The test_examples_protocol_https_request_rom_impl test on ESP32-C2 with
the ROM mbedTLS implementation hits a public TLS endpoint
(tls13.browserleaks.com / www.howsmyssl.com) for five sequential
sub-tests. CI runs frequently fail mid-test with one of:
* mbedtls_ssl_handshake returned -0x7780
(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - server-side fatal alert)
* esp-tls: [sock=NN] select() timeout
* esp-tls: Failed to open new connection in specified timeout
In a representative log the first three sub-tests succeed and only the
fourth/fifth fail, which is consistent with rate-limiting or transient
server unavailability rather than a device bug. Mark the test as
flaky with up to two reruns (10 s delay) so a single transient remote
failure does not fail the CI job.
Also align this test with the rest of the file by injecting the host
timestamp via NVS (write_time_to_nvs) so the device clock no longer
depends on a previous boot's persisted SNTP result, removing one more
source of CI flakiness on first-boot or after NVS erase.
Replace erase_nvs + SNTP time sync with direct NVS timestamp injection
from the pytest host. This eliminates CI flakiness caused by NTP servers
being unreachable from the CI lab network.
Changes:
- Add write_time_to_nvs() helper that generates an NVS partition image
with the current host timestamp and flashes it to the DUT before each
test. The firmware reads this via the existing update_time_from_nvs()
path and skips SNTP entirely.
- Remove @pytest.mark.parametrize('erase_nvs', ['y']) from all 4
Ethernet-based tests since NVS is now written with valid data.
Currently, several example dependencies rely on the fact that all
registered components are added to the build, along with components
specified in common requirements. This results in longer build times
because even unused components must be built. Switch all examples to use
idf_minimal_build to compile only the components actually required by
the example.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Currently, several examples do not explicitly state their component
dependencies, relying instead on the default behavior that includes all
registered components and commonly required ones in the build.
Explicitly adding component dependencies can reduce build time when
set(COMPONENTS main) is used.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
This commit refactors the script responsible for starting a Python-based HTTPS server
to align with the latest Python version's requirements and best practices.
Closes https://github.com/espressif/esp-idf/issues/13575
Cert bundle is periodically updated with the upstream Mozilla's NSS
root cert store. Retracted certs are moved to deprecated list now and
an additional config allows to include them in the default bundle. New
config is kept default disabled but can be enabled if one would like
to ensure 100% compatibility w.r.t. cert bundle across IDF minor or
patch releases. In IDF major release the deprecated list shall be reset.
For ESP certificate bundle case, the certificate failure error from
underlying TLS stack was not being tracked. Added the fix and also
updated example code showcasing how to retrieve it.
Closes https://github.com/espressif/esp-idf/issues/12034
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ciphersuite support
seems to be removed from howsmyssl.com. Add more ciphersuites in
server_supported_ciphersuites in https_request example to fix failures
while connecting to howsmyssl.
hrushikesh.bhosale
harshal.patil
Ashish Sharma
glmfe
Ondrej Kosta
Marek Fiala
igor.udot
Jiang Guang Ming
Frantisek Hrbata
Marius Vikhammer
nilesh.kale
Harshit Malpani
David Cermak
Mahavir Jain
Zim Kalinowski
Aditya Patwardhan
Ivan Grokhotkov
Euripedes Rocha
yuanjianmin
Chen Yudong
Laukik Hase
Song Ruo Jing
Fu Hanxi