Skip to content

extmod/modtls_mbedtls: Do gc_collect and retry ssl_init on any error. #17750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 31, 2025
Merged

extmod/modtls_mbedtls: Do gc_collect and retry ssl_init on any error. #17750

merged 1 commit into from
Jul 31, 2025
+1 −1

Conversation

dpgeorge
Copy link
Member

Summary

Contrary to the docs, mbedtls can return more than just MBEDTLS_ERR_SSL_ALLOC_FAILED when mbedtls_ssl_setup() fails. At least MBEDTLS_ERR_MD_ALLOC_FAILED was also seen on ESP32_GENERIC, but there could possibly be other error codes.

To cover all these codes, just check if ret is non-0, and in that case do a gc_collect() and retry the init.

Testing

Tested on ESP32_GENERIC with IDF 5.4.2, running tests/extmod/tls_noleak.py. Prior to the change here that test would fail if the board was connected to WiFi. With the change here the test passes.

Trade-offs and Alternatives

Could just check for the additional MBEDTLS_ERR_MD_ALLOC_FAILED code, but IMO checking for ret != 0 is more robust. The only sensible reason for mbedtls_ssl_setup() to fail is an out-of-memory error.

@dpgeorge dpgeorge added the extmod Relates to extmod/ directory in source label Jul 23, 2025
@dpgeorge dpgeorge requested a review from projectgus July 23, 2025 04:49
@dpgeorge dpgeorge added this to the release-1.26.0 milestone Jul 23, 2025
@codecov Codecov
Copy link

codecov bot commented Jul 23, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.38%. Comparing base (ab4af2c) to head (135c1cc).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #17750      +/-   ##
==========================================
- Coverage   98.39%   98.38%   -0.01%     
==========================================
  Files         171      171              
  Lines       22257    22257              
==========================================
- Hits        21899    21898       -1     
- Misses        358      359       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 23, 2025
edited
Loading

Code size report:

   bare-arm:    +0 +0.000% 
minimal x86:    +0 +0.000% 
   unix x64:   -16 -0.002% standard
      stm32:    +0 +0.000% PYBV10
     mimxrt:    +0 +0.000% TEENSY40
        rp2:    +0 +0.000% RPI_PICO_W
       samd:    +0 +0.000% ADAFRUIT_ITSYBITSY_M4_EXPRESS
  qemu rv32:    +0 +0.000% VIRT_RV32

@dpgeorge
extmod/modtls_mbedtls: Do gc_collect and retry ssl_init on any error.
135c1cc 
Contrary to the docs, mbedtls can return more than just
MBEDTLS_ERR_SSL_ALLOC_FAILED when `mbedtls_ssl_setup()` fails.  At least
MBEDTLS_ERR_MD_ALLOC_FAILED was also seen on ESP32_GENERIC, but there
could possibly be other error codes.

To cover all these codes, just check if `ret` is non-0, and in that case
do a `gc_collect()` and retry the init.

Signed-off-by: Damien George <damien@micropython.org>
@dpgeorge dpgeorge force-pushed the extmod-modtls-mbedtls-improve-gc-collect-logic branch from 997b70a to 135c1cc Compare July 31, 2025 00:47
@dpgeorge dpgeorge merged commit 135c1cc into micropython:master Jul 31, 2025
64 of 66 checks passed
@dpgeorge dpgeorge deleted the extmod-modtls-mbedtls-improve-gc-collect-logic branch July 31, 2025 00:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@projectgus projectgus projectgus approved these changes

Assignees
No one assigned
Labels
extmod Relates to extmod/ directory in source
Projects
None yet
Milestone
release-1.26.0
Development

Successfully merging this pull request may close these issues.
2 participants
@dpgeorge @projectgus
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy