LAUNCHXL-CC3235SF: MQTT TLS connect failed

Uru41

Part Number: LAUNCHXL-CC3235SF
Other Parts Discussed in Thread: CC3235SF, SYSCONFIG

Hi,

I'm trying to connect to MQTT broker with over TLS using "mqtt_client_over_tls_1_3_CC3235SF_LAUNCHXL_tirtos7_gcc" on "simplelink_cc32xx_sdk_7_10_00_13".

But I'm getting a "connect failed: -3001".

I refer to print log, mbedtls_xxx_parse returned error.

- mbedtls_x509_crt_parse (Remote Root CA Certificate):: xxxxx returned -8576

- mbedtls_x509_crt_parse (Local PEM Certificate):: xxxxx returned -8576

- mbedtls_pk_parse_key (Private Key):: xxxxx returned -15616

When I use PC+Python, I confirmed to access MQTT broker with these certificate files.

I set,

- SysConfig: 1.16.1

- mqtt_client_app.h

char *MQTTClient_secureFiles[4] = {"private_key.pem", "certificate.pem", "root_ca.pem", NULL};

MQTTClient_ConnParams mqttConnParams =
{
    MQTT_CONNECTION_FLAGS,                  // connection flags
    MQTT_CONNECTION_ADDRESS,                // server address
    MQTT_CONNECTION_PORT_NUMBER,            // port number of MQTT server
    SLNETSOCK_SEC_METHOD_SSLv3_TLSV1_2,     // method for secure socket
    SLNETSOCK_SEC_CIPHER_FULL_LIST,         // cipher for secure socket
    4,                                      // number of files for secure connection
    MQTTClient_secureFiles                  // secure files
};

In addition, This error is returned using base "RootCACerts.pem" too.

- mqtt_client_app.h

char *MQTTClient_secureFiles[1] = {"RootCACerts.pem"};

Is there a way to avoid this error?

I would greatly appreciate any feedback, guidance, or suggestions.

Lastly, I insert print log (with masked private information).

- Print Log

        ============================================
           MQTT client Example Ver: 2.0.3
        ============================================

         CHIP: 0x31100019
         MAC:  3.7.0.1
         PHY:  3.1.0.26
         NWP:  4.13.0.2
         ROM:  8738
         HOST: 3.0.1.71
         MAC address: XXXXXXXXXXXXXXXXXX

        ============================================
[WIFI::INFO]  [SlWifiConnEventHandler] POWERED_UP
[WIFI::INFO]    MAC address: XXXXXXXXXXXXXXXXXX
[WIFI::INFO]   [Event] STA connected to AP - BSSID:XXXXXXXXXXXXXXXXXX, SSID:XXXXXXXXXXXXXXXXXX
[WIFI::INFO]  [NETAPP EVENT] IP Acquired: IP=XXXXXXXXXXXXXXXXXX , Gateway=XXXXXXXXXXXXXXXXXX
[SlNetConnEventHandler] I/F 1 - CONNECTED (IP LEVEL)!
[SlNetConnEventHandler] I/F 1 - CONNECTED (INTERNET LEVEL)!
startSNTP: Current time: Wed May 17 00:56:41 2023

[MQTT_APP::INFO]  Subscribed to all topics successfully

[MQTT_APP::INFO]  Wi-Fi connection is UP
[SL-MBEDTLS::INFO]  InitTlsSocket:: sd=1, pTlsSock=2000c1d8 slSock=1

[SL-MBEDTLS::ERROR]  failed
  !  mbedtls_x509_crt_parse (Remote Root CA Certificate):: root_ca.pem returned -8576

[SL-MBEDTLS::ERROR]  failed
  !  mbedtls_x509_crt_parse (Local PEM Certificate):: certificate.pem returned -8576

[SL-MBEDTLS::ERROR]  failed
  !  mbedtls_pk_parse_key (Private Key):: private_key.pem returned -15616

[SL-MBEDTLS::INFO]    . Connect on tcp/*/4433 ...

[SL-MBEDTLS::INFO]   ConfigClientSocket: . Setting up the TLS data...

