extmod/modtls: Move the native ssl module to tls.

The current `ssl` module has quite a few differences to the CPython
implementation.  This change moves the MicroPython variant to a new `tls`
module and provides a wrapper module for `ssl` (in micropython-lib).

Users who only rely on implemented comparible behavior can continue to use
`ssl`, while users that rely on non-compatible behavior should switch to
`tls`.  Then we can make the facade in `ssl` more strictly adhere to
CPython.

Signed-off-by: Felix Dörre <felix@dogcraft.de>

tests/extmod/tls_sslcontext_ciphers.py

@@ -1,13 +1,13 @@
-# Basic test of ssl.SSLContext get_ciphers() and set_ciphers() methods.
+# Basic test of tls.SSLContext get_ciphers() and set_ciphers() methods.
 
 try:
-    import ssl
+    import tls
 except ImportError:
     print("SKIP")
     raise SystemExit
 
 
-ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ctx = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT)
 
 ciphers = ctx.get_ciphers()
 

tests/extmod/tls_sslcontext_micropython.py

@@ -1,20 +1,20 @@
-# Test MicroPython-specific behaviour of ssl.SSLContext.
+# Test MicroPython-specific behaviour of tls.SSLContext.
 
 try:
-    import ssl
+    import tls
 except ImportError:
     print("SKIP")
     raise SystemExit
 
 # Test constructing without any arguments (in CPython it's a DeprecationWarning).
 try:
-    ssl.SSLContext()
+    tls.SSLContext()
 except TypeError:
     print("TypeError")
 
 # Test attributes that don't exist (in CPython new attributes can be added).
 # This test is needed for coverage because SSLContext implements a custom attr handler.
-ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ctx = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT)
 try:
     ctx.does_not_exist
 except AttributeError:

tests/multi_net/sslcontext_server_client_ciphers.py

@@ -3,7 +3,7 @@
 try:
     import os
     import socket
-    import ssl
+    import tls
 except ImportError:
     print("SKIP")
     raise SystemExit
@@ -13,6 +13,10 @@ PORT = 8000
 # These are test certificates. See tests/README.md for details.
 cert = cafile = "ec_cert.der"
 key = "ec_key.der"
+with open(cafile, "rb") as f:
+    cadata = f.read()
+with open(key, "rb") as f:
+    keydata = f.read()
 
 try:
     os.stat(cafile)
@@ -31,8 +35,8 @@ def instance0():
     s.listen(1)
     multitest.next()
     s2, _ = s.accept()
-    server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-    server_ctx.load_cert_chain(cert, key)
+    server_ctx = tls.SSLContext(tls.PROTOCOL_TLS_SERVER)
+    server_ctx.load_cert_chain(cadata, keydata)
     s2 = server_ctx.wrap_socket(s2, server_side=True)
     assert isinstance(s2.cipher(), tuple)
     print(s2.read(16))
@@ -46,12 +50,12 @@ def instance1():
     multitest.next()
     s = socket.socket()
     s.connect(socket.getaddrinfo(IP, PORT)[0][-1])
-    client_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+    client_ctx = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT)
     ciphers = client_ctx.get_ciphers()
     assert "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" in ciphers
     client_ctx.set_ciphers(["TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"])
-    client_ctx.verify_mode = ssl.CERT_REQUIRED
-    client_ctx.load_verify_locations(cafile=cafile)
+    client_ctx.verify_mode = tls.CERT_REQUIRED
+    client_ctx.load_verify_locations(cadata)
     s = client_ctx.wrap_socket(s, server_hostname="micropython.local")
     s.write(b"client to server")
     print(s.read(16))

tests/ports/unix/extra_coverage.py.exp

@@ -57,8 +57,8 @@ deflate         errno           example_package
 ffi             framebuf        gc              hashlib
 heapq           io              json            machine
 math            os              platform        random
-re              select          socket          ssl
-struct          sys             termios         time
+re              select          socket          struct
+sys             termios         time            tls
 uctypes         websocket
 me