Replace erase_nvs + SNTP time sync with direct NVS timestamp injection
from the pytest host. This eliminates CI flakiness caused by NTP servers
being unreachable from the CI lab network.
Changes:
- Add write_time_to_nvs() helper that generates an NVS partition image
with the current host timestamp and flashes it to the DUT before each
test. The firmware reads this via the existing update_time_from_nvs()
path and skips SNTP entirely.
- Remove @pytest.mark.parametrize('erase_nvs', ['y']) from all 4
Ethernet-based tests since NVS is now written with valid data.
The WebSocket echo server tests connect immediately after seeing
'Starting server on port:' in the device log, but URI handlers
(/ws, /auth) are registered asynchronously after the server starts,
taking 40-660ms depending on config and CI load.
Wait for 'Returned from app_main()' before connecting, which
guarantees all URI handlers are registered. Add connection retry
with WebSocketBadStatusException handling to WsClient.
Extract _wait_for_server_ready() helper to deduplicate the WiFi
credential input and server readiness logic.
(cherry picked from commit 7a50e3ab04)
Replace howsmyssl.com with letsencrypt.org in the https_x509_bundle
example. howsmyssl.com is a third-party server that is frequently
unreachable from CI, causing flaky test failures. letsencrypt.org
chains to the same ISRG Root X1 CA, so the custom certificate bundle
validation coverage is identical.
Since letsencrypt.org was already present in the full bundle URL list,
remove the duplicate entry and reduce MAX_URLS from 9 to 8. All 6
unique root CAs in the stress test are still covered.
For the QEMU stress test, increase per-connection timeout from 30s to
60s and final completion timeout from 60s to 180s. QEMU emulated
network is 3-5x slower than real hardware for TLS handshakes.
(cherry picked from commit d6596eff3a)
(squashed with commit 995c0f129e)
SSL test relies on the device receiving a control message during the test, which was being sent
with QoS=0. Send the control message with QoS=1 to avoid failures due to poor network connection.
1. If the user wants authenticate the request, then user needs to do
this before upgrading the protocol to websocket.
2. To achieve this, added pre_handshake_callack, which will execute
before handshake, i.e. before switching protocol.
1. In async handler example, on hitting /long URI and closing the
connection forcefully from client (example ctrl + c) cause more stack
size (almost 200 bytes) than successfull request.
2. The connection should be closed from the server as soon as the client
closes the connect (i.e. handler should return ESP_FAIL to close the
connection)
- Example CA certificates that are used for self-signed client certificates
need to include the Key Usage parameter.
- Python3.13 changed the default context of the SSL context that is
generated using ssl.create_default_context() by enabling the VERIFY_X509_STRICT
flag by default