MQTT Connection issues on WP7702 [AWS]

johannes.lehtonen · February 17, 2021, 6:41pm

I’m trying to connect a WP7702 to AWS IoT Core over MQTT. I’ve added the embedded C sdk with mbedtls on the device and made a test app. All is good until we get to the part where a connection is attempted.

sdkComponent.c (7.2 KB) My component source.

Feb 17 18:19:56 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c _sdkComponent_COMPONENT_INIT() 256 | Starting AWS SDK
Feb 17 18:19:56 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c _sdkComponent_COMPONENT_INIT() 265 | Currently: 2
Feb 17 18:19:57 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c _sdkComponent_COMPONENT_INIT() 270 | Requesting connection...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c ConnectionStateHandler() 244 | Interface rmnet_data0 connected.
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 104 |  AWS IoT SDK Version 3.0.1-
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 110 | rootCA /certs/rootCA.crt
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 111 | clientCRT /certs/certificate.pem
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 112 | clientKey /certs/private.pem
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 139 | Connecting...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 148 |    . Seeding the random number generator...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 156 |   . Loading the CA root certificate ...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 162 |  ok (0 skipped)
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 164 |   . Loading the client cert. and key...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 177 |  ok
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 179 |   . Connecting to a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com/8883...
Feb 17 18:20:06 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 182 |  failed   ! mbedtls_net_connect returned -0x52
Feb 17 18:20:06 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 143 | Error(-23) connecting to a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com:8883
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c ConnectionStateHandler() 250 | Interface  disconnected.

The error is MBEDTLS_ERR_NET_UNKNOWN_HOST which is commented with "Failed to get an IP address for the given host.

I made a test app on PC and ran the sample apps just fine so all the connection information is correct. I can also ping and telnet the endpoint on PC:

johannes@legato-dev:~$ ping a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com
PING a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com (18.195.54.196) 56(84) bytes of data.
64 bytes from ec2-18-195-54-196.eu-central-1.compute.amazonaws.com (18.195.54.196): icmp_seq=1 ttl=234 time=34.5 ms
64 bytes from ec2-18-195-54-196.eu-central-1.compute.amazonaws.com (18.195.54.196): icmp_seq=2 ttl=234 time=34.2 ms

johannes@legato-dev:~$ telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 8883
Trying 18.194.135.217...
Connected to a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com.    
johannes@legato-dev:~$ telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 443
Trying 35.157.179.254...
Connected to a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com.

But on the device it fails with telnet:

root@swi-mdm9x28-wp:~# ping a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com
PING a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com (18.192.252.248): 56 data bytes
64 bytes from 18.192.252.248: seq=0 ttl=239 time=69.754 ms
64 bytes from 18.192.252.248: seq=1 ttl=239 time=93.814 ms

root@swi-mdm9x28-wp:~# telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 8883
Connection closed by foreign host
root@swi-mdm9x28-wp:~# telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 443
Connection closed by foreign host

My device information:

root@swi-mdm9x28-wp:~# cm info
Device:                        WP7702
IMEI:                          352653090160540
IMEISV:                        5
FSN:                           VU926300110710
Firmware Version:              SWI9X06Y_02.35.02.00 5208b3 jenkins 2020/06/10 00:30:12
Bootloader Version:            SWI9X06Y_02.35.02.00 5208b3 jenkins 2020/06/10 00:30:12
MCU Version:                   002.014
PRI Part Number (PN):          9908741
PRI Revision:                  002.001 
Carrier PRI Name:              GENERIC
Carrier PRI Revision:          001.064_001
SKU:                           1104214
Last Reset Cause:              Power Down
Resets Count:                  Expected: 176	Unexpected: 0
root@swi-mdm9x28-wp:~# legato version
19.11.2_f16c0ec00a58a647d801735f92005e87

I can also fetch websites with curl without any problems. Is this a firewall thing or what’s going on?

jyijyi · February 18, 2021, 12:19am

Telnet somehow is just a TCP connection, I have tried on module that to telnet to a public TCP server, it still connects.

root@fx30:~# telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 8883
Console escape. Commands are:

 l      go to line mode
 c      go to character mode
 z      suspend telnet
 e      exit telnet

You can shut down firewall by:

iptables -I INPUT -j ACCEPT

Btw, is real IP address inside program working?
You can see below case:

johannes.lehtonen · February 18, 2021, 8:43am

Hi,

as a matter of fact the IP address did successfully connect. The ssl handshake is still failing though. I’ll confirm the root certificate I used is correct. What exactly is the reason the url didnt work but IP address did?

