From 135c1cc7cd6077eda2dc860b3b7b51d742f6f630 Mon Sep 17 00:00:00 2001
From: Damien George <damien@micropython.org>
Date: Wed, 23 Jul 2025 14:44:11 +1000
Subject: [PATCH] extmod/modtls_mbedtls: Do gc_collect and retry ssl_init on
 any error.

Contrary to the docs, mbedtls can return more than just
MBEDTLS_ERR_SSL_ALLOC_FAILED when `mbedtls_ssl_setup()` fails.  At least
MBEDTLS_ERR_MD_ALLOC_FAILED was also seen on ESP32_GENERIC, but there
could possibly be other error codes.

To cover all these codes, just check if `ret` is non-0, and in that case
do a `gc_collect()` and retry the init.

Signed-off-by: Damien George <damien@micropython.org>
---
 extmod/modtls_mbedtls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extmod/modtls_mbedtls.c b/extmod/modtls_mbedtls.c
index 418275440f..5863425732 100644
--- a/extmod/modtls_mbedtls.c
+++ b/extmod/modtls_mbedtls.c
@@ -639,7 +639,7 @@ static mp_obj_t ssl_socket_make_new(mp_obj_ssl_context_t *ssl_context, mp_obj_t
 
     ret = mbedtls_ssl_setup(&o->ssl, &ssl_context->conf);
     #if !MICROPY_MBEDTLS_CONFIG_BARE_METAL
-    if (ret == MBEDTLS_ERR_SSL_ALLOC_FAILED) {
+    if (ret != 0) {
         // If mbedTLS relies on platform libc heap for buffers (i.e. esp32
         // port), then run a GC pass and then try again. This is useful because
         // it may free a Python object (like an old SSL socket) whose finaliser