[SL-MBEDTLS::INFO]  Performing the mbedTLS SSL/TLS handshake...
[SL-MBEDTLS::ERROR]    Failed ! mbedtls_ssl_handshake returned -0x7880
[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Connection Socket 1 was removed

[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Listener Socket 1 was removed

[MQTT_IF::ERROR] connect failed: -3001

[MQTT_APP::INFO]  MQTT_EVENT_SERVER_DISCONNECT

[MQTT_APP::INFO]  MQTT_EVENT_DESTROY

- Print Log (Use base "RootCACerts.pem")

        ============================================
           MQTT client Example Ver: 2.0.3
        ============================================

         CHIP: 0x31100019
         MAC:  3.7.0.1
         PHY:  3.1.0.26
         NWP:  4.13.0.2
         ROM:  8738
         HOST: 3.0.1.71
         MAC address: XXXXXXXXXXXXXXXXXX

        ============================================
[WIFI::INFO]  [SlWifiConnEventHandler] POWERED_UP
[WIFI::INFO]    MAC address: XXXXXXXXXXXXXXXXXX
[WIFI::INFO]   [Event] STA connected to AP - BSSID:XXXXXXXXXXXXXXXXXX, SSID:XXXXXXXXXXXXXXXXXX
[WIFI::INFO]  [NETAPP EVENT] IP Acquired: IP=XXXXXXXXXXXXXXXXXX , Gateway=XXXXXXXXXXXXXXXXXX
[SlNetConnEventHandler] I/F 1 - CONNECTED (IP LEVEL)!
[SlNetConnEventHandler] I/F 1 - CONNECTED (INTERNET LEVEL)!
startSNTP: Current time: Wed May 17 01:09:48 2023

[MQTT_APP::INFO]  Subscribed to all topics successfully

[MQTT_APP::INFO]  Wi-Fi connection is UP
[SL-MBEDTLS::INFO]  InitTlsSocket:: sd=1, pTlsSock=2000c1a8 slSock=1

[SL-MBEDTLS::ERROR]  failed
  !  mbedtls_x509_crt_parse (Remote Root CA Certificate):: RootCACerts.pem returned -8576

[SL-MBEDTLS::INFO]    . Connect on tcp/*/4433 ...

[SL-MBEDTLS::INFO]   ConfigClientSocket: . Setting up the TLS data...

[SL-MBEDTLS::INFO]  Performing the mbedTLS SSL/TLS handshake...
[SL-MBEDTLS::ERROR]    Failed ! mbedtls_ssl_handshake returned -0x2700
[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Connection Socket 1 was removed

[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Listener Socket 1 was removed

[MQTT_IF::ERROR] connect failed: -3001

[MQTT_APP::INFO]  MQTT_EVENT_SERVER_DISCONNECT

[MQTT_APP::INFO]  MQTT_EVENT_DESTROY

Best regarts.

over 2 years ago

0 Kobi Leibovitch over 2 years ago

TI__Guru 63006 points

-8576 (0x2180) is MBEDTLS_ERR_X509_INVALID_FORMAT.

Something is wrong with your PEM formatted certificates, you can check in the mbedtls forums (as the stack doesn't respect the format)..

you can also debug the mbedtks_x509_crt_parse (in x509_crt.c (to find the source of the issue).

0 Uru41 over 2 years ago in reply to Kobi Leibovitch

Prodigy 10 points

Hi Kobi.

Thanks for your support.

Seeing "pk.h: mbedtls_pk_parse_key", I found below comment.

* \param key Input buffer to parse.
* The buffer must contain the input exactly, with no
* extra trailing material. For PEM, the buffer must
* contain a null-terminated string.
* \param keylen Size of \b key in bytes.
* For PEM data, this includes the terminating null byte,
* so \p keylen must be equal to `strlen(key) + 1`.

I changed pBuf (within slnetifwifi.c LoadCertificateFile.) length to +1 and add null-terminated, then mbedtls_xxx_parse error is gone.

so, It seems that mbedtls_xxx_parse needs null-terminated when PEM is selected.

..... but after this,

mbedtls_ssl_handshake returned MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY.

[SL-MBEDTLS::ERROR]    Failed ! mbedtls_ssl_handshake returned -0x7880

Is there a way to avoid this error?

I would greatly appreciate any feedback, guidance, or suggestions.

Best regarts.