Feb 18 10:36:25 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcs T=main | dcsTech.c le_dcsTech_Start() 338 | Request to start channel 1 of technology cellular
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: reading /etc/resolv.conf
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: using nameserver 195.197.54.100#53
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: using nameserver 195.74.0.47#53
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: using nameserver 2001:998:20::20#53
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: using nameserver 2001:998:20::40#53
Feb 18 10:36:26 swi-mdm9x28-wp user.info Legato:  INFO | modemDaemon[6216]/swiQmi T=main | swiQmi.c swiQmi_InitQmiService() 600 | qmi_client_get_service_list num_entries 1 num_services=1
Feb 18 10:36:27 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsCellular T=main | dcsCellular.c le_dcsCellular_Start() 1079 | Succeeded starting cellular connection 1
Feb 18 10:36:27 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsCellular T=main | dcsCellular.c DcsCellularConnEventStateHandler() 254 | State of connection 1 transitioned from down to up
Feb 18 10:36:27 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsDaemon T=main | dcsServer.c ChannelEventHandler() 780 | Received for channel reference 0xfd event Up
Feb 18 10:36:27 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsDaemon T=main | dcsServer.c SetDefaultGWConfiguration() 426 | Setting default GW address on device
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsNet T=main | dcsNet.c le_net_SetDefaultGW() 827 | Succeeded to set default GW addr on interface rmnet_data0 for channel 1 of technology cellular
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsDaemon T=main | dcsServer.c SetDnsConfiguration() 584 | Setting DNS server addresses on device
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 324 | Set DNS '2001:998:20::20' '2001:998:20::40'
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 349 | DNS 1 '2001:998:20::20' found in file
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 354 | DNS 2 '2001:998:20::40' found in file
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 324 | Set DNS '195.197.54.100' '195.74.0.47'
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 349 | DNS 1 '195.197.54.100' found in file
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 354 | DNS 2 '195.74.0.47' found in file
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsNet T=main | dcsNet.c le_net_SetDNS() 1251 | DNS address(es) of channel 1 of technology cellular already set onto device
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsDaemon T=main | dcsServer.c SetDefaultRouteAndDns() 658 | Succeeded setting DNS configuration
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c ConnectionStateHandler() 244 | Interface rmnet_data0 connected.
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 104 |  AWS IoT SDK Version 3.0.1-
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 110 | rootCA /certs/rootCA.crt
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 111 | clientCRT /certs/certificate.pem
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 112 | clientKey /certs/private.pem
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 139 | Connecting...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 148 |    . Seeding the random number generator...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 156 |   . Loading the CA root certificate ...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 162 |  ok (0 skipped)
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 164 |   . Loading the client cert. and key...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 177 |  ok
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 179 |   . Connecting to 18.192.64.54/8883...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 198 |  ok
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 200 |   . Setting up the SSL/TLS structure...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 241 |   SSL state connect : 0 
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 244 |  ok
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 246 |   SSL state connect : 0 
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 247 |   . Performing the SSL/TLS handshake...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 67 |  Verify requested for (Depth 2):
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 69 | cert. version     : 3 serial number     : 06:6C:9F:CF:99:BF:8C:0A:39:E2:F0:78:8A:43:E6:96:36:5B:CA issuer name       : C=
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 72 |   This certificate has no flags
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 67 |  Verify requested for (Depth 1):
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 69 | cert. version     : 3 serial number     : 06:7F:94:57:85:87:E8:AC:77:DE:B2:53:32:5B:BC:99:8B:56:0D issuer name       : C=
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 72 |   This certificate has no flags
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 67 |  Verify requested for (Depth 0):
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 69 | cert. version     : 3 serial number     : 0B:73:13:08:68:1F:51:ED:6A:C7:A1:F1:80:CD:E1:D3 issuer name       : C=US, O=Ama
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 74 | cert. version     : 3 serial number     : 0B:73:13:08:68:1F:51:ED:6A:C7:A1:F1:80:CD:E1:D3 issuer name       : C=US, O=Ama
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 75 | cert. version     : 3 serial number     : 0B:73:13:08:68:1F:51:ED:6A:C7:A1:F1:80:CD:E1:D3 issuer name       : C=US, O=Ama
Feb 18 08:36:28 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 250 |  failed   ! mbedtls_ssl_handshake returned -0x2700
Feb 18 08:36:28 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 257 |     Unable to verify the server's certificate. Either it is invalid,     or you didn't set ca_file or ca_path to an appropria
Feb 18 08:36:28 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 143 | Error(-4) connecting to 18.192.64.54:8883
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsNet T=main | dcsNet.c le_net_RestoreDefaultGW() 658 | Default IPv4 GW address  on interface  restored
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsNet T=main | dcsNet.c le_net_RestoreDefaultGW() 674 | Default IPv6 GW address  on interface  restored
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcs T=main | dcs.c le_dcs_Stop() 538 | Stopping channel 1 of technology cellular
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcs T=main | dcs.c le_dcs_Stop() 563 | Channel 1 requested to be stopped

