WiFiClientSecure: robust TLS writes (loop & chunk), avoid zero-length write -> fixes sporadic MBEDTLS_ERR_NET_CONN_RESET (#11865)

* fix(ssl_client,wifi): Write full TLS buffer and avoid zero-length writes

Loop in send_ssl_data() until the entire buffer is written;
handle MBEDTLS_ERR_SSL_WANT_{READ,WRITE} and respect socket timeouts.
Return 0 for len==0 to prevent zero-length TLS writes.
Add a size==0 guard in WiFiClientSecure::write() for symmetry.

No API changes.

* fix(ssl_client): Chunk TLS writes and reset timeout after progress

Chunk TLS writes and reset timeout after progress to reduce mid-body resets

Send large TLS payloads in moderate chunks (4 KiB) instead of a single large write,
and measure the write timeout from the last successful progress. This significantly
reduces sporadic MBEDTLS_ERR_NET_CONN_RESET (-0x0050) observed during long HTTP bodies
(e.g., multipart uploads).

- write loop remains intact; now caps per-call size to 4096 bytes
- updates timeout window after each positive write to avoid false timeouts on slow links
- no API changes; handshake/verification paths unaffected

Sources

Ask ChatGPT

* refactor(ssl_client): Constexpr chunk size; rename max_write_chunk_size

Author: prooma

libraries/NetworkClientSecure/src/NetworkClientSecure.cpp

@@ -227,6 +227,10 @@ size_t NetworkClientSecure::write(const uint8_t *buf, size_t size) {
     return 0;
   }
 
+  if (size == 0) {
+    return 0;
+  }
+
   if (_stillinPlainStart) {
     return send_net_data(sslclient.get(), buf, size);
   }

libraries/NetworkClientSecure/src/ssl_client.cpp

@@ -409,25 +409,41 @@ int data_to_read(sslclient_context *ssl_client) {
 }
 
 int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, size_t len) {
-  unsigned long write_start_time = millis();
-  int ret = -1;
+  if (len == 0) {
+    return 0;  // Skipping zero-length write
+  }
+
+  static constexpr size_t max_write_chunk_size = 4096;
+  unsigned long last_progress = millis();  // Timeout since last progress
+  size_t sent = 0;
+
+  while (sent < len) {
+    size_t to_send = len - sent;
+    if (to_send > max_write_chunk_size) {
+      to_send = max_write_chunk_size;
+    }
 
-  while ((ret = mbedtls_ssl_write(&ssl_client->ssl_ctx, data, len)) <= 0) {
-    if ((millis() - write_start_time) > ssl_client->socket_timeout) {
+    int ret = mbedtls_ssl_write(&ssl_client->ssl_ctx, data + sent, to_send);
+    if (ret > 0) {
+      sent += ret;
+      last_progress = millis();  // refresh timeout window
+      continue;
+    }
+
+    if ((millis() - last_progress) > ssl_client->socket_timeout) {
       log_v("SSL write timed out.");
       return -1;
     }
 
     if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret < 0) {
-      log_v("Handling error %d", ret);  //for low level debug
+      log_v("Handling error %d", ret);
       return handle_error(ret);
     }
 
-    //wait for space to become available
     vTaskDelay(2);
   }
 
-  return ret;
+  return (int)sent;
 }
 
 // Some protocols, such as SMTP, XMPP, MySQL/Posgress and various others