WifiClientSecure send hangs program execution on half-open socket

[20162026]

Board

all boards

Device Description

Hardware Configuration

Version

v2.0.4

IDE Name

PlatformIO

Operating System

Win 10

Flash frequency

40Mhz

PSRAM enabled

no

Upload speed

115200

Description

In case of half-open socket and SSL buffer overflow send_ssl_data function will hang program execution for >2hours (TCP_KEEPIDLE) until the socket connection times out.

In order to reproduce:

1. Connect to SSL server using wificlientsecure
2. Force halfopen socket (disconnect net cable from the router, firewall ESP traffic, kill the server without proper termination)
3. Send >4kb data over wificlientsecure socket
4. ESP will hand in send_ssl_data for > 2 hours until

this issue was addressed in #4424 but then got reverted by #4820

Sketch

/*platformio.ini

[env:esp32doit-devkit-v1]
    platform = espressif32
    board = esp32doit-devkit-v1
    framework = arduino
    monitor_speed = 115200
    build_flags = -DCORE_DEBUG_LEVEL=5

*/

/*

    steps to reproduce:
    1) Connect to wifi
    2) Press 2 in the serial terminal to connect to the google 443
    3) Force half-open socket (eg. disconnect the ethernet cable from the router)
    4) Press 3 couple times until ESP hangs

*/

#include <Arduino.h>
#include <WiFi.h>
#include <WiFiClientSecure.h>

#if __has_include("wifi_settings.h")
#include "wifi_settings.h"
#endif

#ifndef WIFI_SSID
#define WIFI_SSID "SSID"
#endif

#ifndef WIFI_PSW
#define WIFI_PSW "PASSOWRD"
#endif


void setup()
{
    Serial.begin(115200);
    WiFi.begin(WIFI_SSID, WIFI_PSW);
    while (WiFi.status() != WL_CONNECTED)
    {
        delay(500);
        Serial.print(".");
    }
    Serial.print("wifi connected");
}


#define SERVER_PORT 443
#define SERVER_HOST "www.google.com"
#define URI_long "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
#define REQ_HEDERS

const uint8_t request_long[] = "GET " URI_long " HTTP/1.1\r\nHost: " SERVER_HOST REQ_HEDERS "\r\n\r\n";


WiFiClientSecure *ssl = NULL;

int init_socket()
{
    if(ssl == NULL)
        ssl = new WiFiClientSecure;
    

    if(ssl->connected())
    {
        return 0;
    }
    else
    {
        ssl->setInsecure();
        // ssl->setTimeout(1);
        ssl->connect(SERVER_HOST, SERVER_PORT);
        return ssl->connected()? 0 : -1;
    }

    return -1;
}

int https_request(const uint8_t* req, size_t req_len)
{
    if(ssl == NULL || !ssl->connected())
    {
        return -1;
    }

    unsigned long time_start = millis();
    if (!ssl->write(req, req_len))
    {
        Serial.println("request failed");
        return -1;
    }

    Serial.println("request sent");

    while(ssl->available()==0 && (millis() - time_start) < 500)
        delay(20);
    while (ssl->available())
    {
        char c = ssl->read();
        Serial.print(c);
    }

    return 0;
}


uint lastprint = 0;
void loop()
{
    int c = 0;
    while(Serial.available())
        c = Serial.read();

    if(millis()-lastprint > 5000)
    {
        lastprint = millis();
        const int socket_avail = ssl? ssl->connected() : 0;
        Serial.printf("[%u] %u\r\n", lastprint, socket_avail);
    }

    switch(c)
    {
        case '1':
            Serial.println("1");
            break;
        case '2':
            init_socket();
            break;
        case '3':
            https_request(request_long, sizeof(request_long));
            break;
    }
}

Debug Message

-

Other Steps to Reproduce

No response

I have checked existing issues, online documentation and the Troubleshooting Guide

• I confirm I have checked existing issues, online documentation and Troubleshooting guide.

[20162026]

Also correct me if I'm wrong, but isn't current implementation of WifiClientSecure setTimeout useless? As SO_SNDTIMEO and SO_RCVTIMEO (that are set using it) do not affect non blocking sockets?

[mrengineer7777]

@20162026 @VojtechBartoska Possibly resolved by #7351 . That PR adds a timeout for send_ssl_data().

[20162026]

socket_timeout added in #7351 resolves this issue