CC3220: SlNetSock_startSec function returns error -456 ( "SLNETERR_ESEC_BAD_CA_FILE")

Thanks Brandon This resolve my certificate error..

Now i'm getting below error message

startSNTP: Current time: Sat Sep  8 06:55:27 2018

CC32XX has connected to AP and acquired an IP address.

IP Address: 192.168.225.114

AWS IoT SDK Version 3.0.1-

Connecting...

ERROR: runAWSClient L#108

Error(-31) connecting to xxxxxxxxxxx.iot.ap-xxxx-x.amazonaws.com:8883

Subscribing...

ERROR: runAWSClient L#126

Error subscribing (-13)

ERROR: runAWSClient L#178

An error occurred in the loop. Error code = -13

i got the Error (-31) for 2-3 times and after that i'm getting Error(-7).

Hi jtronix,

Glad you're making progress. Let's see - before the function aws_iot_mqtt_internal_wait_for_read returns, could you examine the value of read_packet_type? This function is located inside the file aws_iot_mqtt_client_common_internal.c. I'd check the value of it after the call to aws_iot_mqtt_internal_cycle_read returns, so near the bottom of the function, just before the last FUNC_EXIT_RC(rc) statement.

Best,

- Brandon

Hi Brandon,

What i observed that, 

1) If I run code normally then it always returns (NETWORK_SSL_WRITE_ERROR) from iot_tls_write function.

See below Debug Log -

startSNTP: Current time: Tue Sep 11 04:49:55 2018

CC32XX has connected to AP and acquired an IP address.

IP Address: 192.168.225.114

AWS IoT SDK Version 3.0.1-

Connecting...

ERROR: runAWSClient L#110
Error(-7) connecting to abcdefgh.iot.ap-xxxx-1.amazonaws.com:8883

Subscribing...

ERROR: runAWSClient L#128
Error subscribing (-13)

ERROR: runAWSClient L#187
An error occurred in the loop. Error code = -13

2) If I put breakpoint at bytes = send(pNetwork->tlsDataParams.skt, pMsg, len, 0); in iot_tls_write function then it writes successfully and jumps to aws_iot_mqtt_internal_wait_for_read function and it returns

read_packet_type = 1 and  rc = 0xE1

See below debug log -

startSNTP: Current time: Tue Sep 11 04:52:30 2018

CC32XX has connected to AP and acquired an IP address.

IP Address: 192.168.225.114

AWS IoT SDK Version 3.0.1-

Connecting...

ERROR: runAWSClient L#110
Error(-31) connecting to abcdefgh.iot.ap-xxxx-1.amazonaws.com:8883

Subscribing...

ERROR: runAWSClient L#128
Error subscribing (-13)

ERROR: runAWSClient L#187
An error occurred in the loop. Error code = -13

Hi,

Alright, we're getting somewhere. More debugging output would be helpful, so let's add this line to the makefile for the subscribe_publish_sample 

DEFS = -DENABLE_IOT_INFO \
       -DENABLE_IOT_ERROR \
       -DENABLE_IOT_WARN \
       -DENABLE_IOT_DEBUG \
       -DENABLE_IOT_TRACE \
#      -DOVERWRITE_CERTS
# Uncomment this ^ to force the cert file to be flashed
# This macro is disabled by default in order to prevent the cert files from
# being flashed on each run.

Also, update network_sl.c to print out errno, like so

IoT_Error_t iot_tls_write(Network *pNetwork, unsigned char *pMsg, size_t len,
            Timer *timer, size_t *numbytes)
{
    int bytes = 0;

    if (pNetwork == NULL || pMsg == NULL ||
            pNetwork->tlsDataParams.skt == -1 || numbytes == NULL) {
        return (NULL_VALUE_ERROR);
    }

    bytes = send(pNetwork->tlsDataParams.skt, pMsg, len, 0);
    if (bytes > 0) {
        *numbytes = (size_t)bytes;
        return (SUCCESS);
    }
    IOT_INFO("iot_tls_write: send failed, errno = %d\n", errno);
    return (NETWORK_SSL_WRITE_ERROR);
}

Regards,

- Brandon

Hi,

I thing error is related to AWS region or may be certification issue.

