espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(https_x509_bundle): Replace unreliable external URL in https_x509_bundle example

Browse Source 
Replace howsmyssl.com with letsencrypt.org in the https_x509_bundle
example. howsmyssl.com is a third-party server that is frequently
unreachable from CI, causing flaky test failures. letsencrypt.org
chains to the same ISRG Root X1 CA, so the custom certificate bundle
validation coverage is identical.

Since letsencrypt.org was already present in the full bundle URL list,
remove the duplicate entry and reduce MAX_URLS from 9 to 8. All 6
unique root CAs in the stress test are still covered.

For the QEMU stress test, increase per-connection timeout from 30s to
60s and final completion timeout from 60s to 180s. QEMU emulated
network is 3-5x slower than real hardware for TLS handshakes.

Add flaky markers to hardware tests to handle intermittent CI lab DHCP
failures that affect all Ethernet-based tests.
This commit is contained in:
hrushikesh.bhosale
2026-04-07 14:51:01 +05:30
parent 953c40c9aa
commit d6596eff3a
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
examples/protocols/https_x509_bundle/main/https_x509_bundle_example_main.c
+4 -5
View File
@@ -1,7 +1,7 @@
/* HTTPS GET Example using plain mbedTLS sockets
*
* Contacts the howsmyssl.com API via TLS v1.2 and reads a JSON
* response.
* Connects to multiple HTTPS servers and validates their certificates
* using the certificate bundle.
*
* Adapted from the ssl_client1 example in mbedtls.
*
@@ -44,16 +44,15 @@
#include "esp_crt_bundle.h"
#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL
#define MAX_URLS 9
#define MAX_URLS 8
#else
#define MAX_URLS 2
#endif
static const char *web_urls[MAX_URLS] = {
"https://www.howsmyssl.com/a/check",
"https://letsencrypt.org",
"https://espressif.com",
#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL
"https://letsencrypt.org",
"https://www.identrust.com",
"https://www.globalsign.com",
"https://www.sectigo.com",
examples/protocols/https_x509_bundle/pytest_https_x509_bundle.py
+4 -2
View File
@@ -9,6 +9,7 @@ from pytest_embedded_idf.utils import idf_parametrize
@pytest.mark.ethernet
@pytest.mark.flaky(reruns=2, reruns_delay=5)
@idf_parametrize('target', ['esp32'], indirect=['target'])
def test_examples_protocol_https_x509_bundle(dut: Dut) -> None:
"""
@@ -30,6 +31,7 @@ def test_examples_protocol_https_x509_bundle(dut: Dut) -> None:
@pytest.mark.ethernet
@pytest.mark.flaky(reruns=2, reruns_delay=5)
@pytest.mark.parametrize(
'config',
[
@@ -69,5 +71,5 @@ def test_examples_protocol_https_x509_bundle_default_crt_bundle_stress_test(dut:
# start test
num_URLS = int(dut.expect(r'Connecting to (\d+) URLs', timeout=30)[1].decode())
for _ in range(num_URLS):
dut.expect(r'Connection established to ([\s\S]*)', timeout=30)
dut.expect(f'Completed {num_URLS} connections', timeout=60)
dut.expect(r'Connection established to ([\s\S]*)', timeout=60)
dut.expect(f'Completed {num_URLS} connections', timeout=180)