ussl.wrap_socket fails with mbedtls_ssl_handshake errors on ESP32 #5808

czAdamV · 2020-03-26T23:10:49Z

In some cases, the ussl.wrap_socket function fails with a nondescript error:

>>> import ussl, usocket
>>> s = usocket.socket()
>>> s.connect(('185.8.236.214', 443))
>>> s = ussl.wrap_socket(s, server_hostname="aladinonline.androworks.org")
mbedtls_ssl_handshake error: -4290
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OSError: [Errno 5] EIO

This doesn't seem to be a network problem as requests to other pages work well in the same session. This is in fact the only page I've run into this issue with, and I can't figure out what's wrong with its TLS setup.

I initially ran into this when using the urllib.urequest.urlopen function and I believed this was a micropython-lib bug, so I didn't post the issue here (original issue was micropython/micropython-lib#374), but I found out later that the bug wasn't present in the Micropython version 1.12 and that it was probably introduced by commit 3032ae1, which switches the version of ESP-IDF used to build Micropython for ESP32. Even though I managed to replicate the bug only using the undocumented parameter server_hostname of wrap_socket function, I really think this is a bug in Micropython (or some underlying library), not in micropython-lib.

The text was updated successfully, but these errors were encountered:

tve · 2020-03-27T03:21:31Z

I have good news and bad news for you ;-)
The good news is that I'm working on a PR to fix the obscure mbedtls error numbers. Here's what my version (using ESP_IDFv4) says:

MicroPython v1.12-307-gad004db66-dirty on 2020-03-26; ESP32 module with ESP32
Type "help()" for more information.
>>> import ussl, usocket
>>> s = usocket.socket()
>>> s.connect(('185.8.236.214', 443))
>>> s = ussl.wrap_socket(s, server_hostname="aladinonline.androworks.org")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OSError: RSA - The publicration failed : BIGNUM - Memory allocation failed

The bad news, other than the funny typo, is that the error is due to too small a buffer. MP uses the asymmetric buffer sizes and that puts a limit on the RSA key size, or something like that (someone please correct me). This is a well-known issue with TLS and constrained memory devices. I believe the buffer sizes are fixed at compile time (that's a mbedtls limitation).
Hope this helps.

Carglglz · 2020-03-27T17:28:38Z

Hi @czAdamV you may be want to read this thread #5543

@tve

The good news is that I'm working on a PR to fix the obscure mbedtls error numbers

This is great! Thanks for taking the time! 🥇 👍

enesbcs · 2021-05-14T19:25:25Z

Maybe related to #7038

…coded-samples audiomp3: reset decoded_samples when file resets

jimmo · 2022-07-21T01:44:01Z

This issue is now being tracked in #8940.

tannewt pushed a commit to tannewt/circuitpython that referenced this issue Jan 7, 2022

Merge pull request micropython#5808 from unwiredben/add-mp3decoder-de…

4822c45

…coded-samples audiomp3: reset decoded_samples when file resets

jimmo closed this as completed Jul 21, 2022

jimmo mentioned this issue Jul 21, 2022

esp32: Heap fragmentation and mbedtls/lwip. #8940

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

ussl.wrap_socket fails with mbedtls_ssl_handshake errors on ESP32 #5808

ussl.wrap_socket fails with mbedtls_ssl_handshake errors on ESP32 #5808

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

ussl.wrap_socket fails with mbedtls_ssl_handshake errors on ESP32 #5808

ussl.wrap_socket fails with mbedtls_ssl_handshake errors on ESP32 #5808

Comments

Uh oh!

Uh oh!

Uh oh!

Uh oh!