I observed that if i create things in us-east-1 region then it connection and works OK and If thing is create in ap-east-1 region then it gives error described in my last post.

Interesting. What is the trace output when you use ap-east-1?

Regards,

- Brandon

Please see the error log for ap-east-1 region.

startSNTP: Current time: Fri Sep 14 04:23:41 2018

CC32XX has connected to AP and acquired an IP address.

IP Address: 192.168.225.114

Flashing certificate file ...
Successfully wrote file /cert/ca.pem to flash

Flashing certificate file ...
Successfully wrote file /cert/cert.pem to flash

Flashing certificate file ...
Successfully wrote file /cert/key.pem to flash


AWS IoT SDK Version 3.0.1-


FUNC_ENTRY:   aws_iot_mqtt_init L#210

FUNC_ENTRY:   aws_iot_mqtt_set_connect_params L#139

FUNC_EXIT:   aws_iot_mqtt_set_connect_params L#169 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_init L#281 Return Code : 0

Connecting...


FUNC_ENTRY:   aws_iot_mqtt_connect L#461

FUNC_ENTRY:   aws_iot_mqtt_get_client_state L#63

FUNC_EXIT:   aws_iot_mqtt_get_client_state L#68 Return Code : 1

FUNC_ENTRY:   aws_iot_mqtt_set_client_state L#110

FUNC_ENTRY:   aws_iot_mqtt_get_client_state L#63

FUNC_EXIT:   aws_iot_mqtt_get_client_state L#68 Return Code : 1

FUNC_EXIT:   aws_iot_mqtt_set_client_state L#135 Return Code : 0

FUNC_ENTRY:   _aws_iot_mqtt_internal_connect L#391

FUNC_ENTRY:   aws_iot_mqtt_set_connect_params L#139

FUNC_EXIT:   aws_iot_mqtt_set_connect_params L#169 Return Code : 0

FUNC_ENTRY:   _aws_iot_mqtt_serialize_connect L#161

FUNC_ENTRY:   _aws_iot_get_connect_packet_length L#124

FUNC_EXIT:   _aws_iot_get_connect_packet_length L#141 Return Code : 53

FUNC_ENTRY:   aws_iot_mqtt_internal_init_header L#188

FUNC_EXIT:   aws_iot_mqtt_internal_init_header L#264 Return Code : 0

FUNC_ENTRY:   aws_iot_mqtt_internal_write_len_to_buffer L#59

FUNC_EXIT:   aws_iot_mqtt_internal_write_len_to_buffer L#70 Return Code : 1

FUNC_EXIT:   _aws_iot_mqtt_serialize_connect L#245 Return Code : 0

FUNC_ENTRY:   aws_iot_mqtt_internal_send_packet L#272

FUNC_EXIT:   aws_iot_mqtt_internal_send_packet L#315 Return Code : 0

FUNC_ENTRY:   aws_iot_mqtt_internal_wait_for_read L#657

FUNC_ENTRY:   _aws_iot_mqtt_internal_decode_packet_remaining_len L#357

FUNC_EXIT:   _aws_iot_mqtt_internal_decode_packet_remaining_len L#378 Return Code : 0

FUNC_EXIT:   _aws_iot_mqtt_internal_read_packet L#450 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_internal_wait_for_read L#674 Return Code : -31

FUNC_EXIT:   _aws_iot_mqtt_internal_connect L#426 Return Code : -31

FUNC_ENTRY:   aws_iot_mqtt_set_client_state L#110

FUNC_ENTRY:   aws_iot_mqtt_get_client_state L#63

FUNC_EXIT:   aws_iot_mqtt_get_client_state L#68 Return Code : 2

FUNC_EXIT:   aws_iot_mqtt_set_client_state L#135 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_connect L#490 Return Code : -31

ERROR: runAWSClient L#210
Error(-31) connecting to abcdefgh.iot.ap-south-1.amazonaws.com:8883


