Request for package: micropython-ssl #198
Comments
|
Somehow I missed this ticket, sorry. Lack of "micropython-ssl" is indeed an oversight, I added dummy implementation of it in ea60d9d. I'll review your other points as time permits, sorry for the further delays. |
|
No worries about delays; I have other things on my list right now too. Since you've added the ssl package, I might submit a pull request implementing "Use case 1", as I described above, since that seems pretty straightforward and uncontroversial. In the mean time, I'll keep an eye out for your comments. Thanks. |
|
So, the aim of micropython-lib is to implement as complete as possible Python stdlib, so in general, this work is welcome. One thing to keep in mind, also in general, is that at last time, there's growing interest to use more of micropython-lib on baremetal targets, the outcome being that the idea that it'll run only on unix, in "unlimited" resources, no longer should be counted on. Nothing of that directly applies to the proposal above, just general things to keep in mind. So, "Use case 1" indeed can be implemented seamlessly, and I don't see big problems with proposed plan for "Use case 2", just everything needs to be done step by step. |
|
Thanks for looking into that btw! |
|
+1 for supporting bare metal ports. It also helps to highlight inconsistencies between ports of MicroPython proper. As for doing everything step by step, I'm with you there too. |
|
Pull request incoming for "Use case 1", described above. Have not worked yet on Use case 2. |
Would you be open to adding a
micropython-sslpackage that wrapsussl, similarly to howmicropython-socketwrapsusocket? I can think of two use cases for this, as discussed below. I'd be happy to contribute the code for this, but I want to make sure it's something you'd be receptive to first, especially considering that it would be a new package.Use case 1: Drop default arguments
According to the docs for most (or maybe all) ports, the signature for
wrap_socketisssl.wrap_socket(sock, server_side=False, keyfile=None, certfile=None, cert_reqs=CERT_NONE, ca_certs=None), with the caveat thatIndeed, most ports (it seems) do not support nearly so many of these. On Unix, for example, even the
keyfileandcertfilearguments are not accepted.Note though, that even
ussl.wrap_socket(s, keyfile=None)does not work, even though it should be equivalent toussl.wrap_socket(s). The proposedmicropython-sslpackage could provide anssl.wrap_socketfunction that drops keyword arguments whose values are the default (i.e.ssl.wrap_socket(s, keyfile=None)results in a call toussl.wrap_socket(s)).This would be useful for user-defined libraries that accept a
keyfileparameter from their callers and pass this towrap_socket. (It would provide better compatibility across MicroPython ports and with CPython, without growing MicroPython proper.)Use case 2: Allow SSL-wrapping of
micropython-socketsocketsDue to micropython/micropython#2749, and the fact that
socket.socketis a subclass ofusocket.socket,micropython-socketsockets cannot be passed toussl.wrap_socket(attempts to do so cause a crash, for now). This makes themicropython-socketpackage almost entirely unusable with SSL.If
micropython-socketwere modified, though, to wrap instances ofusocket.socket, rather than subclassing it, then the proposedmicropython-sslpackage could provide awrap_socketfunction that retrieves the underlyingusocket.socketinstance from any passed-insocket.sockets before forwarding toussl.Perhaps there's a better solution, but this is the only one I can think of besides fixing it in MicroPython proper, as was said here. That might take a while though; even in CPython subclassing native objects has limitations. This solution would affect the result of
issubclass(socket.socket, usocket.socket), but I doubt anyone's relying on that (just a guess, though).Maintainers: What say you? Would this be useful?
The text was updated successfully, but these errors were encountered: