We use cookies and similar technologies (also from third parties) to collect your device and browser information for a better understanding on how you use our online offerings. This enables us to optimize and personalize your experience with Infineon and to provide you with additional services and information based on your individual profile. Details are available in our privacy policy.
Privacy Policyand Imprint
View and change cookie settings
Accept
Reject
Ask the Community

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

Wi-Fi Combo Forum Discussions

Anonymous
Not applicable
‎Feb 03, 2016 02:23 AM
‎Feb 03, 2016 02:23 AM

How to publish data to AWS IoT (con't)

Hi abirjepatil

I tried to run demo.aws_iot.pub_sub.publisher demo code on SDK-3.5.2.

But I got below error:

Joining : LAB

Successfully joined : LAB

Obtaining IP address via DHCP

Network ready IP: 192.168.1.103

Resolving IP address of MQTT broker...

Resolved Broker IP: 52.192.145.107

[MQTT] Opening connection...

[MQTT LIB] : error intializing the  mqtt connection setup

After adding debug code, it shows

wiced_tls_init_root_ca_certificates returns -96.

x509_convert_pem_to_der returns -64 because s2 is NULL.

Below print out the content of pointer p:

Obviously, it's incompleted so it returns TROPICSSL_ERR_X509_CERT_INVALID_PEM (-64).

-----BEGIN CERTIFICATE-----

MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB

yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL

ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp

U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW

ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0

aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL

MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW

ZXJpU2lnbiBUcnVzdCBOZ\0xef\0x80q/\0x09\0x02

Then I print out the content after resource_get_readonly_buffer() call

and got the same data as above.

Labels
0 Likes
Subscribe
8 Replies
Anonymous
Not applicable
‎Feb 03, 2016 02:29 AM
‎Feb 03, 2016 02:29 AM

Re: How to publish data to AWS IoT (con't)

I figured out the problem: the size_out is 512.

If resource->location != RESOURCE_IN_MEMORY && USES_RESOURCE_FILESYSTEM is defined, the max return size_out is 512.

the size of rootca.cer is bigger than 512.

Any patch available to fix this?

0 Likes
Anonymous
Not applicable
In response to Anonymous
‎Feb 03, 2016 03:02 AM
‎Feb 03, 2016 03:02 AM

Re: How to publish data to AWS IoT (con't)

one more thing,

It's wrong to use strlen( (const char*)trusted_ca_certificates):

result = x509_parse_certificate( root_ca_certificates, (const uint8_t*)trusted_ca_certificates, strlen( (const char*)trusted_ca_certificates ) );

You need to make sure trusted_ca_certificates is NULL terminated if you want to use strlen.

In my test, the returned security.ca_cert is not NULL terminated.

0 Likes
VikramR_26
Employee
Employee
10 sign-ins 10 comments on KBA 5 comments on KBA
In response to Anonymous
‎Feb 04, 2016 10:21 PM
‎Feb 04, 2016 10:21 PM

Re: How to publish data to AWS IoT (con't)

Could you tell us, what procedure are you using to load the certificates in your application ?

Since there are two techniques, one is to read from the resource folder and other you can have certificates loaded as character array to variables and use them.

0 Likes
Anonymous
Not applicable
In response to VikramR_26
‎Feb 04, 2016 11:11 PM
‎Feb 04, 2016 11:11 PM

Re: How to publish data to AWS IoT (con't)

vik86,

The demo.aws_iot.pub_sub.publisher demo code uses reading read from the resource folder.

I think already pointed out the part of problematic code.

I repeat again here:

1) below code is wrong when resource->location != RESOURCE_IN_MEMORY && USES_RESOURCE_FILESYSTEM is defined

resource_get_readonly_buffer( &resources_apps_DIR_aws_iot_DIR_rootca_cer, 0, MQTT_MAX_RESOURCE_SIZE, &size_out, (const void **) &security.ca_cert );

return maximum size_out is 512 which is not big enough for rootCA.

2) You cannot use strlen in below cases because resource_get_readonly_buffer() does not ensure security.ca_cert/security.cert/security.key are NULL terminated. Which means stlrn can return wrong size.

result = x509_parse_certificate( root_ca_certificates, (const uint8_t*)trusted_ca_certificates, strlen( (const char*)trusted_ca_certificates ) );

Also apply to x509parse_key().

0 Likes
Anonymous
Not applicable
In response to VikramR_26
‎Feb 15, 2016 04:13 AM
‎Feb 15, 2016 04:13 AM

Re: How to publish data to AWS IoT (con't)

Hi vik86

Any update fix for this issue?

0 Likes
VikramR_26
Employee
Employee
10 sign-ins 10 comments on KBA 5 comments on KBA
In response to Anonymous
‎Mar 24, 2016 11:03 PM
‎Mar 24, 2016 11:03 PM

Re: How to publish data to AWS IoT (con't)

This has been discussed earlier mkochhal​ , the certificates needs to be indented with proper "\n" ending

Also sam.lin​ we are working on optimizing the MQTT library and sample applications. If you are not able to get your sample application work, there are issues with your setup or certificates, we can help with those.

0 Likes
Anonymous
Not applicable
In response to VikramR_26
‎Mar 25, 2016 11:16 AM
‎Mar 25, 2016 11:16 AM

Re: How to publish data to AWS IoT (con't)

Using the x509 certificate parsing tool does not always solve the certificate indentation or formatting issues... I had to manually tweak the certificate parsing, so that the function x509_convert_pem_to_der() can succeed.

0 Likes
Anonymous
Not applicable
‎Mar 24, 2016 08:58 PM
‎Mar 24, 2016 08:58 PM

Re: How to publish data to AWS IoT (con't)

vik86

I am facing the same problem, how did you resolve it?

0 Likes