blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 09:09:10 -04:00
Code Issues Projects Releases Wiki Activity

Merge branch 'fix/fix_timeout_issue_in_https_server' into 'master'

Browse Source 
fix(esp-tls): Fixed the server session create API

Closes IDFGH-14201

See merge request espressif/esp-idf!36519
This commit is contained in:
Aditya Patwardhan 2025-02-23 19:07:00 +08:00
commit 877057db3d
7 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
components/esp-tls/esp_tls.h
View File

@ -307,6 +307,10 @@ typedef struct esp_tls_cfg_server {
bool use_secure_element; /*!< Enable this option to use secure element or bool use_secure_element; /*!< Enable this option to use secure element or
atecc608a chip */ atecc608a chip */
uint32_t tls_handshake_timeout_ms; /*!< TLS handshake timeout in milliseconds.
Note: If this value is not set, by default the timeout is
set to 10 seconds. If you wish that the session should wait
indefinitely then please use a larger value e.g., INT32_MAX */
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS) #if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
esp_tls_server_session_ticket_ctx_t * ticket_ctx; /*!< Session ticket generation context. esp_tls_server_session_ticket_ctx_t * ticket_ctx; /*!< Session ticket generation context.

2
components/esp-tls/esp_tls_errors.h
View File

@ -32,7 +32,7 @@ extern "C" {
#define ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT (ESP_ERR_ESP_TLS_BASE + 0x06) /*!< new connection in esp_tls_low_level_conn connection timeouted */ #define ESP_ERR_ESP_TLS_CONNECTION_TIMEOUT (ESP_ERR_ESP_TLS_BASE + 0x06) /*!< new connection in esp_tls_low_level_conn connection timeouted */
#define ESP_ERR_ESP_TLS_SE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x07) /*< esp-tls use Secure Element returned failed */ #define ESP_ERR_ESP_TLS_SE_FAILED (ESP_ERR_ESP_TLS_BASE + 0x07) /*< esp-tls use Secure Element returned failed */
#define ESP_ERR_ESP_TLS_TCP_CLOSED_FIN (ESP_ERR_ESP_TLS_BASE + 0x08) /*< esp-tls's TPC transport connection has benn closed (in a clean way) */ #define ESP_ERR_ESP_TLS_TCP_CLOSED_FIN (ESP_ERR_ESP_TLS_BASE + 0x08) /*< esp-tls's TPC transport connection has benn closed (in a clean way) */
#define ESP_ERR_ESP_TLS_SERVER_HANDSHAKE_TIMEOUT (ESP_ERR_ESP_TLS_BASE + 0x09) /*!< TLS handshake timeout */
/* mbedtls specific error codes */ /* mbedtls specific error codes */
#define ESP_ERR_MBEDTLS_CERT_PARTLY_OK (ESP_ERR_ESP_TLS_BASE + 0x10) /*!< mbedtls parse certificates was partly successful */ #define ESP_ERR_MBEDTLS_CERT_PARTLY_OK (ESP_ERR_ESP_TLS_BASE + 0x10) /*!< mbedtls parse certificates was partly successful */
#define ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED (ESP_ERR_ESP_TLS_BASE + 0x11) /*!< mbedtls api returned error */ #define ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED (ESP_ERR_ESP_TLS_BASE + 0x11) /*!< mbedtls api returned error */

17
components/esp-tls/esp_tls_mbedtls.c
View File

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -16,6 +16,7 @@
#include "esp_tls_mbedtls.h" #include "esp_tls_mbedtls.h"
#include "esp_tls_private.h" #include "esp_tls_private.h"
#include "esp_tls_error_capture_internal.h" #include "esp_tls_error_capture_internal.h"
#include "esp_tls_platform_port.h"
#include <errno.h> #include <errno.h>
#include "esp_log.h" #include "esp_log.h"
#include "esp_check.h" #include "esp_check.h"
@ -928,10 +929,24 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
if ((ret = esp_mbedtls_server_session_init(cfg, sockfd, tls)) != 0) { if ((ret = esp_mbedtls_server_session_init(cfg, sockfd, tls)) != 0) {
return ret; return ret;
} }
uint64_t timeout_ms;
if (cfg->tls_handshake_timeout_ms == 0) {
timeout_ms = ESP_TLS_DEFAULT_SERVER_HANDSHAKE_TIMEOUT_MS;
} else {
timeout_ms = cfg->tls_handshake_timeout_ms;
}
uint64_t start_time = esp_tls_get_platform_time();
while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) { while ((ret = esp_mbedtls_server_session_continue_async(tls)) != 0) {
if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) { if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
return ret; return ret;
} }
uint64_t elapsed_time_us = esp_tls_get_platform_time() - start_time;
if ((elapsed_time_us / 1000) > timeout_ms) {
ESP_LOGD(TAG, "Server handshake timed out");
return ESP_ERR_ESP_TLS_SERVER_HANDSHAKE_TIMEOUT;
}
} }
return ret; return ret;
} }

