cc3200: Add ssl_version argument to ssl.wrap_socket().

This resolves issue #2343.
2016-10-01 21:35:09 +02:00 · 2016-10-01 21:35:09 +02:00 · a0d97fe408
parent 8de270b4fc
commit a0d97fe408
1 changed files with 12 additions and 4 deletions
--- a/cc3200/mods/modussl.c
+++ b/cc3200/mods/modussl.c
@ -78,6 +78,7 @@ STATIC mp_obj_t mod_ssl_wrap_socket(mp_uint_t n_args, const mp_obj_t *pos_args,
        { MP_QSTR_certfile,         MP_ARG_KW_ONLY  | MP_ARG_OBJ,  {.u_obj = mp_const_none} },
        { MP_QSTR_server_side,      MP_ARG_KW_ONLY  | MP_ARG_BOOL, {.u_bool = false} },
        { MP_QSTR_cert_reqs,        MP_ARG_KW_ONLY  | MP_ARG_INT,  {.u_int = SSL_CERT_NONE} },
+        { MP_QSTR_ssl_version,      MP_ARG_KW_ONLY  | MP_ARG_INT,  {.u_int = SL_SO_SEC_METHOD_TLSV1} },
        { MP_QSTR_ca_certs,         MP_ARG_KW_ONLY  | MP_ARG_OBJ,  {.u_obj = mp_const_none} },
    };

@ -93,17 +94,19 @@ STATIC mp_obj_t mod_ssl_wrap_socket(mp_uint_t n_args, const mp_obj_t *pos_args,
    // retrieve the file paths (with an 6 byte offset in order to strip it from the '/flash' prefix)
    const char *keyfile  = (args[1].u_obj == mp_const_none) ? NULL : &(mp_obj_str_get_str(args[1].u_obj)[6]);
    const char *certfile = (args[2].u_obj == mp_const_none) ? NULL : &(mp_obj_str_get_str(args[2].u_obj)[6]);
-    const char *cafile   = (args[5].u_obj == mp_const_none || args[4].u_int != SSL_CERT_REQUIRED) ?
-                           NULL : &(mp_obj_str_get_str(args[5].u_obj)[6]);
+    const char *cafile   = (args[6].u_obj == mp_const_none || args[4].u_int != SSL_CERT_REQUIRED) ?
+                           NULL : &(mp_obj_str_get_str(args[6].u_obj)[6]);

    // server side requires both certfile and keyfile
    if (args[3].u_bool && (!keyfile || !certfile)) {
        goto arg_error;
    }

-    _i16 sd = ((mod_network_socket_obj_t *)args[0].u_obj)->sock_base.sd;
    _i16 _errno;
-    _u8 method = SL_SO_SEC_METHOD_TLSV1;
+    _i16 sd = ((mod_network_socket_obj_t *)args[0].u_obj)->sock_base.sd;
+
+    // set the requested SSL method
+    _u8 method = args[5].u_int;
    if ((_errno = sl_SetSockOpt(sd, SL_SOL_SOCKET, SL_SO_SECMETHOD, &method, sizeof(method))) < 0) {
        goto socket_error;
    }
@ -146,6 +149,11 @@ STATIC const mp_map_elem_t mp_module_ussl_globals_table[] = {
    { MP_OBJ_NEW_QSTR(MP_QSTR_CERT_NONE),           MP_OBJ_NEW_SMALL_INT(SSL_CERT_NONE) },
    { MP_OBJ_NEW_QSTR(MP_QSTR_CERT_OPTIONAL),       MP_OBJ_NEW_SMALL_INT(SSL_CERT_OPTIONAL) },
    { MP_OBJ_NEW_QSTR(MP_QSTR_CERT_REQUIRED),       MP_OBJ_NEW_SMALL_INT(SSL_CERT_REQUIRED) },
+
+    { MP_OBJ_NEW_QSTR(MP_QSTR_PROTOCOL_SSLv3),      MP_OBJ_NEW_SMALL_INT(SL_SO_SEC_METHOD_SSLV3) },
+    { MP_OBJ_NEW_QSTR(MP_QSTR_PROTOCOL_TLSv1),      MP_OBJ_NEW_SMALL_INT(SL_SO_SEC_METHOD_TLSV1) },
+    { MP_OBJ_NEW_QSTR(MP_QSTR_PROTOCOL_TLSv1_1),    MP_OBJ_NEW_SMALL_INT(SL_SO_SEC_METHOD_TLSV1_1) },
+    { MP_OBJ_NEW_QSTR(MP_QSTR_PROTOCOL_TLSv1_2),    MP_OBJ_NEW_SMALL_INT(SL_SO_SEC_METHOD_TLSV1_2) },
 };

 STATIC MP_DEFINE_CONST_DICT(mp_module_ussl_globals, mp_module_ussl_globals_table);