Skip to content

Commit 05d3b22

Browse files
Carglglzdpgeorge
authored andcommitted
docs/library: Document SSLContext cert methods and asyncio support.
Add `load_cert_chain`, `load_verify_locations`, `get_ciphers` and `set_ciphers` SSLContext methods in ssl library, and update asyncio `open_connection` and `start_server` methods with ssl support. Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
1 parent bfd6ad9 commit 05d3b22

2 files changed

Lines changed: 39 additions & 2 deletions

File tree

docs/library/asyncio.rst

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -201,23 +201,27 @@ class Lock
201201
TCP stream connections
202202
----------------------
203203

204-
.. function:: open_connection(host, port)
204+
.. function:: open_connection(host, port, ssl=None)
205205

206206
Open a TCP connection to the given *host* and *port*. The *host* address will be
207207
resolved using `socket.getaddrinfo`, which is currently a blocking call.
208+
If *ssl* is a `ssl.SSLContext` object, this context is used to create the transport;
209+
if *ssl* is ``True``, a default context is used.
208210

209211
Returns a pair of streams: a reader and a writer stream.
210212
Will raise a socket-specific ``OSError`` if the host could not be resolved or if
211213
the connection could not be made.
212214

213215
This is a coroutine.
214216

215-
.. function:: start_server(callback, host, port, backlog=5)
217+
.. function:: start_server(callback, host, port, backlog=5, ssl=None)
216218

217219
Start a TCP server on the given *host* and *port*. The *callback* will be
218220
called with incoming, accepted connections, and be passed 2 arguments: reader
219221
and writer streams for the connection.
220222

223+
If *ssl* is a `ssl.SSLContext` object, this context is used to create the transport.
224+
221225
Returns a `Server` object.
222226

223227
This is a coroutine.

docs/library/ssl.rst

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,33 @@ class SSLContext
3939
Create a new SSLContext instance. The *protocol* argument must be one of the ``PROTOCOL_*``
4040
constants.
4141

42+
.. method:: SSLContext.load_cert_chain(certfile, keyfile)
43+
44+
Load a private key and the corresponding certificate. The *certfile* is a string
45+
with the file path of the certificate. The *keyfile* is a string with the file path
46+
of the private key.
47+
48+
.. admonition:: Difference to CPython
49+
:class: attention
50+
51+
MicroPython extension: *certfile* and *keyfile* can be bytes objects instead of
52+
strings, in which case they are interpreted as the actual certificate/key data.
53+
54+
.. method:: SSLContext.load_verify_locations(cafile=None, cadata=None)
55+
56+
Load the CA certificate chain that will validate the peer's certificate.
57+
*cafile* is the file path of the CA certificates. *cadata* is a bytes object
58+
containing the CA certificates. Only one of these arguments should be provided.
59+
60+
.. method:: SSLContext.get_ciphers()
61+
62+
Get a list of enabled ciphers, returned as a list of strings.
63+
64+
.. method:: SSLContext.set_ciphers(ciphers)
65+
66+
Set the available ciphers for sockets created with this context. *ciphers* should be
67+
a list of strings in the `IANA cipher suite format <https://wiki.mozilla.org/Security/Cipher_Suites>`_ .
68+
4269
.. method:: SSLContext.wrap_socket(sock, *, server_side=False, do_handshake_on_connect=True, server_hostname=None)
4370

4471
Takes a `stream` *sock* (usually socket.socket instance of ``SOCK_STREAM`` type),
@@ -77,6 +104,12 @@ class SSLContext
77104
Set or get the behaviour for verification of peer certificates. Must be one of the
78105
``CERT_*`` constants.
79106

107+
.. note::
108+
109+
``ssl.CERT_REQUIRED`` requires the device's date/time to be properly set, e.g. using
110+
`mpremote rtc --set <mpremote_command_rtc>` or ``ntptime``, and ``server_hostname``
111+
must be specified when on the client side.
112+
80113
Exceptions
81114
----------
82115

0 commit comments

Comments
 (0)