report tls error messages instead of crashing.

basvs · basvs · commit 09be7ffc6a60 · 2017-07-23T11:08:39.000+02:00
diff --git a/extmod/modussl_mbedtls.c b/extmod/modussl_mbedtls.c
@@ -33,6 +33,8 @@
 #include <errno.h>
 #include <string.h>
 
+#include <esp_log.h>
+
 #include "py/nlr.h"
 #include "py/runtime.h"
 #include "py/stream.h"
@@ -46,9 +48,12 @@
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/debug.h"
+#include "mbedtls/error.h"
 
 #include "wildcard_sha2017_org.h"
 
+#define TAG "modussl_mbedtls.c"
+
 typedef struct _mp_obj_ssl_socket_t {
     mp_obj_base_t base;
     mp_obj_t sock;
@@ -86,6 +91,11 @@ int _mbedtls_ssl_send(void *ctx, const byte *buf, size_t len) {
         if (mp_is_nonblocking_error(err)) {
             return MBEDTLS_ERR_SSL_WANT_WRITE;
         }
+
+        char errstr[256];
+        mbedtls_strerror(err, errstr, sizeof(errstr));
+        ESP_LOGW(TAG, "sock_stream->write(): error %d: %s", -err, errstr);
+
         return -err;
     }
     return out_sz;
@@ -102,6 +112,11 @@ int _mbedtls_ssl_recv(void *ctx, byte *buf, size_t len) {
         if (mp_is_nonblocking_error(err)) {
             return MBEDTLS_ERR_SSL_WANT_READ;
         }
+
+        char errstr[256];
+        mbedtls_strerror(err, errstr, sizeof(errstr));
+        ESP_LOGW(TAG, "sock_stream->read(): error %d: %s", -err, errstr);
+
         return -err;
     }
     return out_sz;
@@ -139,8 +154,11 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
     mbedtls_entropy_init(&o->entropy);
     ret = mbedtls_ctr_drbg_seed(&o->ctr_drbg, mbedtls_entropy_func, &o->entropy, NULL, 0);
     if (ret != 0) {
-        printf("ret=%d\n", ret);
-        assert(0);
+      char errstr[256];
+      mbedtls_strerror(ret, errstr, sizeof(errstr));
+      ESP_LOGW(TAG, "mbedtls_ctr_drbg_seed(): error %d: %s", -ret, errstr);
+
+      mp_raise_OSError(MP_EIO);
     }
 
     bool sha2017_subdomain = false;
@@ -158,8 +176,11 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
     if (sha2017_subdomain) {
         ret = mbedtls_x509_crt_parse_der(&o->cacert, wildcard_sha2017_org, 856);
         if(ret < 0) {
-            printf("mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);
-            assert(0);
+            char errstr[256];
+            mbedtls_strerror(ret, errstr, sizeof(errstr));
+            ESP_LOGW(TAG, "mbedtls_x509_crt_parse_der(): error %d: %s", -ret, errstr);
+
+            mp_raise_OSError(MP_EIO);
         }
     }
 
@@ -168,7 +189,11 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
                                       MBEDTLS_SSL_TRANSPORT_STREAM,
                                       MBEDTLS_SSL_PRESET_DEFAULT);
     if (ret != 0) {
-        assert(0);
+      char errstr[256];
+      mbedtls_strerror(ret, errstr, sizeof(errstr));
+      ESP_LOGW(TAG, "mbedtls_ssl_config_defaults(): error %d: %s", -ret, errstr);
+
+      mp_raise_OSError(MP_EIO);
     }
 
     if (sha2017_subdomain) {
@@ -182,14 +207,22 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
 
     ret = mbedtls_ssl_setup(&o->ssl, &o->conf);
     if (ret != 0) {
-        assert(0);
+      char errstr[256];
+      mbedtls_strerror(ret, errstr, sizeof(errstr));
+      ESP_LOGW(TAG, "mbedtls_ssl_setup(): error %d: %s", -ret, errstr);
+
+      mp_raise_OSError(MP_EIO);
     }
 
     if (args->server_hostname.u_obj != mp_const_none) {
         const char *sni = mp_obj_str_get_str(args->server_hostname.u_obj);
         ret = mbedtls_ssl_set_hostname(&o->ssl, sni);
         if (ret != 0) {
-            assert(0);
+            char errstr[256];
+            mbedtls_strerror(ret, errstr, sizeof(errstr));
+            ESP_LOGW(TAG, "mbedtls_ssl_set_hostname(): error %d: %s", -ret, errstr);
+
+            mp_raise_OSError(MP_EIO);
         }
     }
 
@@ -203,25 +236,46 @@ STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
         const byte *key = (const byte*)mp_obj_str_get_data(args->key.u_obj, &key_len);
         // len should include terminating null
         ret = mbedtls_pk_parse_key(&o->pkey, key, key_len + 1, NULL, 0);
-        assert(ret == 0);
+        if (ret != 0) {
+            char errstr[256];
+            mbedtls_strerror(ret, errstr, sizeof(errstr));
+            ESP_LOGW(TAG, "mbedtls_pk_parse_key(): error %d: %s", -ret, errstr);
+
+            mp_raise_OSError(MP_EIO);
+        }
 
         size_t cert_len;
         const byte *cert = (const byte*)mp_obj_str_get_data(args->cert.u_obj, &cert_len);
         // len should include terminating null
         ret = mbedtls_x509_crt_parse(&o->cert, cert, cert_len + 1);
-        assert(ret == 0);
+        if (ret != 0) {
+            char errstr[256];
+            mbedtls_strerror(ret, errstr, sizeof(errstr));
+            ESP_LOGW(TAG, "mbedtls_x509_crt_parse(): error %d: %s", -ret, errstr);
+
+            mp_raise_OSError(MP_EIO);
+        }
 
         ret = mbedtls_ssl_conf_own_cert(&o->conf, &o->cert, &o->pkey);
-        assert(ret == 0);
+        if (ret != 0) {
+            char errstr[256];
+            mbedtls_strerror(ret, errstr, sizeof(errstr));
+            ESP_LOGW(TAG, "mbedtls_ssl_conf_own_cert(): error %d: %s", -ret, errstr);
+
+            mp_raise_OSError(MP_EIO);
+        }
     }
 
     if (args->server_side.u_bool) {
-        assert(0);
+        ESP_LOGW(TAG, "args->server_side.u_bool set");
+        mp_raise_OSError(MP_EIO);
     } else {
         while ((ret = mbedtls_ssl_handshake(&o->ssl)) != 0) {
             if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
-                //assert(0);
-                printf("mbedtls_ssl_handshake error: -%x\n", -ret);
+                char errstr[256];
+                mbedtls_strerror(ret, errstr, sizeof(errstr));
+                ESP_LOGW(TAG, "mbedtls_ssl_handshake(): error %d: %s", -ret, errstr);
+
                 mp_raise_OSError(MP_EIO);
             }
         }
