ssl – SSL/TLS module¶
This module implements a subset of the corresponding CPython module,
as described below. For more information, refer to the original
CPython documentation: ssl.
This module provides access to Transport Layer Security (previously and widely known as “Secure Sockets Layer”) encryption and peer authentication facilities for network sockets, both client-side and server-side.
Functions¶
- ssl.wrap_socket(sock, server_side=False, keyfile=None, certfile=None, cert_reqs=CERT_NONE, ca_certs=None, do_handshake=True)¶
Takes a
streamsock (usually socket.socket instance ofSOCK_STREAMtype), and returns an instance of ssl.SSLSocket, which wraps the underlying stream in an SSL context. Returned object has the usualstreaminterface methods likeread(),write(), etc. A server-side SSL socket should be created from a normal socket returned fromaccept()on a non-SSL listening server socket.do_handshake determines whether the handshake is done as part of the
wrap_socketor whether it is deferred to be done as part of the initial reads or writes (there is nodo_handshakemethod as in CPython). For blocking sockets doing the handshake immediately is standard. For non-blocking sockets (i.e. when the sock passed intowrap_socketis in non-blocking mode) the handshake should generally be deferred because otherwisewrap_socketblocks until it completes. Note that in AXTLS the handshake can be deferred until the first read or write but it then blocks until completion.
Depending on the underlying module implementation in a particular MicroPython port, some or all keyword arguments above may be not supported.
Warning
Some implementations of ssl module do NOT validate server certificates,
which makes an SSL connection established prone to man-in-the-middle attacks.
CPython’s wrap_socket returns an SSLSocket object which has methods typical
for sockets, such as send, recv, etc. MicroPython’s wrap_socket
returns an object more similar to CPython’s SSLObject which does not have
these socket methods.