Skip to content

extmod/modtls_mbedtls: Do gc_collect and retry ssl_init on any error. #17750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

extmod/modtls_mbedtls: Do gc_collect and retry ssl_init on any error. #17750

wants to merge 1 commit into from
+1 −1

Conversation

dpgeorge
Copy link
Member

Summary

Contrary to the docs, mbedtls can return more than just MBEDTLS_ERR_SSL_ALLOC_FAILED when mbedtls_ssl_setup() fails. At least MBEDTLS_ERR_MD_ALLOC_FAILED was also seen on ESP32_GENERIC, but there could possibly be other error codes.

To cover all these codes, just check if ret is non-0, and in that case do a gc_collect() and retry the init.

Testing

Tested on ESP32_GENERIC with IDF 5.4.2, running tests/extmod/tls_noleak.py. Prior to the change here that test would fail if the board was connected to WiFi. With the change here the test passes.

Trade-offs and Alternatives

Could just check for the additional MBEDTLS_ERR_MD_ALLOC_FAILED code, but IMO checking for ret != 0 is more robust. The only sensible reason for mbedtls_ssl_setup() to fail is an out-of-memory error.

@dpgeorge
extmod/modtls_mbedtls: Do gc_collect and retry ssl_init on any error.
997b70a 
Contrary to the docs, mbedtls can return more than just
MBEDTLS_ERR_SSL_ALLOC_FAILED when `mbedtls_ssl_setup()` fails.  At least
MBEDTLS_ERR_MD_ALLOC_FAILED was also seen on ESP32_GENERIC, but there
could possibly be other error codes.

To cover all these codes, just check if `ret` is non-0, and in that case
do a `gc_collect()` and retry the init.

Signed-off-by: Damien George <damien@micropython.org>
@dpgeorge dpgeorge added the extmod Relates to extmod/ directory in source label Jul 23, 2025
@dpgeorge dpgeorge requested a review from projectgus July 23, 2025 04:49
@dpgeorge dpgeorge added this to the release-1.26.0 milestone Jul 23, 2025
@codecov Codecov
Copy link

codecov bot commented Jul 23, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.37%. Comparing base (c6423d5) to head (997b70a).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #17750   +/-   ##
=======================================
  Coverage   98.37%   98.37%           
=======================================
  Files         171      171           
  Lines       22210    22210           
=======================================
  Hits        21849    21849           
  Misses        361      361

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions GitHub Actions
Copy link

Code size report:

   bare-arm:    +0 +0.000% 
minimal x86:    +0 +0.000% 
   unix x64:    +0 +0.000% standard
      stm32:    +0 +0.000% PYBV10
     mimxrt:    +0 +0.000% TEENSY40
        rp2:    +0 +0.000% RPI_PICO_W
       samd:    +0 +0.000% ADAFRUIT_ITSYBITSY_M4_EXPRESS
  qemu rv32:    +0 +0.000% VIRT_RV32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@projectgus projectgus Awaiting requested review from projectgus

Assignees
No one assigned
Labels
extmod Relates to extmod/ directory in source
Projects
None yet
Milestone
release-1.26.0
Development

Successfully merging this pull request may close these issues.
1 participant
@dpgeorge
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy