From 8c3bb69530d24c638514d9e191906685e24e6d99 Mon Sep 17 00:00:00 2001 From: Ivan Grokhotkov Date: Mon, 5 Jun 2017 17:30:57 +0800 Subject: [PATCH] =?UTF-8?q?WiFiClientSecure:=20don=E2=80=99t=20send=20clos?= =?UTF-8?q?e=20alert=20when=20opening=20new=20session?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When WiFiClientSecure::connect was called, it would first tear down and existing and set up new TCP session, then tear down existing TLS session (using ssl_free), and then set up a new one. This caused TLS close- notify alert to be sent to the new TCP session, preventing new session from being established. This change postpones setting IO ctx to the new TCP connection, fixing this issue. Ref https://github.com/esp8266/Arduino/issues/3330 --- libraries/ESP8266WiFi/src/WiFiClientSecure.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp index 1cef85e08e..88c401661c 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp @@ -93,10 +93,16 @@ class SSLContext SSL_EXTENSIONS* ext = ssl_ext_new(); ssl_ext_set_host_name(ext, hostName); ssl_ext_set_max_fragment_size(ext, 4096); - s_io_ctx = ctx; if (_ssl) { + /* Creating a new TLS session on top of a new TCP connection. + ssl_free will want to send a close notify alert, but the old TCP connection + is already gone at this point, so reset s_io_ctx. */ + s_io_ctx = nullptr; ssl_free(_ssl); + _available = 0; + _read_ptr = nullptr; } + s_io_ctx = ctx; _ssl = ssl_client_new(_ssl_ctx, 0, nullptr, 0, ext); uint32_t t = millis();