0 Avi Epstein over 2 years ago in reply to Uru41

TI__Prodigy 540 points

Hi Uru,

can you supply the log you are currently getting after changing LoadCertificateFile(), and adjust the DEBUG_LEVEL to 3 in slnetifwifi.c.?

in general mbedtls had an easier interface using .der instead of .pem so id try to convert your certificate and see if that helps.

best regards,

Avi Epstein.

0 Uru41 over 2 years ago in reply to Avi Epstein

Prodigy 10 points

Hi, Avi.

Thanks for your support.

> can you supply the log..

I insert log. (I masked private information with "XXXXXXXXXXXXXX")

Fullscreen print_log.txt Download

	============================================
	   MQTT client Example Ver: 2.0.3
	============================================

	 CHIP: 0x31100019
	 MAC:  3.7.0.1
	 PHY:  3.1.0.26
	 NWP:  4.13.0.2
	 ROM:  8738
	 HOST: 3.0.1.71
	 MAC address: XXXXXXXXXXXXXX

	============================================
[WIFI::INFO]  [SlWifiConnEventHandler] POWERED_UP 
[WIFI::INFO]    MAC address: XXXXXXXXXXXXXX
[WIFI::INFO]   [Event] STA connected to AP - BSSID:XXXXXXXXXXXXXX, SSID:XXXXXXXXXXXXXX
[WIFI::INFO]  [NETAPP EVENT] IP Acquired: IP=XXXXXXXXXXXXXX , Gateway=XXXXXXXXXXXXXX
[SlNetConnEventHandler] I/F 1 - CONNECTED (IP LEVEL)!
[SlNetConnEventHandler] I/F 1 - CONNECTED (INTERNET LEVEL)!
[SL-MBEDTLS::INFO]    . Connect on tcp/*/4433 ...

startSNTP: Current time: Fri May 19 00:56:13 2023

[MQTT_APP::INFO]  Subscribed to all topics successfully

[MQTT_APP::INFO]  Wi-Fi connection is UP
[SL-MBEDTLS::INFO]  InitTlsSocket:: sd=1, pTlsSock=2000c1c8 slSock=1

[SL-MBEDTLS::INFO]    . Connect on tcp/*/4433 ...

[SL-MBEDTLS::INFO]   ConfigClientSocket: . Setting up the TLS data...

[SL-MBEDTLS::INFO]  Performing the mbedTLS SSL/TLS handshake...
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3790: 0x2000c1c8: => handshake


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c1c8: => flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 0x2000c1c8: <= flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3709: 0x2000c1c8: client state: MBEDTLS_SSL_HELLO_REQUEST


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c1c8: => flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 0x2000c1c8: <= flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3709: 0x2000c1c8: client state: MBEDTLS_SSL_CLIENT_HELLO


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0927: 0x2000c1c8: => write client hello


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0485: 0x2000c1c8: dumping 'client hello, random bytes' (32 bytes)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0485: 0x2000c1c8: 0000:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0485: 0x2000c1c8: 0010:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0510: 0x2000c1c8: dumping 'session id' (32 bytes)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0510: 0x2000c1c8: 0000:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0510: 0x2000c1c8: 0010:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0367: 0x2000c1c8: client hello, add ciphersuite: 1301, TLS1-3-AES-128-GCM-SHA256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0367: 0x2000c1c8: client hello, add ciphersuite: 1302, TLS1-3-AES-256-GCM-SHA384


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0367: 0x2000c1c8: client hello, add ciphersuite: 1303, TLS1-3-CHACHA20-POLY1305-SHA256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0367: 0x2000c1c8: client hello, add ciphersuite: 1304, TLS1-3-AES-128-CCM-SHA256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0367: 0x2000c1c8: client hello, add ciphersuite: 1305, TLS1-3-AES-128-CCM-8-SHA256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0386: 0x2000c1c8: adding EMPTY_RENEGOTIATION_INFO_SCSV


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0395: 0x2000c1c8: client hello, got 6 cipher suites


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0057: 0x2000c1c8: client hello, adding server name extension: XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0058: 0x2000c1c8: client hello, adding supported versions extension


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0081: 0x2000c1c8: supported version: [3:4]


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0584: 0x2000c1c8: no cookie to send; skip extension


