- Notifications
You must be signed in to change notification settings - Fork7.8k
WiFiClientSecure: robust TLS writes (loop & chunk), avoid zero-length write -> fixes sporadic MBEDTLS_ERR_NET_CONN_RESET#11865
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
CLAassistant commentedSep 20, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
|
github-actionsbot commentedSep 20, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
👋Hello prooma, we appreciate your contribution to this project! 📘 Please review the project'sContributions Guide for key guidelines on code, documentation, testing, and more. 🖊️ Please also make sure you haveread and signed theContributor License Agreement for this project. Click to see more instructions ...
Review and merge process you can expect ...
|
Loop in send_ssl_data() until the entire buffer is written;handle MBEDTLS_ERR_SSL_WANT_{READ,WRITE} and respect socket timeouts.Return 0 for len==0 to prevent zero-length TLS writes.Add a size==0 guard in WiFiClientSecure::write() for symmetry.No API changes.Chunk TLS writes and reset timeout after progress to reduce mid-body resetsSend large TLS payloads in moderate chunks (4 KiB) instead of a single large write,and measure the write timeout from the last successful progress. This significantlyreduces sporadic MBEDTLS_ERR_NET_CONN_RESET (-0x0050) observed during long HTTP bodies(e.g., multipart uploads).- write loop remains intact; now caps per-call size to 4096 bytes- updates timeout window after each positive write to avoid false timeouts on slow links- no API changes; handshake/verification paths unaffectedSourcesAsk ChatGPT
a81b3fb to010e6a0Comparelucasssvaz commentedSep 20, 2025
@me-no-dev PTAL |
github-actionsbot commentedSep 20, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Test Results 76 files 76 suites 14m 25s ⏱️ Results for commitc78c814. ♻️ This comment has been updated with latest results. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR fixes robustness issues in TLS writes for WiFiClientSecure by implementing complete buffer transmission, guarding against zero-length writes, and chunking large payloads to prevent connection resets.
- Refactors
send_ssl_data()to loop until the entire buffer is written rather than returning on partial writes - Adds zero-length write guards in both
send_ssl_data()andNetworkClientSecure::write() - Implements 4KB chunking for large writes to reduce
MBEDTLS_ERR_NET_CONN_RESETerrors
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| ssl_client.cpp | Implements robust write loop with chunking and zero-length guards |
| NetworkClientSecure.cpp | Adds zero-length write guard at API level |
Tip: Customize your code reviews with copilot-instructions.md.Create the file orlearn how to get started.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Memory usage test (comparing PR against master branch)The table below shows the summary of memory usage change (decrease - increase) in bytes and percentage for each target.
Click to expand the detailed deltas report [usage change in BYTES]
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
f4f4bc6 intoespressif:masterUh oh!
There was an error while loading.Please reload this page.
Description of Change / Summary
This PR makes TLS writes robust against partial
mbedtls_ssl_write()returns and eliminates zero-length writes. It also sends large payloads in 4 KB chunks which significantly reducesMBEDTLS_ERR_NET_CONN_RESET(−0x0050) occurrences on long HTTP bodies (e.g. multipart uploads).Motivation / Problem
In
send_ssl_data()we currently callmbedtls_ssl_write(ctx, data, len)once and return as soon as it returns >0. This means we may send less thanlenbytes and rely on higher layers to retry. Many callers (includingWiFiClientSecure::write) then return that partial size to user code, which can break long HTTP requests.Additionally, zero-length writes were not guarded; we observed “Writing … 0 bytes” followed by peer resets during multipart uploads.
Fix
WANT_READ/WRITEcorrectly.len==0 -> return 0).Behavioral changes
WiFiClientSecure::write()still returns the number of bytes written, now reliably== size on success.Test Scenarios
sendPhotoupload. Before: frequent(-0x0050) MBEDTLS_ERR_NET_CONN_RESETmid-body, sometimes preceded by a 0-byte write; after patch: stable uploads.Why chunking?
Some setups are sensitive to very large TLS records and single-shot writes. Chunking to 4 KB reduces resets without measurable throughput loss and keeps memory usage predictable.
Alternatives
WiFiClientSecure::write()instead—this would duplicate logic; it’s more coherent inssl_client.cpp.Risks
Logs (before / after)
(-80) UNKNOWN ERROR CODE (0050)(peer reset).