCuBRjkTJcZ7SNcd\n'
|
||||
'NWGUvZE3yePEn/ivcmcr8FCRxdMgw84/yMi/1LLUeHF9crIfMuo4GfQW36Y4AOuk\n'
|
||||
'BZfxafBRAgMBAAECggEBAJuJZ1UCwRtGfUS8LTVVSiZtVuZhDNoB3REfeR4VGkUq\n'
|
||||
'+eCcZm9JqQgAaX2zRRYlEtYocC8+c1MT69jFe51p9mc302ipfJHVmtFMg3dRMKkP\n'
|
||||
'/DxIn/+2voD/Q9kjt/TC7yXyyXglApKZCbrmnmpc93ZgxL7GdW+Dzz3pIne2WuC9\n'
|
||||
'T6ie71R8X60sau6ApMgkUq6On0f21v/VLkNU67tQJGBF6Q1HE8PK7Ptun3WSBVNm\n'
|
||||
'FNNJKRBwiqfWXe9hPlqqCWayYBrojSqJJXn5Xd6n5XzLDPzAXuPlkPF3VwWeXGam\n'
|
||||
'3RBZA26gwv50E1PeiUQOipkR57J+O9j/oA07AnhsxPkCgYEA8RMvE3ImZTkPVqdX\n'
|
||||
'72E2A5ScJswVvZelnRS/mG8U+8UlvevAu5MYr717DHKHy3yOw/u7wbkqk6KEIcyz\n'
|
||||
'ctNPBPqTweaZ28eEY/+lXSdQaWLD2UgZC8JIcMOSeFugghEHeBaxLzUYBNDToE3q\n'
|
||||
'1El2HJ7W14QuTA+CEtCEb+tc7ssCgYEAxwQkBTT8A7mOEE0phfUACqaBuAXld+zu\n'
|
||||
'I3PNJDIhg1ZABEJ9vo9+3duFDoEHVsJOetijrBBxf/XAvi3bTJ+gAjcA54cGpkxz\n'
|
||||
'6ssbFWZeC9exyo0ILKn33o716GrCvQn1kmuF2gasmAcrOVsMygawR7P02oasDP/X\n'
|
||||
'UckbZdqofdMCgYEAom0GfteePv0e9Idzm/mnZuot+4Xt7/vIvflIze+p96hxMXEy\n'
|
||||
'Pi9xppbH3S8dh2C44Bsv+epEYYxR8mP1VBxDVVtvSmmQqJ/Y93c7d3QRna/JvQ/y\n'
|
||||
'sBWKsU9T1HwHvRq0KZlAcEoZkMUSkSNuYPHN/qKWpkaM2vpn7T1Ivg+aYdkCgYA/\n'
|
||||
'CGO0NnzfXSTOqvHM2LVDqksJkuyD2Enwdpvxq+MLawTplHmpIl/HOuDgoCNH6lDa\n'
|
||||
'/cSRGcApDBgY5ANCOIiASxWBPzXu8+X+5odUdtCwpYdNJPAC3W6BUfw2uaGmKAJc\n'
|
||||
'dqu1S0nc+OBK0Tiyv/2TKD8T+3WAxINZBv4je2bEOwKBgEavm5zTN9NILJsJCf9k\n'
|
||||
'te7+uDFuyoNWkL1vmMPuJYVC1QMVq1yr3DSaxA19BG9P4ZyOMOwVlPVWA+LofD4D\n'
|
||||
'S+w4Jjl2KDI4tSLUr6bsAJWdDfmrmGmRN3Kpds4RXaymV3rjj7qRk1J+ivtwo89s\n'
|
||||
'Vj+VslYzxw7FKKmnBgh/qGbJ\n'
|
||||
'-----END PRIVATE KEY-----\n'
|
||||
)
|
||||
CACERT_FILE_PATH = os.path.join(CURRENT_FILE_PATH, './main/certs/cacert.pem')
|
||||
CLIENT_CERT_PATH = os.path.join(CURRENT_FILE_PATH, './main/certs/client_cert.pem')
|
||||
CLIENT_KEY_PATH = os.path.join(CURRENT_FILE_PATH, './main/certs/client_key.pem')
|
||||
|
||||
success_response = '<h1>Hello Secure World!</h1>'
|
||||
|
||||
@@ -128,21 +52,36 @@ def test_examples_protocol_https_server_simple(dut: Dut) -> None:
|
||||
logging.info(f'Got IP : {got_ip}')
|
||||
logging.info(f'Got Port : {got_port}')
|
||||
|
||||
logging.info('Performing GET request over an SSL connection with the server')
|
||||
# Try requesting without client certificate and it should fail if client cert is required
|
||||
logging.info('Performing GET request over an SSL connection with the server without client certificate')
|
||||
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
|
||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssl_context.check_hostname = False
|
||||
# Load the CA certificate from the path
|
||||
ssl_context.load_verify_locations(cafile=CACERT_FILE_PATH)
|
||||
conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context)
|
||||
logging.info('Performing SSL handshake with the server without client certificate')
|
||||
try:
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
resp.read().decode('utf-8')
|
||||
except Exception as e:
|
||||
if dut.app.sdkconfig.get('EXAMPLE_ENABLE_SKIP_CLIENT_CERT') is True:
|
||||
logging.info('SSL handshake failed without client certificate but was expected to be successful')
|
||||
raise RuntimeError('Failed to test SSL connection') from e
|
||||
else:
|
||||
logging.info('SSL handshake failed without client certificate as expected')
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
CLIENT_CERT_FILE = 'client_cert.pem'
|
||||
CLIENT_KEY_FILE = 'client_key.pem'
|
||||
logging.info('Performing GET request over an SSL connection with the server')
|
||||
|
||||
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
|
||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssl_context.check_hostname = False
|
||||
ssl_context.load_verify_locations(cadata=server_cert_pem)
|
||||
ssl_context.load_verify_locations(cafile=CACERT_FILE_PATH)
|
||||
|
||||
with open(CLIENT_CERT_FILE, 'w', encoding='utf-8') as cert, open(CLIENT_KEY_FILE, 'w', encoding='utf-8') as key:
|
||||
cert.write(client_cert_pem)
|
||||
key.write(client_key_pem)
|
||||
|
||||
ssl_context.load_cert_chain(certfile=CLIENT_CERT_FILE, keyfile=CLIENT_KEY_FILE)
|
||||
ssl_context.load_cert_chain(certfile=CLIENT_CERT_PATH, keyfile=CLIENT_KEY_PATH)
|
||||
|
||||
conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context)
|
||||
logging.info('Performing SSL handshake with the server')
|
||||
@@ -154,10 +93,12 @@ def test_examples_protocol_https_server_simple(dut: Dut) -> None:
|
||||
logging.info('Response obtained does not match with correct response')
|
||||
raise RuntimeError('Failed to test SSL connection')
|
||||
|
||||
if dut.app.sdkconfig.get('CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK') is True:
|
||||
if dut.app.sdkconfig.get('EXAMPLE_ENABLE_HTTPS_USER_CALLBACK') is True:
|
||||
current_cipher = dut.expect(r'Current Ciphersuite(.*)', timeout=5)[0]
|
||||
logging.info(f'Current Ciphersuite {current_cipher}')
|
||||
|
||||
conn.close()
|
||||
|
||||
logging.info('Checking user callback: Obtaining client certificate...')