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0290: 0x2000c1c8: client hello: adding key share extension


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:1523: 0x2000c1c8: Perform PSA-based ECDH computation.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0364: 0x2000c1c8: dumping 'client hello, key_share extension' (42 bytes)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0364: 0x2000c1c8: 0000:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0364: 0x2000c1c8: 0010:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0364: 0x2000c1c8: 0020:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0646: 0x2000c1c8: client hello, adding psk_key_exchange_modes extension


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0244: 0x2000c1c8: client hello, adding supported_groups extension


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 0x2000c1c8: got supported group(001d)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0276: 0x2000c1c8: NamedGroup: x25519 ( 1d )


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 0x2000c1c8: got supported group(0017)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0276: 0x2000c1c8: NamedGroup: secp256r1 ( 17 )


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 0x2000c1c8: got supported group(0018)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0276: 0x2000c1c8: NamedGroup: secp384r1 ( 18 )


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 0x2000c1c8: got supported group(001e)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0276: 0x2000c1c8: NamedGroup: x448 ( 1e )


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 0x2000c1c8: got supported group(0019)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0276: 0x2000c1c8: NamedGroup: secp521r1 ( 19 )


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 0x2000c1c8: got supported group(001a)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 0x2000c1c8: got supported group(001b)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0261: 0x2000c1c8: got supported group(001c)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0299: 0x2000c1c8: dumping 'Supported groups extension' (12 bytes)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0299: 0x2000c1c8: 0000:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9187: 0x2000c1c8: adding signature_algorithms extension


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [403] ecdsa_secp256r1_sha256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [403] ecdsa_secp256r1_sha256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [503] ecdsa_secp384r1_sha384


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [503] ecdsa_secp384r1_sha384


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [603] ecdsa_secp521r1_sha512


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [603] ecdsa_secp521r1_sha512


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [806] rsa_pss_rsae_sha512


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [806] rsa_pss_rsae_sha512


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [805] rsa_pss_rsae_sha384


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [805] rsa_pss_rsae_sha384


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [804] rsa_pss_rsae_sha256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [804] rsa_pss_rsae_sha256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [601] rsa_pkcs1_sha512


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [601] rsa_pkcs1_sha512


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [501] rsa_pkcs1_sha384


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [501] rsa_pkcs1_sha384


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9207: 0x2000c1c8: got signature scheme [401] rsa_pkcs1_sha256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:9215: 0x2000c1c8: sent signature scheme [401] rsa_pkcs1_sha256


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:0925: 0x2000c1c8: skip pre_shared_key extensions


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0671: 0x2000c1c8: client hello, total extension length: 156


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: dumping 'client hello extensions' (156 bytes)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0000:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0010:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0020:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0030:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0040:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0050:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0060:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0070:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0080:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0673: 0x2000c1c8: 0090:  XXXXXXXXXXXXXX


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: unrecognized(255) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: server_name(0) extension exists.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: max_fragment_length(1) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: status_request(5) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: supported_groups(10) extension exists.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: signature_algorithms(13) extension exists.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: use_srtp(14) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: heartbeat(15) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: application_layer_protocol_negotiation(16) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: signed_certificate_timestamp(18) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: client_certificate_type(19) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: server_certificate_type(20) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: padding(21) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: pre_shared_key(41) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: early_data(42) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: supported_versions(43) extension exists.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: cookie(44) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: psk_key_exchange_modes(45) extension exists.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: certificate_authorities(47) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: oid_filters(48) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: post_handshake_auth(49) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: signature_algorithms_cert(50) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: key_share(51) extension exists.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: truncated_hmac(4) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: supported_point_formats(11) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: encrypt_then_mac(22) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: extended_master_secret(23) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0678: 0x2000c1c8: ClientHello: session_ticket(35) extension does not exist.