2
components/esp-tls/private_include/esp_tls_private.h
View File

@ -103,3 +103,5 @@ typedef esp_err_t (*set_server_config_func_ptr) (esp_tls_cfg_server_t *cfg, esp_
typedef struct esp_tls_server_params { typedef struct esp_tls_server_params {
set_server_config_func_ptr set_server_cfg; set_server_config_func_ptr set_server_cfg;
} esp_tls_server_params_t; } esp_tls_server_params_t;
#define ESP_TLS_DEFAULT_SERVER_HANDSHAKE_TIMEOUT_MS (10000) /*!< Default handshake timeout in milliseconds */

3
components/esp_common/src/esp_err_to_name.c
View File

@ -694,6 +694,9 @@ static const esp_err_msg_t esp_err_msg_table[] = {
# ifdef ESP_ERR_ESP_TLS_TCP_CLOSED_FIN # ifdef ESP_ERR_ESP_TLS_TCP_CLOSED_FIN
ERR_TBL_IT(ESP_ERR_ESP_TLS_TCP_CLOSED_FIN), /* 32776 0x8008 */ ERR_TBL_IT(ESP_ERR_ESP_TLS_TCP_CLOSED_FIN), /* 32776 0x8008 */
# endif # endif
# ifdef ESP_ERR_ESP_TLS_SERVER_HANDSHAKE_TIMEOUT
ERR_TBL_IT(ESP_ERR_ESP_TLS_SERVER_HANDSHAKE_TIMEOUT), /* 32777 0x8009 TLS handshake timeout */
# endif
# ifdef ESP_ERR_MBEDTLS_CERT_PARTLY_OK # ifdef ESP_ERR_MBEDTLS_CERT_PARTLY_OK
ERR_TBL_IT(ESP_ERR_MBEDTLS_CERT_PARTLY_OK), /* 32784 0x8010 mbedtls parse certificates was partly successful */ ERR_TBL_IT(ESP_ERR_MBEDTLS_CERT_PARTLY_OK), /* 32784 0x8010 mbedtls parse certificates was partly successful */
# endif # endif

4
components/esp_https_server/include/esp_https_server.h
View File

@ -132,6 +132,9 @@ struct httpd_ssl_config {
* Used for negotiating during the TLS handshake, first one the client supports is selected. * Used for negotiating during the TLS handshake, first one the client supports is selected.
* The data structure must live as long as the https server itself */ * The data structure must live as long as the https server itself */
const char** alpn_protos; const char** alpn_protos;
/** TLS handshake timeout in milliseconds, default timeout is 10 seconds if not set */
uint32_t tls_handshake_timeout_ms;
}; };
typedef struct httpd_ssl_config httpd_ssl_config_t; typedef struct httpd_ssl_config httpd_ssl_config_t;
@ -192,6 +195,7 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
.ssl_userdata = NULL, \ .ssl_userdata = NULL, \
.cert_select_cb = NULL, \ .cert_select_cb = NULL, \
.alpn_protos = NULL, \ .alpn_protos = NULL, \
.tls_handshake_timeout_ms = 0 \
} }
/** /**

1
components/esp_https_server/src/https_server.c
View File

@ -277,6 +277,7 @@ static esp_err_t create_secure_context(const struct httpd_ssl_config *config, ht
cfg->userdata = config->ssl_userdata; cfg->userdata = config->ssl_userdata;
cfg->alpn_protos = config->alpn_protos; cfg->alpn_protos = config->alpn_protos;
cfg->tls_handshake_timeout_ms = config->tls_handshake_timeout_ms;
#if defined(CONFIG_ESP_HTTPS_SERVER_CERT_SELECT_HOOK) #if defined(CONFIG_ESP_HTTPS_SERVER_CERT_SELECT_HOOK)
cfg->cert_select_cb = config->cert_select_cb; cfg->cert_select_cb = config->cert_select_cb;