FUNC_ENTRY:   aws_iot_mqtt_autoreconnect_set_status L#337

FUNC_EXIT:   aws_iot_mqtt_autoreconnect_set_status L#342 Return Code : 0

FUNC_ENTRY:   aws_iot_mqtt_get_client_state L#63

FUNC_EXIT:   aws_iot_mqtt_get_client_state L#68 Return Code : 11

FUNC_ENTRY:   aws_iot_mqtt_is_client_connected L#292

FUNC_EXIT:   aws_iot_mqtt_is_client_connected L#323 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_yield L#280 Return Code : -13

FUNC_ENTRY:   aws_iot_mqtt_publish L#267

FUNC_ENTRY:   aws_iot_mqtt_is_client_connected L#292

FUNC_EXIT:   aws_iot_mqtt_is_client_connected L#323 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_publish L#274 Return Code : -13

FUNC_ENTRY:   aws_iot_mqtt_publish L#267

FUNC_ENTRY:   aws_iot_mqtt_is_client_connected L#292

FUNC_EXIT:   aws_iot_mqtt_is_client_connected L#323 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_publish L#274 Return Code : -13

FUNC_ENTRY:   aws_iot_mqtt_publish L#267

FUNC_ENTRY:   aws_iot_mqtt_is_client_connected L#292

FUNC_EXIT:   aws_iot_mqtt_is_client_connected L#323 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_publish L#274 Return Code : -13

Subscribing...


FUNC_ENTRY:   aws_iot_mqtt_subscribe L#301

FUNC_ENTRY:   aws_iot_mqtt_is_client_connected L#292

FUNC_EXIT:   aws_iot_mqtt_is_client_connected L#323 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_subscribe L#308 Return Code : -13

ERROR: runAWSClient L#272
Error subscribing led1(-13)


FUNC_ENTRY:   aws_iot_mqtt_subscribe L#301

FUNC_ENTRY:   aws_iot_mqtt_is_client_connected L#292

FUNC_EXIT:   aws_iot_mqtt_is_client_connected L#323 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_subscribe L#308 Return Code : -13

ERROR: runAWSClient L#277
Error subscribing led2 (-13)

FUNC_ENTRY:   aws_iot_mqtt_subscribe L#301

FUNC_ENTRY:   aws_iot_mqtt_is_client_connected L#292

FUNC_EXIT:   aws_iot_mqtt_is_client_connected L#323 Return Code : 0

FUNC_EXIT:   aws_iot_mqtt_subscribe L#308 Return Code : -13

ERROR: runAWSClient L#282
Error subscribing led3(-13)

Any suggestion to get this work.

jtronix,

jtronix said:

If thing is create in ap-east-1 region then it gives error described in my last post.

I noticed that you are connecting to a different server than ap-east-1 in your program run. It shows that you're on ap-south-1:

jtronix said:

Error(-31) connecting to abcdefgh.iot.ap-south-1.amazonaws.com:8883

Could this be related to the issue you're hitting?

Also, can you double check your certificates? I was just helping another customer who was facing similar problems and it turned out to be due to an incorrect cert. Please see the thread for details that may help you.

Steve

Hi,

Sorry it was my typing mistake it is not ap-east-1 region it is ap-south-1(Mumbai) region. Even ap-east-1 region does not exist in AWS regions.

I would suggest you if you can check and share the result at your end for ap-south-1 region.

I have check certificate twice and even create new things and certificate to re-check it but problem remain the same.

No, This problem is related to AWS endpoint. Amazon is working on that

Hello,

Even we are facing the same issue

Our sever is Mumbai south...

return value of the below function as (-456 )

/* Start the TLS handshake */

status = SlNetSock_startSec(clientSd, NULL,SLNETSOCK_SEC_START_SECURITY_SESSION_ONLY);

What is the solution for this?

we have double checked with certificates as we have tested on desktop java script SDK.its working there

but using CC3220SF launchpad this issue remains.

Hi Todd,

I have created a new thread can you please refer the issue there .I have explained the issue there.

Below is my thread

e2e.ti.com/.../2734070