jyijyi · February 18, 2021, 8:56am

seems related to this one:

github.com/aws/aws-iot-device-sdk-embedded-C

Issue with "iot_tls_connect L#239 Unable to verify the server's certificate"

opened 09:03AM - 22 Jul 19 UTC

closed 05:28AM - 01 Aug 19 UTC

prashantrar

question tenet-accessibility area-mqtt

Facing issue with aws iot C SDK. Currently testing this out on Ubuntu later to b…e deployed on raspberry pi `AWS IoT SDK Version 3.0.1- DEBUG: main L#159 rootCA /home/prashantravi/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem DEBUG: main L#160 clientCRT /home/prashantravi/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/6d58c401e3-certificate.pem.crt DEBUG: main L#161 clientKey /home/prashantravi/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/6d58c401e3-private.pem.key Connecting... DEBUG: iot_tls_connect L#130 . Seeding the random number generator... DEBUG: iot_tls_connect L#138 . Loading the CA root certificate ... DEBUG: iot_tls_connect L#144 ok (0 skipped) DEBUG: iot_tls_connect L#146 . Loading the client cert. and key... DEBUG: iot_tls_connect L#159 ok DEBUG: iot_tls_connect L#161 . Connecting to a2wxltlckq7wbl-ats.iot.us-west-2.amazonaws.com/443... DEBUG: iot_tls_connect L#180 ok DEBUG: iot_tls_connect L#182 . Setting up the SSL/TLS structure... DEBUG: iot_tls_connect L#223 SSL state connect : 0 DEBUG: iot_tls_connect L#226 ok DEBUG: iot_tls_connect L#228 SSL state connect : 0 DEBUG: iot_tls_connect L#229 . Performing the SSL/TLS handshake... DEBUG: _iot_tls_verify_cert L#49 Verify requested for (Depth 3): DEBUG: _iot_tls_verify_cert L#51 cert. version : 3 serial number : A7:0E:4A:4C:34:82:B7:7F issuer name : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority subject name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 issued on : 2009-09-02 00:00:00 expires on : 2034-06-28 17:39:16 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Digital Signature, Key Cert Sign, CRL Sign DEBUG: _iot_tls_verify_cert L#56 cert. version : 3 serial number : A7:0E:4A:4C:34:82:B7:7F issuer name : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority subject name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 issued on : 2009-09-02 00:00:00 expires on : 2034-06-28 17:39:16 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Digital Signature, Key Cert Sign, CRL Sign DEBUG: _iot_tls_verify_cert L#57 cert. version : 3 serial number : A7:0E:4A:4C:34:82:B7:7F issuer name : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority subject name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 issued on : 2009-09-02 00:00:00 expires on : 2034-06-28 17:39:16 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Digital Signature, Key Cert Sign, CRL Sign DEBUG: _iot_tls_verify_cert L#49 Verify requested for (Depth 2): DEBUG: _iot_tls_verify_cert L#51 cert. version : 3 serial number : 06:7F:94:4A:2A:27:CD:F3:FA:C2:AE:2B:01:F9:08:EE:B9:C4:C6 issuer name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 subject name : C=US, O=Amazon, CN=Amazon Root CA 1 issued on : 2015-05-25 12:00:00 expires on : 2037-12-31 01:00:00 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Digital Signature, Key Cert Sign, CRL Sign DEBUG: _iot_tls_verify_cert L#54 This certificate has no flags DEBUG: _iot_tls_verify_cert L#49 Verify requested for (Depth 1): DEBUG: _iot_tls_verify_cert L#51 cert. version : 3 serial number : 06:7F:94:57:85:87:E8:AC:77:DE:B2:53:32:5B:BC:99:8B:56:0D issuer name : C=US, O=Amazon, CN=Amazon Root CA 1 subject name : C=US, O=Amazon, OU=Server CA 1B, CN=Amazon issued on : 2015-10-22 00:00:00 expires on : 2025-10-19 00:00:00 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true, max_pathlen=0 key usage : Digital Signature, Key Cert Sign, CRL Sign DEBUG: _iot_tls_verify_cert L#54 This certificate has no flags DEBUG: _iot_tls_verify_cert L#49 Verify requested for (Depth 0): DEBUG: _iot_tls_verify_cert L#51 cert. version : 3 serial number : 0B:22:80:7E:73:1A:53:C4:E4:0B:DA:DF:DA:FE:70:B0 issuer name : C=US, O=Amazon, OU=Server CA 1B, CN=Amazon subject name : CN=*.iot.us-west-2.amazonaws.com issued on : 2019-05-07 00:00:00 expires on : 2020-04-29 12:00:00 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : iot.us-west-2.amazonaws.com, *.iot.us-west-2.amazonaws.com key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication, TLS Web Client Authentication DEBUG: _iot_tls_verify_cert L#54 This certificate has no flags ERROR: iot_tls_connect L#232 failed ! mbedtls_ssl_handshake returned -0x2700 ERROR: iot_tls_connect L#239 Unable to verify the server's certificate. Either it is invalid, or you didn't set ca_file or ca_path to an appropriate value. Alternatively, you may want to use auth_mode=optional for testing purposes. ERROR: main L#190 Error(-4) connecting to a2wxltlckq7wbl-ats.iot.us-west-2.amazonaws.com:443 ` It says unable to verify server's certificate. P.S. I have double checked the rootCA, double checked the device name and certificates and paths. Any help would be greatly appreciated