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2626: 0x2000c1c8: => write handshake message


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 0x2000c1c8: => write record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2881: 0x2000c1c8: output record: msgtype = 22, version = [3:3], msglen = 245


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 0x2000c1c8: <= write record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2754: 0x2000c1c8: <= write handshake message


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_client.c:0996: 0x2000c1c8: <= write client hello


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c1c8: => flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2194: 0x2000c1c8: message length: 250, out_left: 250


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 0x2000c1c8: ssl->f_send() returned 250 (-0xffffff06)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 0x2000c1c8: <= flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3709: 0x2000c1c8: client state: MBEDTLS_SSL_SERVER_HELLO


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1938: 0x2000c1c8: => ssl_tls13_process_server_hello


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 0x2000c1c8: => read record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c1c8: => fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c1c8: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 0x2000c1c8: <= fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3733: 0x2000c1c8: input record: msgtype = 21, version = [0x303], msglen = 2


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c1c8: => fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c1c8: in_left: 5, nb_want: 7


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c1c8: in_left: 5, nb_want: 7


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c1c8: ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 0x2000c1c8: <= fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4951: 0x2000c1c8: got an alert message, type: [1:0]


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4967: 0x2000c1c8: is a close notify message


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4060: 0x2000c1c8: mbedtls_ssl_handle_message_type() returned -30848 (-0x7880)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_generic.c:0057: 0x2000c1c8: mbedtls_ssl_read_record() returned -30848 (-0x7880)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls13_client.c:1986: 0x2000c1c8: <= ssl_tls13_process_server_hello ( ServerHello )


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3801: 0x2000c1c8: <= handshake


[SL-MBEDTLS::ERROR]    Failed ! mbedtls_ssl_handshake returned -0x7880
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5953: 0x2000c1c8: => write close notify


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5966: 0x2000c1c8: <= write close notify


[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Connection Socket 1 was removed

[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:4717: 0x2000c1c8: => free


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:4785: 0x2000c1c8: <= free


[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Listener Socket 1 was removed

[MQTT_IF::ERROR] connect failed: -3001

[MQTT_APP::INFO]  MQTT_EVENT_SERVER_DISCONNECT

[MQTT_APP::INFO]  MQTT_EVENT_DESTROY

> convert your certificate and see if that helps.

OK. I will try.

And, As additional information,

I trying to connect AWS Core IoT using "mqtt_client_over_tls_1_3_CC3235SF_LAUNCHXL_tirtos7_gcc".

I changed below MQTT setting from base project.

MQTT_WILL_QOS :MQTT_QOS_0

MQTT_CONNECTION_FLAGS :MQTTCLIENT_NETCONN_URL | MQTTCLIENT_NETCONN_SEC

MQTT_CONNECTION_ADDRESS :AWS Rest End Point

ClientId[13] :My ID

secureFiles :are supplied when registering IOT things

char *MQTTClient_secureFiles[4] =
{
"private.pem.key", \
"certificate.pem.crt", \
"AmazonRootCA1.pem", \
NULL
};

I would greatly appreciate your support.

Best regarts.

0 Uru41 over 2 years ago in reply to Uru41

Prodigy 10 points

Hi, Avi.

Thanks for your support.

There was progress little a bit, so I update.

I relaxed AWS IoT Core Policy, then "SSL/TLS handshake completed" printed !!

[SL-MBEDTLS::INFO]  Performing the mbedTLS SSL/TLS handshake...
[SL-MBEDTLS::INFO]     Success ! SSL/TLS handshake completed !
[SL-MBEDTLS::INFO]  Verifying peer X.509 certificate...
[SL-MBEDTLS::INFO]     Success !

But....after this, below error was printed (MBEDTLS_ERR_SSL_CONN_EOF???).

[SL-MBEDTLS::ERROR]  mbedtls_ssl_read returned 0

Can you think of any reasons?

I insert detail log (after "SSL/TLS handshake completed").

Fullscreen mbedtls_ssl_read.txt Download

[SL-MBEDTLS::INFO]     Success ! SSL/TLS handshake completed !
[SL-MBEDTLS::INFO]  Verifying peer X.509 certificate...
[SL-MBEDTLS::INFO]     Success !
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5914: 0x2000c1c8: => write


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 0x2000c1c8: => write record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 0x2000c1c8: => encrypt buf


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0979: 0x2000c1c8: before encrypt: msglen = 80, including 0 bytes of padding


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 0x2000c1c8: <= encrypt buf


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2881: 0x2000c1c8: output record: msgtype = 23, version = [3:3], msglen = 96


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c1c8: => flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2194: 0x2000c1c8: message length: 101, out_left: 101


