WiFiClientSecure: robust TLS writes (loop & chunk), avoid zero-length…

… write -> fixes sporadic MBEDTLS_ERR_NET_CONN_RESET (espressif#11865) * fix(ssl_client,wifi): Write full TLS buffer and avoid zero-length writes Loop in send_ssl_data() until the entire buffer is written; handle MBEDTLS_ERR_SSL_WANT_{READ,WRITE} and respect socket timeouts. Return 0 for len==0 to prevent zero-length TLS writes. Add a size==0 guard in WiFiClientSecure::write() for symmetry. No API changes. * fix(ssl_client): Chunk TLS writes and reset timeout after progress Chunk TLS writes and reset timeout after progress to reduce mid-body resets Send large TLS payloads in moderate chunks (4 KiB) instead of a single large write, and measure the write timeout from the last successful progress. This significantly reduces sporadic MBEDTLS_ERR_NET_CONN_RESET (-0x0050) observed during long HTTP bodies (e.g., multipart uploads). - write loop remains intact; now caps per-call size to 4096 bytes - updates timeout window after each positive write to avoid false timeouts on slow links - no API changes; handshake/verification paths unaffected Sources Ask ChatGPT * refactor(ssl_client): Constexpr chunk size; rename max_write_chunk_size
Stars1233 · pull · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025 · Sep 24, 2025
commit f4f4bc6da3dcad6f3ad3ed85f7aa4e5cc54ea094
diff --git a/libraries/NetworkClientSecure/src/NetworkClientSecure.cpp b/libraries/NetworkClientSecure/src/NetworkClientSecure.cpp
@@ -227,6 +227,10 @@ size_t NetworkClientSecure::write(const uint8_t *buf, size_t size) {
  return 0;
  }
 
+ if (size == 0) {
+ return 0;
+ }
+
  if (_stillinPlainStart) {
  return send_net_data(sslclient.get(), buf, size);
  }

diff --git a/libraries/NetworkClientSecure/src/ssl_client.cpp b/libraries/NetworkClientSecure/src/ssl_client.cpp
@@ -409,25 +409,41 @@ int data_to_read(sslclient_context *ssl_client) {
 }
 
 int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, size_t len) {
- unsigned long write_start_time = millis();
- int ret = -1;
+ if (len == 0) {
+ return 0; // Skipping zero-length write
+ }
+
+ static constexpr size_t max_write_chunk_size = 4096;
+ unsigned long last_progress = millis(); // Timeout since last progress
+ size_t sent = 0;
+
+ while (sent < len) {
+ size_t to_send = len - sent;
+ if (to_send > max_write_chunk_size) {
+ to_send = max_write_chunk_size;
+ }
 
- while ((ret = mbedtls_ssl_write(&ssl_client->ssl_ctx, data, len)) <= 0) {
- if ((millis() - write_start_time) > ssl_client->socket_timeout) {
+ int ret = mbedtls_ssl_write(&ssl_client->ssl_ctx, data + sent, to_send);
+ if (ret > 0) {
+ sent += ret;
+ last_progress = millis(); // refresh timeout window
+ continue;
+ }
+
+ if ((millis() - last_progress) > ssl_client->socket_timeout) {
  log_v("SSL write timed out.");
  return -1;
  }
 
  if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret < 0) {
- log_v("Handling error %d", ret); //for low level debug
+ log_v("Handling error %d", ret);
  return handle_error(ret);
  }
 
- //wait for space to become available
  vTaskDelay(2);
  }
 
- return ret;
+ return (int)sent;
 }
 
 // Some protocols, such as SMTP, XMPP, MySQL/Posgress and various others