The WebSocket echo server tests connect immediately after seeing
'Starting server on port:' in the device log, but URI handlers
(/ws, /auth) are registered asynchronously after the server starts,
taking 40-660ms depending on config and CI load.
This causes two failures:
1. WebSocket handshake returns 404 Not Found because the URI
handler is not registered yet when the client connects.
2. WebSocket echo returns wrong data because the server is in a
partially initialized state.
Wait for 'Returned from app_main()' before connecting, which
guarantees all URI handlers are registered. Add connection retry
with WebSocketBadStatusException handling to WsClient.
Extract _wait_for_server_ready() helper to deduplicate the WiFi
credential input and server readiness logic.
(cherry picked from commit 7a50e3ab04)
fix(examples): make https_request rom_impl CI test resilient to transient external server failures (backport v5.5)
See merge request espressif/esp-idf!48417
The binary size (0x100110) slightly exceeds the default 1MB factory
partition, causing a build failure with 0x110 bytes overflow.
Use CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE to provide sufficient
space, consistent with other TLS-based mqtt examples.
The esptool version bundled with the release/v5.5 IDF environment only
accepts the underscore subcommand name 'write_flash'. The hyphenated
alias 'write-flash' is rejected by argparse on this esptool version.
Use the canonical 'write_flash' name accepted by all esptool versions.
The write_time_to_nvs helper is introduced by parent MR !47528's sibling on master
(!47201). On release/v5.5 the parent hasn't merged yet, so this MR's rom_impl test
resilience patch references an undefined name. Include the helper inline here so
pre-commit (ruff F821 + mypy) passes; if the parent's backport (!48415/!48416)
lands first, the merge will need a trivial dedup of this helper.
The test_examples_protocol_https_request_rom_impl test on ESP32-C2 with
the ROM mbedTLS implementation hits a public TLS endpoint
(tls13.browserleaks.com / www.howsmyssl.com) for five sequential
sub-tests. CI runs frequently fail mid-test with one of:
* mbedtls_ssl_handshake returned -0x7780
(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - server-side fatal alert)
* esp-tls: [sock=NN] select() timeout
* esp-tls: Failed to open new connection in specified timeout
In a representative log the first three sub-tests succeed and only the
fourth/fifth fail, which is consistent with rate-limiting or transient
server unavailability rather than a device bug. Mark the test as
flaky with up to two reruns (10 s delay) so a single transient remote
failure does not fail the CI job.
Also align this test with the rest of the file by injecting the host
timestamp via NVS (write_time_to_nvs) so the device clock no longer
depends on a previous boot's persisted SNTP result, removing one more
source of CI flakiness on first-boot or after NVS erase.
The test_examples_protocol_https_request_rom_impl test on ESP32-C2 with
the ROM mbedTLS implementation hits a public TLS endpoint
(tls13.browserleaks.com / www.howsmyssl.com) for five sequential
sub-tests. CI runs frequently fail mid-test with one of:
* mbedtls_ssl_handshake returned -0x7780
(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - server-side fatal alert)
* esp-tls: [sock=NN] select() timeout
* esp-tls: Failed to open new connection in specified timeout
In a representative log the first three sub-tests succeed and only the
fourth/fifth fail, which is consistent with rate-limiting or transient
server unavailability rather than a device bug. Mark the test as
flaky with up to two reruns (10 s delay) so a single transient remote
failure does not fail the CI job.
Also align this test with the rest of the file by injecting the host
timestamp via NVS (write_time_to_nvs) so the device clock no longer
depends on a previous boot's persisted SNTP result, removing one more
source of CI flakiness on first-boot or after NVS erase.
The esptool version bundled with the release/v5.5 IDF environment only
accepts the underscore subcommand name 'write_flash'. The hyphenated
alias 'write-flash' was added in later esptool releases, so the CI
target test failed with 'argparse.ArgumentError: invalid choice:
write-flash'. Use the canonical 'write_flash' name, which is accepted
by all esptool versions.
Replace erase_nvs + SNTP time sync with direct NVS timestamp injection
from the pytest host. This eliminates CI flakiness caused by NTP servers
being unreachable from the CI lab network.
Changes:
- Add write_time_to_nvs() helper that generates an NVS partition image
with the current host timestamp and flashes it to the DUT before each
test. The firmware reads this via the existing update_time_from_nvs()
path and skips SNTP entirely.
- Remove @pytest.mark.parametrize('erase_nvs', ['y']) from all 4
Ethernet-based tests since NVS is now written with valid data.
The async handler CI tests fail intermittently because the TCP
connection from the pytest host to the ESP32 HTTP server times out
or gets refused.
Add a _connect_with_retry() helper that retries the TCP connection
up to 3 times with a 2-second delay between attempts, catching
TimeoutError, ConnectionRefusedError, and OSError.
Extract common server startup waiting into _wait_for_server_ready()
which includes a 2-second stabilization delay after the server
registers its URI handlers before tests begin sending requests.
(cherry picked from commit a665e7410c)
Replace howsmyssl.com with letsencrypt.org in the https_x509_bundle
example. howsmyssl.com is a third-party server that is frequently
unreachable from CI, causing flaky test failures. letsencrypt.org
chains to the same ISRG Root X1 CA, so the custom certificate bundle
validation coverage is identical.
Since letsencrypt.org was already present in the full bundle URL list,
remove the duplicate entry and reduce MAX_URLS from 9 to 8. All 6
unique root CAs in the stress test are still covered.
For the QEMU stress test, increase per-connection timeout from 30s to
60s and final completion timeout from 60s to 180s. QEMU emulated
network is 3-5x slower than real hardware for TLS handshakes.
(cherry picked from commit d6596eff3a)
(squashed with commit 995c0f129e)
SSL test relies on the device receiving a control message during the test, which was being sent
with QoS=0. Send the control message with QoS=1 to avoid failures due to poor network connection.
1. If the user wants authenticate the request, then user needs to do
this before upgrading the protocol to websocket.
2. To achieve this, added pre_handshake_callack, which will execute
before handshake, i.e. before switching protocol.