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 0x2000c1c8: ssl->f_send() returned 101 (-0xffffff9b)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 0x2000c1c8: <= flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 0x2000c1c8: <= write record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5938: 0x2000c1c8: <= write


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5632: 0x2000c1c8: => read


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 0x2000c1c8: => read record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c1c8: => fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c1c8: ssl->f_recv(_timeout)() returned 0 (-0x0000)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4693: 0x2000c1c8: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4035: 0x2000c1c8: ssl_get_next_record() returned -29312 (-0x7280)


[SL-MBEDTLS::ERROR]  mbedtls_ssl_read returned 0

[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5953: 0x2000c1c8: => write close notify


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5031: 0x2000c1c8: => send alert message


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5032: 0x2000c1c8: send alert level=1 message=0


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 0x2000c1c8: => write record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 0x2000c1c8: => encrypt buf


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0979: 0x2000c1c8: before encrypt: msglen = 16, including 0 bytes of padding


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 0x2000c1c8: <= encrypt buf


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2881: 0x2000c1c8: output record: msgtype = 23, version = [3:3], msglen = 32


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c1c8: => flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2194: 0x2000c1c8: message length: 37, out_left: 37


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 0x2000c1c8: ssl->f_send() returned -78 (-0x004e)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2933: 0x2000c1c8: mbedtls_ssl_flush_output() returned -78 (-0x004e)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5041: 0x2000c1c8: mbedtls_ssl_write_record() returned -78 (-0x004e)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5961: 0x2000c1c8: mbedtls_ssl_send_alert_message() returned -78 (-0x004e)


[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Connection Socket 1 was removed

[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:4717: 0x2000c1c8: => free


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:4785: 0x2000c1c8: <= free


[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Listener Socket 1 was removed

[MQTT_APP::INFO]  MQTT_EVENT_SERVER_DISCONNECT

And I tried ,

> convert your certificate and see if that helps.

Using,

openssl x509 -inform pem -in xxxx.pem -outform der -out xxxx.der

openssl rsa -inform pem -in xxxxKey.pem -outform der -out xxxxKey.der

The result was the same (mbedtls_ssl_read returned 0).

I would greatly appreciate any feedback, guidance, or suggestions.

Best regarts.

0 Kobi Leibovitch over 2 years ago in reply to Uru41

TI__Guru 63006 points

seems like the server closed the connection (after you sent the first message). can you get a log from the server side?

0 Avi Epstein over 2 years ago in reply to Uru41

TI__Prodigy 540 points

Hey Uru,

in your log line 55:

[SL-MBEDTLS::INFO] [?] ../../../../library/ssl_msg.c:2144: 0x2000c1c8: ssl->f_recv(_timeout)() returned 0 (-0x0000)

we can see that in slnetifwifi.c function callback, SlRecvTimeout() is returning 0.

hence the ssl_msg.c mbedtls_ssl_fetch_input() triggers the end of file error (MBEDTLS_ERR_SSL_CONN_EOF -0x7280)

(depending on the servers behavior it could be a message of length 0 or nothing was sent by the server or as Kobi mentioned a connection reset by peer)

I'm setting up a AWS IoT server to reproduce this issue.

In the meantime I suggest changing the SlRecvTimeout() to set a recv value of 0 to be a timeout :

static int SlRecvTimeout( void *h, unsigned char *buf, size_t len,
                      uint32_t timeout )
{
    int ret;
    int sd = ((mbedtls_net_context *) h)->fd;
    WifiSock_t *pWifiSock = &ctx.wifiSocks[sd];
    if(pWifiSock == NULL)
        return SL_ERROR_BSD_EBADF;

    if(timeout)
    {
        SlNetSock_Timeval_t timeVal;
        // recv time out options
        //LOG_INFO("SlRecvTimeout timout length: %d ",timeout);
        timeVal.tv_sec =  timeout / 1000;// Seconds
        timeVal.tv_usec = (timeout%1000) * 1000;  // Microseconds. 10000 microseconds resolution

        // setting receive timeout option on socket
        sl_SetSockOpt(pWifiSock->slSock, SLNETSOCK_LVL_SOCKET, SLNETSOCK_OPSOCK_RCV_TIMEO, &timeVal, sizeof(timeVal));
    }

