Announcements

Help us improve the Power & Sensing Selection Guide. Share feedback

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Hi abirjepatil

I tried to run demo.aws_iot.pub_sub.publisher demo code on SDK-3.5.2.

But I got below error:

Joining : LAB

Successfully joined : LAB

Obtaining IP address via DHCP

Network ready IP: 192.168.1.103

Resolving IP address of MQTT broker...

Resolved Broker IP: 52.192.145.107

[MQTT] Opening connection...

[MQTT LIB] : error intializing the  mqtt connection setup

After adding debug code, it shows

wiced_tls_init_root_ca_certificates returns -96.

x509_convert_pem_to_der returns -64 because s2 is NULL.

Below print out the content of pointer p:

Obviously, it's incompleted so it returns TROPICSSL_ERR_X509_CERT_INVALID_PEM (-64).

-----BEGIN CERTIFICATE-----

MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB

yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL

ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp

U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW

ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0

aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL

MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW

ZXJpU2lnbiBUcnVzdCBOZ\0xef\0x80q/\0x09\0x02

Then I print out the content after resource_get_readonly_buffer() call

and got the same data as above.

0 Likes
8 Replies
Anonymous
Not applicable

I figured out the problem: the size_out is 512.

If resource->location != RESOURCE_IN_MEMORY && USES_RESOURCE_FILESYSTEM is defined, the max return size_out is 512.

the size of rootca.cer is bigger than 512.

Any patch available to fix this?

0 Likes
Anonymous
Not applicable

one more thing,

It's wrong to use strlen( (const char*)trusted_ca_certificates):

result = x509_parse_certificate( root_ca_certificates, (const uint8_t*)trusted_ca_certificates, strlen( (const char*)trusted_ca_certificates ) );

You need to make sure trusted_ca_certificates is NULL terminated if you want to use strlen.

In my test, the returned security.ca_cert is not NULL terminated.

0 Likes

Could you tell us, what procedure are you using to load the certificates in your application ?

Since there are two techniques, one is to read from the resource folder and other you can have certificates loaded as character array to variables and use them.

0 Likes
Anonymous
Not applicable

vik86,

The demo.aws_iot.pub_sub.publisher demo code uses reading read from the resource folder.

I think already pointed out the part of problematic code.

I repeat again here:

1) below code is wrong when resource->location != RESOURCE_IN_MEMORY && USES_RESOURCE_FILESYSTEM is defined

resource_get_readonly_buffer( &resources_apps_DIR_aws_iot_DIR_rootca_cer, 0, MQTT_MAX_RESOURCE_SIZE, &size_out, (const void **) &security.ca_cert );

return maximum size_out is 512 which is not big enough for rootCA.

2) You cannot use strlen in below cases because resource_get_readonly_buffer() does not ensure security.ca_cert/security.cert/security.key are NULL terminated. Which means stlrn can return wrong size.

result = x509_parse_certificate( root_ca_certificates, (const uint8_t*)trusted_ca_certificates, strlen( (const char*)trusted_ca_certificates ) );

Also apply to x509parse_key().

0 Likes
Anonymous
Not applicable

Hi vik86

Any update fix for this issue?

0 Likes

This has been discussed earlier mkochhal​ , the certificates needs to be indented with proper "\n" ending

Also sam.lin​ we are working on optimizing the MQTT library and sample applications. If you are not able to get your sample application work, there are issues with your setup or certificates, we can help with those.

0 Likes
Anonymous
Not applicable

Using the x509 certificate parsing tool does not always solve the certificate indentation or formatting issues... I had to manually tweak the certificate parsing, so that the function x509_convert_pem_to_der() can succeed.

0 Likes
Anonymous
Not applicable

vik86

I am facing the same problem, how did you resolve it?

0 Likes