Skip to content

fix(esp-tls): clean up is_tls flag (IDFGH-16662)#17760

Open
erkia wants to merge 1 commit intoespressif:masterfrom
erkia:erkia/remove-esp-tls-is-tls
Open

fix(esp-tls): clean up is_tls flag (IDFGH-16662)#17760
erkia wants to merge 1 commit intoespressif:masterfrom
erkia:erkia/remove-esp-tls-is-tls

Conversation

@erkia
Copy link
Contributor

@erkia erkia commented Oct 22, 2025
edited
Loading

Description

Commit 2dd280f added a neat feature to support STARTTLS by doing something like this:

esp_tls_t *ftp;
esp_tls_cfg_t cfg;

memset(&cfg, 0, sizeof(cfg));

ftp = esp_tls_init();

cfg.is_plain_tcp = true;
esp_tls_conn_new_sync("example.com", strlen("example.com"), 21, &cfg, ftp);

// ... AUTH TLS or STARTTLS or what not ...

cfg.is_plain_tcp = false;
esp_tls_set_conn_state(ftp, ESP_TLS_CONNECTING);
esp_tls_conn_new_sync("example.com", strlen("example.com"), 21, &cfg, ftp);

However, when doing this, tls->is_tls flag is never set to true internally (as it is only set in ESP_TLS_INIT state), which prevents calling mbedtls_net_free() here.

Luckily, despite its name, mbedtls_net_free() does not free anything and only does a graceful shutdown of the socket, so it is not a big issue (socket is closed by esp-tls anyway). But as this is the only usecase for tls->is_tls flag, then it makes sense to clean it up, fixing the small inconsistency in the process.

@github-actions
Copy link

github-actions bot commented Oct 22, 2025
edited
Loading

Messages
📖 🎉 Good Job! All checks are passing!

👋 Hello erkia, we appreciate your contribution to this project!

📘 Please review the project's Contributions Guide for key guidelines on code, documentation, testing, and more.
🖊️ Please also make sure you have read and signed the Contributor License Agreement for this project.
Click to see more instructions ...


This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...


We do welcome contributions in the form of bug reports, feature requests and pull requests via this public GitHub repository.

This GitHub project is public mirror of our internal git repository

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved, we synchronize it into our internal git repository.
4. In the internal git repository we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
5. If the change is approved and passes the tests it is merged into the default branch.
5. On next sync from the internal git repository merged change will appear in this public GitHub repository.

Generated by 🚫 dangerJS against 17a7169

cursor[bot]

This comment was marked as outdated.

Sign in to view

erkia
erkia commented Oct 22, 2025
View reviewed changes
components/esp-tls/esp_tls.c
_esp_tls_net_init(tls);
tls->is_tls = true;
}
_esp_tls_net_init(tls);
Copy link
Contributor Author

@erkia erkia Oct 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_esp_tls_net_init() is called by esp_tls_init() anyway, no matter if plain or TLS.

It's only job is to set tls->server_fd.fd = -1; for mbedtls. For wolfssl, it is no-op. So it is safe to call it here always, especially, as tls->sockfd = -1; is forced also.

@erkia erkia force-pushed the erkia/remove-esp-tls-is-tls branch from 0af3836 to 17a7169 Compare October 22, 2025 08:03
@github-actions github-actions bot changed the title fix(esp-tls): clean up is_tls flag fix(esp-tls): clean up is_tls flag (IDFGH-16662) Oct 22, 2025
@espressif-bot espressif-bot added the Status: Opened Issue is new label Oct 22, 2025
@Ashish285
Copy link
Collaborator

Ashish285 commented Oct 27, 2025

Hi @erkia , thanks for reporting and creating this issue.

Will setting the tls->is_tls flag inside ESP_TLS_CONNECTING state a better fix for this issue? The mbedtls_net_free() might not be doing much right now but it may in the future so we would probably want to keep that API for tls connections.

@erkia
Copy link
Contributor Author

erkia commented Oct 27, 2025
edited
Loading

Hi @erkia , thanks for reporting and creating this issue.

Will setting the tls->is_tls flag inside ESP_TLS_CONNECTING state a better fix for this issue? The mbedtls_net_free() might not be doing much right now but it may in the future so we would probably want to keep that API for tls connections.

mbedtls_net_init() is called unconditionally by esp_tls_init() anyway, so it makes no sense to call mbedtls_net_free() conditionally.

@Ashish285
Copy link
Collaborator

Ashish285 commented Oct 27, 2025

mbedtls_net_init() is called unconditionally by esp_tls_init() anyway

Sure, I believe that's also not the correct way as it should be initialised only when tls will be used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

Status: Opened Issue is new

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@erkia @Ashish285 @espressif-bot