diff --git a/UNITTESTS/features/netsocket/DTLSSocketWrapper/test_DTLSSocketWrapper.cpp b/UNITTESTS/features/netsocket/DTLSSocketWrapper/test_DTLSSocketWrapper.cpp index 00c250c268..b1f2dcfd48 100644 --- a/UNITTESTS/features/netsocket/DTLSSocketWrapper/test_DTLSSocketWrapper.cpp +++ b/UNITTESTS/features/netsocket/DTLSSocketWrapper/test_DTLSSocketWrapper.cpp @@ -163,7 +163,7 @@ TEST_F(TestDTLSSocketWrapper, connect_fail_ctr_drbg_seed) stack.return_value = NSAPI_ERROR_OK; const SocketAddress a("127.0.0.1", 1024); stack.return_socketAddress = a; - EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_PARAMETER); + EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_AUTH_FAILURE); mbedtls_stub.crt_expected_int = 0; } @@ -175,7 +175,7 @@ TEST_F(TestDTLSSocketWrapper, connect_fail_ssl_setup) stack.return_value = NSAPI_ERROR_OK; const SocketAddress a("127.0.0.1", 1024); stack.return_socketAddress = a; - EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_PARAMETER); + EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_AUTH_FAILURE); } /* send */ diff --git a/UNITTESTS/features/netsocket/TLSSocketWrapper/test_TLSSocketWrapper.cpp b/UNITTESTS/features/netsocket/TLSSocketWrapper/test_TLSSocketWrapper.cpp index 98ff4b88fb..32499fca51 100644 --- a/UNITTESTS/features/netsocket/TLSSocketWrapper/test_TLSSocketWrapper.cpp +++ b/UNITTESTS/features/netsocket/TLSSocketWrapper/test_TLSSocketWrapper.cpp @@ -159,7 +159,7 @@ TEST_F(TestTLSSocketWrapper, connect_fail_ctr_drbg_seed) mbedtls_stub.crt_expected_int = 1; // mbedtls_ctr_drbg_seed error stack.return_value = NSAPI_ERROR_OK; const SocketAddress a("127.0.0.1", 1024); - EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_PARAMETER); + EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_AUTH_FAILURE); mbedtls_stub.crt_expected_int = 0; } @@ -171,7 +171,7 @@ TEST_F(TestTLSSocketWrapper, connect_fail_ssl_setup) mbedtls_stub.retArray[1] = 2; // mbedtls_ssl_setup error stack.return_value = NSAPI_ERROR_OK; const SocketAddress a("127.0.0.1", 1024); - EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_PARAMETER); + EXPECT_EQ(wrapper->connect(a), NSAPI_ERROR_AUTH_FAILURE); } TEST_F(TestTLSSocketWrapper, connect_handshake_fail_ssl_handshake) diff --git a/features/netsocket/Socket.h b/features/netsocket/Socket.h index ec2864bd3e..48e3bca532 100644 --- a/features/netsocket/Socket.h +++ b/features/netsocket/Socket.h @@ -64,6 +64,9 @@ public: * To reset the peer address, there must be zero initialized(default constructor) SocketAddress * objects in the address parameter. * + * @note If connect() fails it is recommended to close the Socket and create + * a new one before attempting to reconnect. + * * @param address The SocketAddress of the remote peer. * @return NSAPI_ERROR_OK on success, negative error code on failure. */ diff --git a/features/netsocket/TLSSocket.h b/features/netsocket/TLSSocket.h index 2af18d2374..1ce1e7d3d3 100644 --- a/features/netsocket/TLSSocket.h +++ b/features/netsocket/TLSSocket.h @@ -82,6 +82,9 @@ public: * Initiates a connection to a remote server specified by either * a domain name or an IP address and port. * + * @note: In case connect() returns NSAPI_ERROR_AUTH_FAILURE, + * the socket must be freed either by calling close() or destroying it. + * * @param host Hostname of the remote host. * @param port Port of the remote host. * @return 0 on success, negative error code on failure. diff --git a/features/netsocket/TLSSocketWrapper.cpp b/features/netsocket/TLSSocketWrapper.cpp index eb75479a84..c8bbda76c3 100644 --- a/features/netsocket/TLSSocketWrapper.cpp +++ b/features/netsocket/TLSSocketWrapper.cpp @@ -171,7 +171,7 @@ nsapi_error_t TLSSocketWrapper::start_handshake(bool first_call) (const unsigned char *) DRBG_PERS, sizeof(DRBG_PERS))) != 0) { print_mbedtls_error("mbedtls_crt_drbg_init", ret); - return NSAPI_ERROR_PARAMETER; + return NSAPI_ERROR_AUTH_FAILURE; } mbedtls_ssl_conf_rng(get_ssl_config(), mbedtls_ctr_drbg_random, &_ctr_drbg); @@ -186,7 +186,7 @@ nsapi_error_t TLSSocketWrapper::start_handshake(bool first_call) tr_debug("mbedtls_ssl_setup()"); if ((ret = mbedtls_ssl_setup(&_ssl, get_ssl_config())) != 0) { print_mbedtls_error("mbedtls_ssl_setup", ret); - return NSAPI_ERROR_PARAMETER; + return NSAPI_ERROR_AUTH_FAILURE; } _transport->set_blocking(false); diff --git a/features/netsocket/TLSSocketWrapper.h b/features/netsocket/TLSSocketWrapper.h index d4e58bd22b..7bd423c539 100644 --- a/features/netsocket/TLSSocketWrapper.h +++ b/features/netsocket/TLSSocketWrapper.h @@ -76,6 +76,8 @@ public: void set_hostname(const char *hostname); /** Sets the certification of Root CA. + * + * @note Must be called before calling connect() * * @param root_ca Root CA Certificate in any Mbed TLS-supported format. * @param len Length of certificate (including terminating 0 for PEM). @@ -84,9 +86,10 @@ public: nsapi_error_t set_root_ca_cert(const void *root_ca, size_t len); /** Sets the certification of Root CA. + * + * @note Must be called before calling connect() * * @param root_ca_pem Root CA Certificate in PEM format. - * @return 0 on success, negative error code on failure. */ nsapi_error_t set_root_ca_cert(const char *root_ca_pem); @@ -136,6 +139,10 @@ public: /* = Functions inherited from Socket = */ virtual nsapi_error_t close(); + /* + * @note: In case connect() returns an error, the state of the socket is + * unspecified. A new socket should be created before reconnecting. + */ virtual nsapi_error_t connect(const SocketAddress &address = SocketAddress()); virtual nsapi_size_or_error_t sendto(const SocketAddress &address, const void *data, nsapi_size_t size); virtual nsapi_size_or_error_t recvfrom(SocketAddress *address,