    //end of setting receive timeout option on socket
    ret = sl_Recv( pWifiSock->slSock, buf, len, 0);
    mbedtls_trace("net_recv_timeout:: fd=%d, len=%d (%d) \n\r",  pWifiSock->slSock, ret, len);
    PrintBuff(buf, ret);

    if(ret == SL_ERROR_BSD_EAGAIN || 0 == ret)
    {
        ret = MBEDTLS_ERR_SSL_TIMEOUT;
    }
    else if (ret < 0)
    {
        ret = MBEDTLS_ERR_NET_RECV_FAILED;
    }
    return (ret);
}

the expected output should be something like this:( this is with a mosquitto server connection)

[SL-MBEDTLS::INFO]     Success ! SSL/TLS handshake completed !
[SL-MBEDTLS::INFO]  Verifying peer X.509 certificate...
[SL-MBEDTLS::INFO]     Success !
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5914: 0x2000c190: => write
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 0x2000c190: => write record
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 0x2000c190: => encrypt buf
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0979: 0x2000c190: before encrypt: msglen = 64, including 0 bytes of padding
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 0x2000c190: <= encrypt buf
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2881: 0x2000c190: output record: msgtype = 23, version = [3:3], msglen = 80
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c190: => flush output
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2194: 0x2000c190: message length: 85, out_left: 85
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 0x2000c190: ssl->f_send() returned 85 (-0xffffffab)
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 0x2000c190: <= flush output
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 0x2000c190: <= write record
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5938: 0x2000c190: <= write
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5632: 0x2000c190: => read
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 0x2000c190: => read record
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c190: => fetch input
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c190: in_left: 0, nb_want: 5
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c190: in_left: 0, nb_want: 5
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c190: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 0x2000c190: <= fetch input
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3733: 0x2000c190: input record: msgtype = 23, version = [0x303], msglen = 74
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c190: => fetch input
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c190: in_left: 5, nb_want: 79
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c190: in_left: 5, nb_want: 79
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c190: ssl->f_recv(_timeout)() returned 74 (-0xffffffb6)
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2164: 0x2000c190: <= fetch input
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1306: 0x2000c190: => decrypt buf
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1928: 0x2000c190: <= decrypt buf
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:3088: 0x2000c190: handshake message: msglen = 57, type = 4, hslen = 57
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4076: 0x2000c190: <= read record
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5478: 0x2000c190: received post-handshake message
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5466: 0x2000c190: NewSessionTicket received
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5632: 0x2000c190: => read
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3790: 0x2000c190: => handshake
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c190: => flush output
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2188: 0x2000c190: <= flush output
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:3709: 0x2000c190: client state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET

let me know if this helped.

best regards,

Avi Epstein

0 Uru41 over 2 years ago in reply to Avi Epstein

Prodigy 10 points

Hi, Avi.

Thanks for your support.

I tried your suggestion (changing the SlRecvTimeout() to set a recv value of 0 to be a timeout)

Result is...

-0x6800 (may MBEDTLS_ERR_SSL_TIMEOUT) was repeated.

I insert log.

Fullscreen SlRecvTimeout.txt Download

[SL-MBEDTLS::INFO]     Success ! SSL/TLS handshake completed !
[SL-MBEDTLS::INFO]  Verifying peer X.509 certificate...
[SL-MBEDTLS::INFO]     Success !
[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5914: 0x2000c1c8: => write


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 0x2000c1c8: => write record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 0x2000c1c8: => encrypt buf


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0979: 0x2000c1c8: before encrypt: msglen = 80, including 0 bytes of padding


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 0x2000c1c8: <= encrypt buf


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2881: 0x2000c1c8: output record: msgtype = 23, version = [3:3], msglen = 96


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c1c8: => flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2194: 0x2000c1c8: message length: 101, out_left: 101


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 0x2000c1c8: ssl->f_send() returned 101 (-0xffffff9b)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2229: 0x2000c1c8: <= flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2937: 0x2000c1c8: <= write record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5938: 0x2000c1c8: <= write


