LAUNCHXL-CC3235SF: iothub client sample mqtt - no response from server

Hi,
you mentioned that you could see that connection is getting established with IotHub server. Do you see it on the server side or on the DUT side?
I am asking since you also mentioned that you are using the playground certificate catalog which is a fake catalog and I believe the catalog is required since you are connecting to a secured MQTT server, right? In this case, the connection would not be established since the TLS connection would fail on bad certificates.
Regards,
Shlomi

Hi,

I am seeing connection established on DUT side. 

If TLS connection fails then will it not give any error? 

Thanks,

Pradeep

Hi,

Thanks for pointing me to that thread. It is exact problem which I am facing. I noticed that solution is given as below:

 I have ignored SL_ERROR_BSD_ESECUNKNOWNROOTCA error to start a secure tls session to establish MQTT connection using playground certificate catalog and dummy root CA.

Can you please guide me where exactly I have to do modifications to ignore this error? Do I have to update azure related code and rebuild the same?

Thanks,

Pradeep

Hi,

Disabling the root CA catalog is mainly done during development when you do not have real certificates yet (e.g. using the playground).

On a final product that needs to get deployed somewhere, you need real certificates burned on the SFLASH.

So you do not need to update Azure and can bypass the catalog just for development. Of course you can even bypass the catalog on real deployed products but this is highly not recommended as you explicitly create a security breach.

You can see some more information on it or on how to bypass it on our network processor guide https://www.ti.com/lit/ug/swru455m/swru455m.pdf?ts=1668687781178&ref_url=https%253A%252F%252Fwww.google.com%252F

Specifically, to bypass the catalog you can look at chapter 7.5.4 Disable the Use of the Trusted Root-Certificate Catalog, which describes:

_u32 dummyVal;
_i16 status;
status = sl_SetSockOpt(SockID,SL_SOL_SOCKET, SL_SO_SECURE_DISABLE_CERTIFICATE_STORE,
&dummyVal,sizeof(dummyVal));

Regards,

Shlomi

Hi,

For using below function, I need socket id. I do not have the same.

status = sl_SetSockOpt(SockID,SL_SOL_SOCKET, SL_SO_SECURE_DISABLE_CERTIFICATE_STORE,
&dummyVal,sizeof(dummyVal));

I am using "iohub_client_sample_mqtt_cc3235sf_launchxl_freertos_ccs" project from the example projects given in SimpleLink SDK.

In main function, it starts thread function - "azureThreadFxn". In this function if calls another function "Network_startup()". Below is the code for same.

It uses library function "ti_net_SlNet_initConfig()". This does all socket related activities as i understand. I do not know where exactly it is implemented in library. In such a situation how should i set socket options to disable the certificate check?

void Network_startup()
{
int32_t status;
_u32 dummyVal;
//_i16 status;

/* Connect to the Access Point */
initWiFi();

/* Wait for the network stack to initialize and acquire an IP address */
sem_wait(&sem);

/* initialize SlNet interface(s) */
status = ti_net_SlNet_initConfig();
if (status < 0) {
/* ti_net_SlNet_initConfig failed */
while (1);
}

/* Turn LED OFF. It will be used as a connection indicator */
GPIO_write(CONFIG_GPIO_LED_0, CONFIG_GPIO_LED_OFF);

/* Use SNTP to get the current time, as needed for SSL authentication */
startSNTP();

GPIO_write(CONFIG_GPIO_LED_0, CONFIG_GPIO_LED_ON);
}

Thanks,

Pradeep

Hi,

I have a question:

In the example code MQTT protocol is used. Where exactly is MQTT protocol layer source code? or Is MQTT protocol layer is part of SimpleLink drivers?

I am of the opinion that we can connect to Iot Hub without using certificates by using authentication method as SAS token instead of certificates. Hence I started looking at azure plug-in code and I could not find MQTT layer source code. Hence above question.

