From e487d830ec51cf4eaf2591b9658c77214d3b6d93 Mon Sep 17 00:00:00 2001 From: Martijn Stolk Date: Tue, 9 Mar 2021 19:57:19 +0100 Subject: [PATCH] Add allow_renegotiation to ssl.wrap_socket() --- esp32/mods/modussl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/esp32/mods/modussl.c b/esp32/mods/modussl.c index 9e1dbe9a02..c162b6d023 100644 --- a/esp32/mods/modussl.c +++ b/esp32/mods/modussl.c @@ -73,7 +73,7 @@ STATIC const mp_obj_type_t ssl_socket_type = { static int32_t mod_ssl_setup_socket (mp_obj_ssl_socket_t *ssl_sock, const mbedtls_ssl_session *saved_session, const char *host_name, const char *ca_cert, const char *client_cert, const char *client_key, - uint32_t ssl_verify, uint32_t client_or_server) { + uint32_t ssl_verify, uint32_t client_or_server, uint32_t renegotiation) { int32_t ret; mbedtls_ssl_init(&ssl_sock->ssl); @@ -123,6 +123,7 @@ static int32_t mod_ssl_setup_socket (mp_obj_ssl_socket_t *ssl_sock, const mbedtl return ret; } + mbedtls_ssl_conf_renegotiation(&ssl_sock->conf, renegotiation); mbedtls_ssl_conf_authmode(&ssl_sock->conf, ssl_verify); mbedtls_ssl_conf_rng(&ssl_sock->conf, mbedtls_ctr_drbg_random, &ssl_sock->ctr_drbg); mbedtls_ssl_conf_ca_chain(&ssl_sock->conf, &ssl_sock->cacert, NULL); @@ -219,6 +220,7 @@ STATIC mp_obj_t mod_ssl_wrap_socket(mp_uint_t n_args, const mp_obj_t *pos_args, { MP_QSTR_server_hostname, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_obj = mp_const_none} }, { MP_QSTR_saved_session, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_obj = mp_const_none} }, { MP_QSTR_timeout, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_obj = mp_const_none} }, + { MP_QSTR_allow_renegotiation, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} }, }; int32_t _error; @@ -228,6 +230,7 @@ STATIC mp_obj_t mod_ssl_wrap_socket(mp_uint_t n_args, const mp_obj_t *pos_args, mp_arg_parse_all(n_args, pos_args, kw_args, MP_ARRAY_SIZE(allowed_args), allowed_args, args); bool server_side = args[3].u_bool; + bool allow_renegotiation = args[10].u_bool; uint32_t verify_type = args[4].u_int; // chech if ca validation is required if (verify_type != MBEDTLS_SSL_VERIFY_NONE && args[6].u_obj == mp_const_none) { @@ -303,7 +306,8 @@ STATIC mp_obj_t mod_ssl_wrap_socket(mp_uint_t n_args, const mp_obj_t *pos_args, MP_THREAD_GIL_EXIT(); _error = mod_ssl_setup_socket(ssl_sock, saved_session, host_name, ca_cert, client_cert, client_key, - verify_type, server_side ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT); + verify_type, server_side ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT, + allow_renegotiation ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); MP_THREAD_GIL_ENTER();