I'm using STM32 L475E_IOT01A2 and I tried to run the sample "Connect to AWS IoT - STM32-B-L475E-IOT01A", however, it always failed to establish the connection.
Actually, it always returned secureSocketStatus=-1.
Actual message observed on the screen is attached below.
1 535 [Tmr Svc] Waiting for 180 seconds before generating key-pair
2 180541 [Tmr Svc] WiFi firmware version is: C3.5.2.7.STM
3 180546 [Tmr Svc] WiFi firmware is up-to-date.
4 180552 [iot_thread] [INFO ][DEMO][180552] ---------STARTING DEMO--------- 5 180560 [iot_thread] [INFO ][INIT][180559] SDK successfully initialized.
6 185637 [iot_thread] [INFO ][DEMO][185637] Successfully initialized the demo. Network type for the demo: 1
7 185647 [iot_thread] [INFO] Creating a TLS connection to a26800ryr2bs98-ats.iot.ap-northeast-1.amazonaws.com:8883.
8 185739 [iot_thread] [ERROR] Failed to establish new connection. secureSocketStatus=-1.
9 185753 [iot_thread] [WARN] Connection to the broker failed. Attempting connection retry after backoff delay.
10 186056 [iot_thread] [INFO] Retry attempt 2 out of maximum retry attempts 5.
(I omit following message just indicating repetitions.)
I think configuration for aws_clienetcredential_keys.h and aws_clientcredential.h is ok.
In aws_clienetcredential_keys.h, keyCLIENT_CERTIFICATE_PEM and keyCLIENT_PRIVATE_KEY_PEM are provided as created by CertificateConfigurator.
In aws_clientcredential.h, BROKER_ENDPOINT, IOT_THING_NAME, wifi address and password are set properly.
In aws_demo_config, CONFIG_CORE_MQTT_MUTUAL_AUTH_DEMO_ENABLED is defined.
Further, I checked and found the problem may exist the handshake of ES_WIFI_StartClientConnection. (Observed handshake sequence is below.)
Cmd:P0=0 -> ret=0,
Cmd:P1=3 -> ret=0,
Cmd:P2=0 -> ret=0,
Cmd:P3=(remote IP address) -> ret=0,
Now, ES_WIFI_STATUS & TCP_SSL_CONNECTION are ok.
Cmd:P9=2 -> ret=0,
Cmd:P6=1 -> ret=5, which I think means UNEXPECTED_CLOSED_SOCKET
I think it leads to ecureSocketStatus=-1.
I repeated many times, however, the result was always the same.
Please let me know how to solve this.
As I'm really a beginner, your instruction would be highly appreciated.
regards,
CK
Additonal Information:
I downloaded latest sample module from AWS site.
Also, I updated wifi firmware module(SPI_C3.5.2.7) through Inventek website.
Hi, Greg_B, Thank you for your comment. I actually followed below. https://ap-northeast-1.console.aws.amazon.com/iot/home?region=ap-northeast-1#/freertos/clone/Connect_to_AWS_IoT_-_STM32-B-L475E-IOT01A/predefined I think my device certificate is ok. I attached very simple policy as below. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:", "Resource": "" } ] } If you need further information, please let me know. Thanking you, CK
Thanks CK. Some asterisks are missing, but I think that might just be a re:Post formatting issue. So I think it's good.
I just noticed the "Waiting for 180 seconds before generating key-pair" line in the log. This indicates developer mode provisioning is enabled (meaning you have
keyprovisioningFORCE_GENERATE_NEW_KEY_PAIR
set to 1). What option did you use? Option 1 or option 2 (or maybe a bit of both)? https://docs.aws.amazon.com/freertos/latest/userguide/dev-mode-key-provisioning.htmlHi, Greg_B, I followed Option 1. I imported private key from AWS IoT and configure aws_clienetcredential_keys.h by CertificateConfigurator. Also, I checked the file: aws_dev_mode_key_provisioning.c, as below. #define keyprovisioningFORCE_GENERATE_NEW_KEY_PAIR 0 I think it remains as default setting, not choosing option 2. I'm not sure why the message indicates as if option 2 is chosen. Pls let me know if any other setting is required. Regards, CK
Hi CK. Please see here: https://github.com/aws/amazon-freertos/blob/747f07402a744ec839ed9950e841142408abd6b0/demos/dev_mode_key_provisioning/src/aws_dev_mode_key_provisioning.c#L1188-L1217 This is why I said what I said. Can you please also check the value of
pkcs11configIMPORT_PRIVATE_KEYS_SUPPORTED
. It should be 1.Based on the logs, the code is also built with
USE_OFFLOAD_SSL
. This means the key and certificate are stored in the WiFi module (via PKCS11). See here: https://github.com/aws/amazon-freertos/blob/747f07402a744ec839ed9950e841142408abd6b0/demos/dev_mode_key_provisioning/src/aws_dev_mode_key_provisioning.c#L1320It should use the key and cert from aws_clientcredential_keys.h when configured. However, automatic provisioning is seemingly occurring after 180s and this overwrites the key and cert in the WiFi module. So they don't match the cert in IoT Core when you try to connect.