|
||||
|
||||
serial_number = dut.expect(r'serial number\s*:([^\n]*)', timeout=5)[0]
|
||||
@@ -169,9 +110,6 @@ def test_examples_protocol_https_server_simple(dut: Dut) -> None:
|
||||
logging.info(f'Serial No. {serial_number}')
|
||||
logging.info(f'Issuer Name {issuer_name}')
|
||||
logging.info(f'Expires on {expiry}')
|
||||
|
||||
# Close the connection
|
||||
conn.close()
|
||||
logging.info('Correct response obtained')
|
||||
logging.info('SSL connection test successful\nClosing the connection')
|
||||
|
||||
@@ -208,18 +146,12 @@ def test_examples_protocol_https_server_simple_dynamic_buffers(dut: Dut) -> None
|
||||
|
||||
logging.info('Performing GET request over an SSL connection with the server')
|
||||
|
||||
CLIENT_CERT_FILE = 'client_cert.pem'
|
||||
CLIENT_KEY_FILE = 'client_key.pem'
|
||||
|
||||
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
|
||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssl_context.check_hostname = False
|
||||
ssl_context.load_verify_locations(cadata=server_cert_pem)
|
||||
ssl_context.load_verify_locations(cafile=CACERT_FILE_PATH)
|
||||
|
||||
ssl_context.load_cert_chain(certfile=CLIENT_CERT_FILE, keyfile=CLIENT_KEY_FILE)
|
||||
|
||||
os.remove(CLIENT_CERT_FILE)
|
||||
os.remove(CLIENT_KEY_FILE)
|
||||
ssl_context.load_cert_chain(certfile=CLIENT_CERT_PATH, keyfile=CLIENT_KEY_PATH)
|
||||
|
||||
conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context)
|
||||
logging.info('Performing SSL handshake with the server')
|
||||
@@ -231,10 +163,13 @@ def test_examples_protocol_https_server_simple_dynamic_buffers(dut: Dut) -> None
|
||||
logging.info('Response obtained does not match with correct response')
|
||||
raise RuntimeError('Failed to test SSL connection')
|
||||
|
||||
if dut.app.sdkconfig.get('CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK') is True:
|
||||
if dut.app.sdkconfig.get('EXAMPLE_ENABLE_HTTPS_USER_CALLBACK') is True:
|
||||
current_cipher = dut.expect(r'Current Ciphersuite(.*)', timeout=5)[0]
|
||||
logging.info(f'Current Ciphersuite {current_cipher}')
|
||||
|
||||
# Close the connection
|
||||
conn.close()
|
||||
|
||||
logging.info('Checking user callback: Obtaining client certificate...')
|
||||
|
||||
serial_number = dut.expect(r'serial number\s*:([^\n]*)', timeout=5)[0]
|
||||
@@ -247,8 +182,6 @@ def test_examples_protocol_https_server_simple_dynamic_buffers(dut: Dut) -> None
|
||||
logging.info(f'Issuer Name : {issuer_name}')
|
||||
logging.info(f'Expires on : {expiry}')
|
||||
|
||||
# Close the connection
|
||||
conn.close()
|
||||
logging.info('Correct response obtained')
|
||||
logging.info('SSL connection test successful\nClosing the connection')
|
||||
|
||||
@@ -276,17 +209,38 @@ def test_examples_protocol_https_server_tls1_3(dut: Dut) -> None:
|
||||
got_ip = dut.expect(r'IPv4 address: (\d+\.\d+\.\d+\.\d+)[^\d]', timeout=60)[1].decode()
|
||||
|
||||
# Expected logs
|
||||
|
||||
logging.info(f'Got IP : {got_ip}')
|
||||
logging.info(f'Got Port : {got_port}')
|
||||
logging.info('Performing GET request over an SSL connection with the server using TLSv1.3')
|
||||
|
||||
CLIENT_CERT_FILE = 'client_cert.pem'
|
||||
CLIENT_KEY_FILE = 'client_key.pem'
|
||||
# First try requesting without client certificate and it should also pass if client cert is optional or none
|
||||
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