I remember when I used the httpget sample with WP76 module, there is same problem of getting IP address inside application and this is fixed in later FW with legato 20.04.

Currently you might try method to get IP addres inside program:

johannes.lehtonen · February 18, 2021, 11:44am

I tried disabling firewall, upgrading to the latest legato wp77_4.2.0 from the dev branch. I then tried a wp7607 module with latest firmware and the outcome was always the same. How would the IP address be different when fetched at runtime?

jyijyi · February 18, 2021, 11:52am

Did you try getting the ip address inside program by the following?

johannes.lehtonen · February 18, 2021, 12:32pm

Yeah gethostname failed and then after trying a few urls gethostbyname also failed to succeed once.

On pc I get

Hostname: legato-dev
Host IP: 127.0.1.1

and

Hostname: a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com
Host IP: 18.194.135.217

jyijyi · February 18, 2021, 3:54pm

I don’t see problem with my WP76 module on FW R13.
You can use my application.
http_get_WP76.rar (3.0 MB)

Feb 18 23:52:04 swi-mdm9x28-wp user.info Legato:  INFO | httpGet[2083] | Hostname: swi-mdm9x28-wp
Feb 18 23:52:04 swi-mdm9x28-wp user.info Legato:  INFO | httpGet[2083] | www.google.com IP: 172.217.24.196

johannes.lehtonen · February 19, 2021, 2:52pm

Well that was interesting. Your app managed to find the IP addresses so I tried to figure out what was different and after copying over the requires section in adef and bundles section in cdef a connection was established! So it was a matter of missing libraries I guess, sure would’ve been nice to see some errors about it. Is there a tutorial on networking anywhere? I thought I had covered the basics but never ran into this.

jyijyi · February 19, 2021, 3:04pm

Maybe you can port those parts to your mqtt app

Topic		Replies	Views
Connecting to AWS Server from wp76xx Legato Application Framework	2	733	August 10, 2020
Problem with mqtt sample app Legato Application Framework	3	615	March 16, 2023
mqttClientService on Legato framework 21 connection problems Legato Application Framework	1	304	January 12, 2023
Connecting wp77 to AWS IoT	16	1093	March 15, 2024
WP7702 fails to connect Legato Application Framework	8	314	September 20, 2023

MQTT Connection issues on WP7702 [AWS]

Related topics