net: app: Print more info for TLS MAC verification errors

If we get MAC verification error in handshake, it could be that everything is fine but we ran out of heap memory in mbedtls. In this happens, suggest the user to check amount of memory in mbedtls as it might just fix the issue. Signed-off-by: Jukka Rissanen <[email protected]>
praveenmunagapati · Oct 20, 2017 · 9bff68f · 9bff68f
1 parent 28d0dff
commit 9bff68f
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/subsys/net/lib/app/net_app.c b/subsys/net/lib/app/net_app.c
@@ -1860,6 +1860,16 @@ int _net_app_ssl_mainloop(struct net_app_ctx *ctx)
 		ret = mbedtls_ssl_handshake(&ctx->tls.mbedtls.ssl);
 		if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
 		    ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+			/* If we get MAC verification failure, then it usually
+			 * means that we ran out of heap. As that Invalid MAC
+			 * error is really confusing, give hint about possible
+			 * out of memory issue.
+			 */
+			if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
+				NET_DBG("Check CONFIG_MBEDTLS_HEAP_SIZE as "
+					"you could be out of mem in mbedtls");
+			}
+
 			if (ret < 0) {
 				goto close;
 			}