-
-
Notifications
You must be signed in to change notification settings - Fork 7.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
extmod/modssl_mbedtls: Implement SSLSession support. #12780
base: master
Are you sure you want to change the base?
Conversation
57c5d78
to
43824ae
Compare
Code size report:
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #12780 +/- ##
==========================================
- Coverage 98.39% 98.37% -0.02%
==========================================
Files 161 161
Lines 21204 21257 +53
==========================================
+ Hits 20864 20912 +48
- Misses 340 345 +5 ☔ View full report in Codecov by Sentry. |
43824ae
to
53bb552
Compare
53bb552
to
e529117
Compare
This is an automated heads-up that we've just merged a Pull Request See #13763 A search suggests this PR might apply the STATIC macro to some C code. If it Although this is an automated message, feel free to @-reply to me directly if |
f014564
to
6c50ae1
Compare
6c50ae1
to
9a48098
Compare
Updated on latest master branch, added server-side support for TLS tickets to the Unix port, and added a test that checks (a) that SSLSession works and (b) that session resumption actually results in decreased data usage. I've been using various versions of this patch for almost a year now to resume HTTPS connections without any trouble (though that might just be because I didn't try with many different configurations). Marked as ready for review. EDIT: And re-pushed because I forgot to add the documentation commit. |
caeb380
to
feae3a7
Compare
Signed-off-by: Daniël van de Giessen <daniel@dvdgiessen.nl>
Signed-off-by: Daniël van de Giessen <daniel@dvdgiessen.nl>
Signed-off-by: Daniël van de Giessen <daniel@dvdgiessen.nl>
Signed-off-by: Daniël van de Giessen <daniel@dvdgiessen.nl>
Signed-off-by: Daniël van de Giessen <daniel@dvdgiessen.nl>
feae3a7
to
a7c1dc6
Compare
This implements support for the
SSLSession
class, introduced in CPython in 3.6 (see #2415). It allows saving session data from an active TLS client-side connection and then creating a new connection re-using this session data. Benefits include a faster handshake and reduced data usage for short connections.It adds the
SSLSession
class, thesession=
parameter for theSSLContext.wrap_socket()
method, and thesession
attribute for anSSLSocket
object.Additionally, I've added a non-standard part: The
SSLSession.serialize()
function that converts the session to a bytes object (also available via the buffer protocol, so perhaps exposing this function is redundant); so that it can be stored by the user, and a constructor for the SSLSession object that accepts a bytes-like object to reconstruct the session object (CPython doesn't allow direct construction). This allows storing the session somewhere and use it after a deep sleep or reboot.The second commit adds server-side support for TLS tickets in the Unix port, so that we can meaningfully test the session resumption in tests. The third commit adds a test which tests session resumption using the
SSLSession
object, checking that the resumption worked by checking that a resuming consumes less data.micropython/micropython-lib#829 is a companion MR that implements support in the
ssl
module wrapper. It is required for the tests to pass.A small example test, using a wrapper class around the TCP socket so we can count how many bytes of data we're sending/receiving: