https trust

CircuitPython on hardware including Adafruit's boards, and CircuitPython libraries using Blinka on host computers.

Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.
Locked
User avatar
LelandSindt
 
Posts: 17
Joined: Fri Apr 03, 2015 8:56 pm

https trust

Post by LelandSindt »

I am using a pico W running CircutPython 8.0.3 trying to query an https endpoint using self signed/un-trusted certs.

Code: Select all

import ipaddress
import wifi
import socketpool
import ssl
import adafruit_requests

print()
print("Connecting to WiFi")

#  connect to your SSID
wifi.radio.connect(os.getenv('CIRCUITPY_WIFI_SSID'), os.getenv('CIRCUITPY_WIFI_PASSWORD'))

print("Connected to WiFi")

#  prints MAC address to REPL
print("My MAC addr:", [hex(i) for i in wifi.radio.mac_address])

#  prints IP address to REPL
print("My IP address is", wifi.radio.ipv4_address)

sslContext = ssl.create_default_context()
#sslContext.check_hostname = False
pool = socketpool.SocketPool(wifi.radio)
requests = adafruit_requests.Session(pool, sslContext)

response = requests.get("https://192.168.1.165")

print(response.text)
With and without `sslContext.check_hostname = False` enabled I get the following failure...

Code: Select all

Connecting to WiFi
Connected to WiFi
My MAC addr: ['0x28', '0xcd', '0xc1', '0x6', '0xc3', '0xbc']
My IP address is 192.168.1.82
Traceback (most recent call last):
  File "adafruit_requests.py", line 534, in _get_socket
OSError: (-9984, 'MBEDTLS_ERR_X509_CERT_VERIFY_FAILED')

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "code.py", line 32, in <module>
  File "adafruit_requests.py", line 728, in get
  File "adafruit_requests.py", line 668, in request
  File "adafruit_requests.py", line 515, in _get_socket
RuntimeError: Sending request failed

Code done running.
Is there a way to allow the connection without verifying the certificate?

User avatar
LelandSindt
 
Posts: 17
Joined: Fri Apr 03, 2015 8:56 pm

Re: https trust

Post by LelandSindt »

after some searching I found this issue...
https://github.com/adafruit/circuitpython/issues/7656

for now I am going to use the workaround referenced workaround..

Code: Select all

sslContext.load_verify_locations(cadata="")

User avatar
LelandSindt
 
Posts: 17
Joined: Fri Apr 03, 2015 8:56 pm

Re: https trust

Post by LelandSindt »

Link to the workaround in use... https://github.com/LelandSindt/analoguE ... py#L55-L56

... and a note to the next person looking to use https without proper trust/verification. Use configurations like this with caution, if you can import the cert to ensure proper trust its worth the effort.

Locked
Please be positive and constructive with your questions and comments.

Return to “Adafruit CircuitPython”