Add basic SSL support for micropython #40
Conversation
This change got introduced in the python/mp split commit: 81dfc16 Having it default to 1 is fine on the clear text port but doesn't authenticate when connecting to the server through SSL. The server will ack the token packet but won't reply anything. Setting it back to 0 by default which mirrors what blynklib.py has.
This is a partial support as the CA certificate is not validated. This is so as this functionality is not implemented in all micropython ports. For example, it isn't currently supported in the esp32 port although a draft of the feature has been published: micropython/micropython#5998 As the CA functionality is not there, we cannot use this parameter do decide when to switch to SSL mode as done in the CPython version. Instead we enable SSL when connecting to port 443 or 8443 which are well known ports used for TLS communications. One more thing is that this library relies on short reads to get data from the socket as it always ask for the max buffer length when reading. In micropython, the interface provided for SSL socket is only the one of a stream which doesn't allow short reads. To go around this we change the socket to non blocking which which has the side-effect of allowing short reads. However we then need to do manual polling and timeout on the socket which we do here.
blynklib_mp.py
Outdated
| @@ -5,6 +5,7 @@ | |||
| __version__ = '0.2.6' | |||
|
|
|||
| import usocket as socket | |||
| import ussl as ssl | |||
There was a problem hiding this comment.
ussl import can affect library usage on
some micropython ports ..
I suggest create separate file
blynklib_mp_ssl.py
There was a problem hiding this comment.
I'm not sure about another split. I mean I think even the first split was a bad idea because the common code never gets in sync anymore.
What about I import it inline in _get_socket() just before using it?
There was a problem hiding this comment.
Or.. I can have the new blynklib_mp_ssl.py which has a new class SSLConnection which inherit from class Connection.
The compromise is that people using the SSL version will need to upload 2 files instead of 1. Is that bad?
There was a problem hiding this comment.
I just pushed new commits showing the concept with the new SslConnection class.
Blynk can still be used as usual for clear text transmissions. with no additional imports or anything.
For SSL, it is used like so:
import blynklib_mp as blynklib
import blynklib_mp_ssl as blynklib_ssl
ssl_connection = blynklib_ssl.SslConnection(token, port=443, log=print)
blynk = blynklib.Blynk(secret.BLYNK_AUTH, connection=ssl_connection)We also don't need to switch on the port used.
What do you think?
This reverts commit c124e22.
Now instead of Blynk _is_ a Connection, Blynk _uses_ a Connection. This allows for Blynk to use different types of Connection.
This can be used like so: ssl_connection = SslConnection(secret.BLYNK_AUTH, port=443) blynk = blynklib.Blynk(token, connection=ssl_connection)
|
François, let's do NOT forget about users and well know python Zen aphorisms I know that it is just philosophy but ... If iamgine that we use pure cPython your solution looks great and I always raise both hands for classes inheritance libraries patterns etc User frequently frustrated even with single lib installation procedure. What to talk about complex scenarion with two libs and inheritance + running script I know there will be code duplication maybe sync issues etc - but this is mycropython )) It is just on the way for stabilization/standartization As so-author of course put your copyright to new ssl module and let's start use it. |
|
I'm not sure I understand.
With the current PR they are the same. The micropython library work the same internally and is used the same way. No backward compatibility problem. It is still used as shown in import blynklib_mp as blynklib
blynk = blynklib.Blynk(BLYNK_AUTH)Also the micropython lib does not import anything new. There is a small new I feel the PR as it stands is well aligned with you requests. |
|
To be honest schema provided by you will work ... New SSL oriented separate module will give more profit: Yeap we have code duplication - but I am temporary ok with this - want to wait untill ussl will be accepted and used across all new HW. |
|
Alright I see your position. I'm sorry I cannot comply with these requests. This PR can be dismissed, thank you. |
|
François, sorry from my side also - lib active development was finished by me year+ ago. For now I will leave this branch - it might be useful for users. |
This was added only to the cPython version in commit 81dfc16.
This is a partial support as the CA certificate is not validated. This
is so as this functionality is not implemented in all micropython ports.
For example, it isn't currently supported in the esp32 port although a
draft of the feature has been published:
micropython/micropython#5998
As the CA functionality is not there, we cannot use this parameter
do decide when to switch to SSL mode as done in the CPython version.
Instead we enable SSL when connecting to port 443 or 8443 which are
well known ports used for TLS communications.
One more thing is that this library relies on short reads to get data
from the socket as it always ask for the max buffer length when reading.
In micropython, the interface provided for SSL socket is only the one
of a stream which doesn't allow short reads. To go around this we change
the socket to non blocking which has the side-effect of allowing
short reads. However we then need to do manual polling and timeout on
the socket which we do here.