ssl_context.minimum_version = ssl.TLSVersion.TLSv1_3
|
||||
ssl_context.maximum_version = ssl.TLSVersion.TLSv1_3
|
||||
ssl_context.check_hostname = False
|
||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssl_context.load_verify_locations(cafile=CACERT_FILE_PATH)
|
||||
|
||||
with open(CLIENT_CERT_FILE, 'w', encoding='utf-8') as cert, open(CLIENT_KEY_FILE, 'w', encoding='utf-8') as key:
|
||||
cert.write(client_cert_pem)
|
||||
key.write(client_key_pem)
|
||||
conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context)
|
||||
logging.info('Performing SSL handshake with the server without client certificate')
|
||||
try:
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
resp.read().decode('utf-8')
|
||||
if dut.app.sdkconfig.get('EXAMPLE_ENABLE_SKIP_CLIENT_CERT') is True:
|
||||
dut.expect('performing session handshake')
|
||||
logging.info('SSL handshake successful without client certificate as expected')
|
||||
else:
|
||||
logging.info('SSL handshake successful without client certificate but was expected to fail')
|
||||
raise RuntimeError('Failed to test SSL connection')
|
||||
except Exception as e:
|
||||
if dut.app.sdkconfig.get('EXAMPLE_ENABLE_SKIP_CLIENT_CERT') is True:
|
||||
logging.info(f'SSL handshake failed without client certificate but was expected to be successful: {e}')
|
||||
raise RuntimeError('Failed to test SSL connection')
|
||||
else:
|
||||
logging.info('SSL handshake failed without client certificate as expected')
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
# First try with TLSv1.2 and that should fail
|
||||
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
@@ -294,8 +248,8 @@ def test_examples_protocol_https_server_tls1_3(dut: Dut) -> None:
|
||||
ssl_context.maximum_version = ssl.TLSVersion.TLSv1_2
|
||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssl_context.check_hostname = False
|
||||
ssl_context.load_verify_locations(cadata=server_cert_pem)
|
||||
ssl_context.load_cert_chain(certfile=CLIENT_CERT_FILE, keyfile=CLIENT_KEY_FILE)
|
||||
ssl_context.load_verify_locations(cafile=CACERT_FILE_PATH)
|
||||
ssl_context.load_cert_chain(certfile=CLIENT_CERT_PATH, keyfile=CLIENT_KEY_PATH)
|
||||
conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context)
|
||||
try:
|
||||
conn.request('GET', '/')
|
||||
@@ -308,9 +262,6 @@ def test_examples_protocol_https_server_tls1_3(dut: Dut) -> None:
|
||||
ssl_context.minimum_version = ssl.TLSVersion.TLSv1_3
|
||||
ssl_context.maximum_version = ssl.TLSVersion.TLSv1_3
|
||||
|
||||
os.remove(CLIENT_CERT_FILE)
|
||||
os.remove(CLIENT_KEY_FILE)
|
||||
|
||||
conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context)
|
||||
logging.info('Performing SSL handshake with the server')
|
||||
conn.request('GET', '/')
|
||||
@@ -321,10 +272,12 @@ def test_examples_protocol_https_server_tls1_3(dut: Dut) -> None:
|
||||
logging.info('Response obtained does not match with correct response')
|
||||
raise RuntimeError('Failed to test SSL connection')
|
||||
|
||||
if dut.app.sdkconfig.get('CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK') is True:
|
||||
if dut.app.sdkconfig.get('EXAMPLE_ENABLE_HTTPS_USER_CALLBACK') is True:
|
||||
current_cipher = dut.expect(r'Current Ciphersuite(.*)', timeout=5)[0]
|
||||
logging.info(f'Current Ciphersuite {current_cipher}')
|
||||
|
||||
conn.close()
|
||||
|
||||
logging.info('Checking user callback: Obtaining client certificate...')
|
||||
|
||||
serial_number = dut.expect(r'serial number\s*:([^\n]*)', timeout=5)[0]
|
||||
@@ -338,8 +291,6 @@ def test_examples_protocol_https_server_tls1_3(dut: Dut) -> None:
|
||||
logging.info(f'Issuer Name : {issuer_name}')
|
||||
logging.info(f'Expires on : {expiry}')
|
||||
|
||||
# Close the connection
|
||||
conn.close()
|
||||
logging.info('Correct response obtained')
|
||||
logging.info('SSL connection test successful\nClosing the connection')
|
||||
|
||||
@@ -371,21 +322,15 @@ def test_examples_protocol_https_server_tls1_2_only(dut: Dut) -> None:
|
||||
logging.info(f'Got Port : {got_port}')
|
||||
logging.info('Performing GET request over an SSL connection with the server using TLSv1.2')
|
||||
|
||||
CLIENT_CERT_FILE = 'client_cert.pem'
|
||||
CLIENT_KEY_FILE = 'client_key.pem'
|
||||
|
||||
with open(CLIENT_CERT_FILE, 'w', encoding='utf-8') as cert, open(CLIENT_KEY_FILE, 'w', encoding='utf-8') as key:
|
||||
cert.write(client_cert_pem)
|
||||
key.write(client_key_pem)
|
||||
|
||||
# First try with TLSv1.3 and that should fail
|
||||
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
ssl_context.minimum_version = ssl.TLSVersion.TLSv1_3
|
||||
ssl_context.maximum_version = ssl.TLSVersion.TLSv1_3
|
||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssl_context.check_hostname = False
|
||||
ssl_context.load_verify_locations(cadata=server_cert_pem)
|
||||
ssl_context.load_cert_chain(certfile=CLIENT_CERT_FILE, keyfile=CLIENT_KEY_FILE)
|
||||
ssl_context.load_verify_locations(cafile=CACERT_FILE_PATH)
|
||||
# ssl_context.load_verify_locations(cadata=server_cert_pem)
|
||||
ssl_context.load_cert_chain(certfile=CLIENT_CERT_PATH, keyfile=CLIENT_KEY_PATH)
|
||||
conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context)
|
||||
try:
|
||||
conn.request('GET', '/')
|
||||
@@ -419,9 +364,6 @@ def test_examples_protocol_https_server_tls1_2_only(dut: Dut) -> None:
|
||||
# Now try with the matching ciphersuite
|
||||
ssl_context.set_ciphers('DHE-RSA-AES128-SHA256')
|
||||
|
||||
os.remove(CLIENT_CERT_FILE)
|
||||
os.remove(CLIENT_KEY_FILE)
|
||||
|
||||
conn = http.client.HTTPSConnection(got_ip, got_port, context=ssl_context)
|
||||
logging.info('Performing SSL handshake with the server')
|
||||
conn.request('GET', '/')
|
||||
@@ -432,7 +374,7 @@ def test_examples_protocol_https_server_tls1_2_only(dut: Dut) -> None:
|
||||
logging.info('Response obtained does not match with correct response')
|
||||
raise RuntimeError('Failed to test SSL connection')
|
||||
|
||||
if dut.app.sdkconfig.get('CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK') is True:
|
||||
if dut.app.sdkconfig.get('EXAMPLE_ENABLE_HTTPS_USER_CALLBACK') is True:
|
||||
current_cipher = dut.expect(r'Current Ciphersuite(.*)', timeout=5)[0]
|
||||
logging.info(f'Current Ciphersuite {current_cipher}')
|
||||
|
||||
@@ -449,7 +391,5 @@ def test_examples_protocol_https_server_tls1_2_only(dut: Dut) -> None:
|
||||
logging.info(f'Issuer Name : {issuer_name}')
|
||||
logging.info(f'Expires on : {expiry}')
|
||||
|
||||
# Close the connection
|
||||
conn.close()
|
||||
logging.info('Correct response obtained')
|
||||
logging.info('SSL connection test successful\nClosing the connection')
|
||||
|
||||
Reference in New Issue
Block a user