From 9aa214077e6d1e0fba1a775431fedea4c8d76558 Mon Sep 17 00:00:00 2001
From: Thorsten von Eicken
Date: Thu, 26 Mar 2020 23:17:35 -0700
Subject: extmod/modussl: Improve exception error messages.

This commit adds human readable error messages when mbedtls or axtls raise
an exception.  Currently often just an EIO error is raised so the user is
lost and can't tell whether it's a cert error, buffer overrun, connecting
to a non-ssl port, etc.  The axtls and mbedtls error raising in the ussl
module is modified to raise:

    OSError(-err_num, "error string")

For axtls a small error table of strings is added and used for the second
argument of the OSErrer.  For mbedtls the code uses mbedtls' built-in
strerror function, and if there is an out of memory condition it just
produces OSError(-err_num).  Producing the error string for mbedtls is
conditional on them being included in the mbedtls build, via
MBEDTLS_ERROR_C.
---
 tests/extmod/ussl_basic.py           |  2 +-
 tests/extmod/ussl_basic.py.exp       |  3 +--
 tests/net_inet/tls_num_errors.py     | 44 ++++++++++++++++++++++++++++++++++++
 tests/net_inet/tls_num_errors.py.exp |  2 ++
 tests/net_inet/tls_text_errors.py    | 33 +++++++++++++++++++++++++++
 5 files changed, 81 insertions(+), 3 deletions(-)
 create mode 100644 tests/net_inet/tls_num_errors.py
 create mode 100644 tests/net_inet/tls_num_errors.py.exp
 create mode 100644 tests/net_inet/tls_text_errors.py

(limited to 'tests')

diff --git a/tests/extmod/ussl_basic.py b/tests/extmod/ussl_basic.py
index b4e21c7dc..9e1821dca 100644
--- a/tests/extmod/ussl_basic.py
+++ b/tests/extmod/ussl_basic.py
@@ -9,7 +9,7 @@ except ImportError:
 
 # create in client mode
 try:
-    ss = ssl.wrap_socket(io.BytesIO())
+    ss = ssl.wrap_socket(io.BytesIO(), server_hostname="test.example.com")
 except OSError as er:
     print("wrap_socket:", repr(er))
 
diff --git a/tests/extmod/ussl_basic.py.exp b/tests/extmod/ussl_basic.py.exp
index 528233831..eb7df855a 100644
--- a/tests/extmod/ussl_basic.py.exp
+++ b/tests/extmod/ussl_basic.py.exp
@@ -1,5 +1,4 @@
-ssl_handshake_status: -256
-wrap_socket: OSError(5,)
+wrap_socket: OSError(-256, 'CONN_LOST')
 <_SSLSocket 
 4
 b''
diff --git a/tests/net_inet/tls_num_errors.py b/tests/net_inet/tls_num_errors.py
new file mode 100644
index 000000000..dd7f714e6
--- /dev/null
+++ b/tests/net_inet/tls_num_errors.py
@@ -0,0 +1,44 @@
+# test that modtls produces a numerical error message when out of heap
+
+try:
+    import usocket as socket, ussl as ssl, sys
+except:
+    import socket, ssl, sys
+try:
+    from micropython import alloc_emergency_exception_buf, heap_lock, heap_unlock
+except:
+    print("SKIP")
+    raise SystemExit
+
+
+# test with heap locked to see it switch to number-only error message
+def test(addr):
+    alloc_emergency_exception_buf(256)
+    s = socket.socket()
+    s.connect(addr)
+    try:
+        s.setblocking(False)
+        s = ssl.wrap_socket(s, do_handshake=False)
+        heap_lock()
+        print("heap is locked")
+        while True:
+            ret = s.write("foo")
+            if ret:
+                break
+        heap_unlock()
+        print("wrap: no exception")
+    except OSError as e:
+        heap_unlock()
+        # mbedtls produces "-29184"
+        # axtls produces "RECORD_OVERFLOW"
+        ok = "-29184" in str(e) or "RECORD_OVERFLOW" in str(e)
+        print("wrap:", ok)
+        if not ok:
+            print("got exception:", e)
+    s.close()
+
+
+if __name__ == "__main__":
+    # connect to plain HTTP port, oops!
+    addr = socket.getaddrinfo("micropython.org", 80)[0][-1]
+    test(addr)
diff --git a/tests/net_inet/tls_num_errors.py.exp b/tests/net_inet/tls_num_errors.py.exp
new file mode 100644
index 000000000..e6a15634d
--- /dev/null
+++ b/tests/net_inet/tls_num_errors.py.exp
@@ -0,0 +1,2 @@
+heap is locked
+wrap: True
diff --git a/tests/net_inet/tls_text_errors.py b/tests/net_inet/tls_text_errors.py
new file mode 100644
index 000000000..2ba167b86
--- /dev/null
+++ b/tests/net_inet/tls_text_errors.py
@@ -0,0 +1,33 @@
+# test that modtls produces a text error message
+
+try:
+    import usocket as socket, ussl as ssl, sys
+except:
+    import socket, ssl, sys
+
+
+def test(addr):
+    s = socket.socket()
+    s.connect(addr)
+    try:
+        s = ssl.wrap_socket(s)
+        print("wrap: no exception")
+    except OSError as e:
+        # mbedtls produces "mbedtls -0x7200: SSL - An invalid SSL record was received"
+        # axtls produces "RECORD_OVERFLOW"
+        # CPython produces "[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1108)"
+        ok = (
+            "invalid SSL record" in str(e)
+            or "RECORD_OVERFLOW" in str(e)
+            or "wrong version" in str(e)
+        )
+        print("wrap:", ok)
+        if not ok:
+            print("got exception:", e)
+    s.close()
+
+
+if __name__ == "__main__":
+    # connect to plain HTTP port, oops!
+    addr = socket.getaddrinfo("micropython.org", 80)[0][-1]
+    test(addr)
-- 
cgit v1.2.3