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5632: 0x2000c1c8: => read


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 0x2000c1c8: => read record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c1c8: => fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c1c8: ssl->f_recv(_timeout)() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4693: 0x2000c1c8: mbedtls_ssl_fetch_input() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4035: 0x2000c1c8: ssl_get_next_record() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5697: 0x2000c1c8: mbedtls_ssl_read_record() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5632: 0x2000c1c8: => read


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 0x2000c1c8: => read record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c1c8: => fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c1c8: ssl->f_recv(_timeout)() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4693: 0x2000c1c8: mbedtls_ssl_fetch_input() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4035: 0x2000c1c8: ssl_get_next_record() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5697: 0x2000c1c8: mbedtls_ssl_read_record() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5632: 0x2000c1c8: => read


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 0x2000c1c8: => read record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c1c8: => fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c1c8: ssl->f_recv(_timeout)() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4693: 0x2000c1c8: mbedtls_ssl_fetch_input() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4035: 0x2000c1c8: ssl_get_next_record() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5697: 0x2000c1c8: mbedtls_ssl_read_record() returned -26624 (-0x6800)


......


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5632: 0x2000c1c8: => read


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4002: 0x2000c1c8: => read record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1962: 0x2000c1c8: => fetch input


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2116: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2141: 0x2000c1c8: in_left: 0, nb_want: 5


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2144: 0x2000c1c8: ssl->f_recv(_timeout)() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4693: 0x2000c1c8: mbedtls_ssl_fetch_input() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:4035: 0x2000c1c8: ssl_get_next_record() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5697: 0x2000c1c8: mbedtls_ssl_read_record() returned -26624 (-0x6800)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5953: 0x2000c1c8: => write close notify


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5031: 0x2000c1c8: => send alert message


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5032: 0x2000c1c8: send alert level=1 message=0


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2793: 0x2000c1c8: => write record


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0718: 0x2000c1c8: => encrypt buf


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:0979: 0x2000c1c8: before encrypt: msglen = 16, including 0 bytes of padding


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:1271: 0x2000c1c8: <= encrypt buf


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2881: 0x2000c1c8: output record: msgtype = 23, version = [3:3], msglen = 32


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2177: 0x2000c1c8: => flush output


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2194: 0x2000c1c8: message length: 37, out_left: 37


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2201: 0x2000c1c8: ssl->f_send() returned -78 (-0x004e)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:2933: 0x2000c1c8: mbedtls_ssl_flush_output() returned -78 (-0x004e)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5041: 0x2000c1c8: mbedtls_ssl_write_record() returned -78 (-0x004e)


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_msg.c:5961: 0x2000c1c8: mbedtls_ssl_send_alert_message() returned -78 (-0x004e)


[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Connection Socket 1 was removed

[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:4717: 0x2000c1c8: => free


[SL-MBEDTLS::INFO]  [?] ../../../../library/ssl_tls.c:4785: 0x2000c1c8: <= free


[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Listener Socket 1 was removed

[MQTT_APP::INFO]  MQTT_EVENT_SERVER_DISCONNECT

I hope that your AWS IoT server reproduce this issue....

Best regarts.

0 Avi Epstein over 2 years ago in reply to Uru41

TI__Prodigy 540 points

Hi Uru,

I am checking on this internally and will get back to as soon as possible.

Best regards,

Avi Epstein.

0 Uru41 over 2 years ago in reply to Avi Epstein

Prodigy 10 points

Hi, Avi.

Thanks for your support.

I'm looking wait for your feedback.

By the way,

Can I connect to AWS IoT using "mqtt_client_CC3235SF_LAUNCHXL_tirtos7_gcc" ?

I will try to connect while waiting for this ticket feedback.

0 Kobi Leibovitch over 2 years ago in reply to Uru41

TI__Guru 63006 points

yes, AWS doesn't require TLS1.3 so you can use the standard MqttClient that use the TLS stack inside the Network Processor.

You can also refer to the CC32XX-AWS Plugin (https://www.ti.com/tool/download/SIMPLELINK-CC32XX-PLUGIN-FOR-AWSIOT/4.30.00.02) which uses the Amazon C-SDK libraries and examples integrated with the CC32xx SDK. The last version of the plugin was 4.30 so there will be some adjustments to make it work with SDK 7.10 (mostly related to the syscfg).

Wi-Fi

Wi-Fi forum

LAUNCHXL-CC3235SF: MQTT TLS connect failed