Mbed TLS is now part of TrustedFirmware.org.

TIMEOUT ERROR DURING WRITE()


Dec 19, 2017 06:21
phani

Will a timeout error ever be encountered during a call to mbedtls_ssl_write() (TLS or DTLS)? i.e will the api ever send MBEDTLS_ERR_SSL_TIMEOUT to us?

Thanks in advance, Phani Karthik

 
Dec 19, 2017 08:25
Ron Eldor

Hi phani,
MBEDTLS_ERR_SSL_TIMEOUT is returned when timeout expired. It can return when receiving is pending, or when DTLS timeout expired. Nonetheless, it is when you try to receive packets from the network.
Regards,
Mbed TLS Team member
Ron

 
Dec 26, 2017 04:46
phani

Thanks ron. Also what kind of errors will I get from MbedTLS in these cases. 1) the connection to server is lost 2) server is not accessible. Iam trying to catch these events in mbedtls_ssl_write() and mbedtls_ssl_read().

P.S connection lost error: My understanding is that this occurs when the connectivity is down. so, Iam de-initializing wifi and mbedtls_ssl_write() returns a MBEDTLS_ERR_NET_SEND_FAILED error in this case. Is this the right way ? server is not accessible:I have no clue.

Thanks in advance for your comments.

 
Dec 26, 2017 09:47
Ron Eldor

Hi phani,
As mentioned in the documentation, mbedtls_net_connect() would fail with the following errors:

0 if successful, or one of: MBEDTLS_ERR_NET_SOCKET_FAILED, MBEDTLS_ERR_NET_UNKNOWN_HOST, MBEDTLS_ERR_NET_CONNECT_FAILED

In addition, as mentioned, mbedtls_ssl_read() should fail with the following errors:

the number of bytes read, or 0 for EOF, or MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or another negative error code.

In case the server is doing a graceful shutdown, you should get 0 as the return code. In case the server is unexpectedly down, you might get MBEDTLS_ERR_NET_CONN_RESET error, or a generic MBEDTLS_ERR_NET_RECV_FAILED.
Note that this is very much dependant on how you implement your bio callbacks.
Regards,
Mbed TLS Team member
Ron

 
Jan 28, 2018 21:40
Fred Wedemeier

Ron,

I'm examining mbedtls_net_send() in the 2.6.0 library net_sockets.c file. It doesn't return a MBEDTLS_ERR_SSL_TIMEOUT indication, and the file doesn't include a send '_timeout' function as recv does. Am I correct in thinking that a send timeout won't be detected unless my implementation includes timeout logic that does return the MBEDTLS_ERR_SSL_TIMEOUT indication to its caller?

Thanks!