Thanks,

Pradeep

Hi,

We have the MQTT as a library but Azure plugin does not use it. They have their own implementation. See part of the linker file for the MQTT location:

linkerBuildOptions="
-l${COM_TI_AZURE_CC32XX_INSTALL_DIR}/source/third_party/azure-iot-pal-simplelink/build_all/sdk/lib/ccs/m4/iotclient_sl_release.a
-l${COM_TI_AZURE_CC32XX_INSTALL_DIR}/source/third_party/azure-iot-pal-simplelink/build_all/sdk/lib/ccs/m4/common_sl_release.a
-l${COM_TI_AZURE_CC32XX_INSTALL_DIR}/source/third_party/azure-iot-pal-simplelink/build_all/pal/lib/ccs/m4/pal_sl_release.a
-l${COM_TI_SIMPLELINK_CC32XX_SDK_INSTALL_DIR}/source/ti/net/sntp/lib/ccs/m4/sntp_release.a
-l${COM_TI_SIMPLELINK_CC32XX_SDK_INSTALL_DIR}/source/ti/net/http/lib/ccs/m4/httpclient_release.a
-l${COM_TI_SIMPLELINK_CC32XX_SDK_INSTALL_DIR}/source/ti/net/lib/ccs/m4/slnetsock_release.a
-l${COM_TI_SIMPLELINK_CC32XX_SDK_INSTALL_DIR}/source/ti/drivers/net/wifi/slnetif/ccs/Release/slnetifwifi.a
-l${COM_TI_SIMPLELINK_CC32XX_SDK_INSTALL_DIR}/source/ti/drivers/net/wifi/ccs/rtos/simplelink.a
-l${COM_TI_AZURE_CC32XX_INSTALL_DIR}/source/third_party/azure-iot-pal-simplelink/build_all/sdk/lib/ccs/m4/umqtt_sl_release.a

Shlomi

Hi,

Thanks...I could see mqtt library is linked.

I enabled logging in file iothub_client_sample_mqtt.c by referring below comments present in this file:

-------------------

/*
* To enable logging in the Azure library the following steps must be done:
* 1. Link against the debug version of the Azure libraries, e.g.
* pal_sl_debug.a, common_sl_debug.a, ...
* 2. Uncomment the following #define ENABLE_LOGGING
*/
#define ENABLE_LOGGING

-----------------------

I linked all debug version of libraries and uncommented 'ENABLE_LOGGING' definition as above. But I don't see any log messages coming on Tera term window. I also see below API setting option for logging in the code.

IoTHubClient_LL_SetOption(iotHubClientHandle, OPTION_LOG_TRACE, &traceOn);

Where exactly these logs are created? I even don't see any log file getting created in project folder.

Thanks,

Pradeep

Hi,

I haven't tried the Azure plugin yet but I assume it should go out on the terminal.

There is an older link before logging was officially supported and the instructions are the same.

You need to enable this #define, use the debug flavors of the libraries instead of the release version and link all together.

The post is https://e2e.ti.com/support/wireless-connectivity/wi-fi-group/wifi/f/wi-fi-forum/722139/cc3220sf-launchxl-azure-iot-hub-function-logging/2665975#2665975

Regards,

Shlomi

Hi,

I got the logs on screen. Actually, log messages are only if there are any failures. There are no log messages if all API's function as expected and hence I was not able to see any logs on screen. I purposely introduced some incorrect data and verified that log messages are displayed on screen.

For my original issue of not receiving messages on server side, I tried with independent software tool MQTT.Fx from windows machine to Iot Hub server. I verified that I could establish connectivity and also publish telemetry messages from tool MQTT.Fx which are received on Iot Hub. This means that there are no issues on IoT hub side and something is wrong on device side. 

I started digging into MQTT related settings. MQTT.Fx tool uses port as 8883, TLSV1.2 and Default CA certificate. I do not see these settings in our example code. Do you have any documentation link where details of this example code is provided?

Thanks,

Pradeep

Hi,

You should have all the required information on the user guide that is part of the Azure plugin (under /doc directory).

Basically, there is the CA certificate that needs to be flashed under /cert/ms.pem as I can see in the code.

This is a relatively old plugin so I hope MS did not change the root CA.

Regards,

Shlomi

Hi,

The Azure Plugin documentation does not mention any details of MQTT settings. If MS has not changed root CA then ms.pem loaded in flash memory of my module is also correct. Digging through the Azure plugin code, I confirmed usage of port 8883 and TLSV1.2. I am doubting on message formats. Now exactly I don't know how to proceed resolving this problem unless I can debug azure plugin code. Do you have documentation on how to build .a file of this plugin?

Thanks,

Pradeep

Hi,

The CA certificate by itself is not enough. You need to have the real catalog and not the playground catalog (as you mentioned in the beginning of the thread).

Can you replace the catalog to the real one? doing it would make the mcu application to fail signature test but you can just for the test use debug mode, i.e. using the CCS to load and execute the application. This way you bypass the catalog test.

No, I do not have any instruction to build Azure library.

Regards,

Shlomi