ussl: Add and check cert_reqs arg.

Author: iabdalkader

arduino_iot_cloud/ussl.py

@@ -26,12 +26,15 @@
 
 from M2Crypto import Engine, m2, SSL
 
+CERT_NONE = SSL.verify_none
+CERT_REQUIRED = SSL.verify_peer
+
 _key = None
 _cert = None
 
 # Default engine and provider.
-ENGINE_PATH = "/usr/lib/engines-1.1/libpkcs11.so"
-MODULE_PATH = "/usr/lib/softhsm/libsofthsm2.so"
+_ENGINE_PATH = "/usr/lib/engines-1.1/libpkcs11.so"
+_MODULE_PATH = "/usr/lib/softhsm/libsofthsm2.so"
 
 
 def init(pin, certfile, keyfile, engine_path, module_path):
@@ -51,9 +54,10 @@ def wrap_socket(
     certfile,
     keyfile,
     ca_certs=None,
+    cert_reqs=CERT_NONE,
     ciphers=None,
-    engine_path=ENGINE_PATH,
-    module_path=MODULE_PATH,
+    engine_path=_ENGINE_PATH,
+    module_path=_MODULE_PATH,
 ):
     if _key is None or _cert is None:
         init(pin, certfile, keyfile, engine_path, module_path)
@@ -66,7 +70,7 @@ def wrap_socket(
     if ciphers is not None:
         ctx.set_cipher_list(ciphers)
 
-    if ca_certs is not None:
+    if ca_certs is not None and cert_reqs is not CERT_NONE:
         if ctx.load_verify_locations(ca_certs) != 1:
             raise Exception("Failed to load CA certs")
         ctx.set_verify(SSL.verify_peer, depth=9)

examples/example.py

@@ -11,6 +11,7 @@
 from arduino_iot_cloud import ColoredLight
 from random import randint
 import argparse
+import arduino_iot_cloud.ussl as ssl
 
 KEY_PATH = "pkcs11:token=arduino"
 CERT_PATH = "pkcs11:token=arduino"
@@ -45,7 +46,9 @@ async def main():
     #   client = AIOTClient(device_id, username="username", password="password")
     client = AIOTClient(
         device_id=DEVICE_ID,
-        ssl_params={"pin": "1234", "keyfile": KEY_PATH, "certfile": CERT_PATH, "ca_certs": CA_PATH},
+        ssl_params={"pin": "1234",
+            "keyfile": KEY_PATH, "certfile": CERT_PATH, "ca_certs": CA_PATH, "cert_reqs":ssl.CERT_REQUIRED
+        },
     )
 
     # Register cloud objects. Note these objects must be created first in the dashboard.