Forums - Certificate copy fails in Onboard_demo

12 posts / 0 new
Last post
Certificate copy fails in Onboard_demo
darshan.prajapati
Join Date: 4 Feb 20
Posts: 8
Posted: Wed, 2020-02-12 14:01

I have compiled Onboard_demo as per Development Kit user guide document 80-YA121-140 Rev. D Section 5. I am using binary certificate array in cert_buf.h. On board bootup, aws iot thing private key and cert storage gets successful but CA cert store gets failed. Following is my CA key code.

/* @brief This buffer should contain the CAList cert
 *
 * This can be generated using SharkSSLParseCAList <certfile>
 * where certfile is downloaded for AWS Thing
 */
uint8_t aws_calist[] =
{
   0x00, 0x00, 0x00, 0x01, 0x41, 0x6D, 0x61, 0x7A,
   0x6F, 0x6E, 0x20, 0x52, 0x00, 0x00, 0x00, 0x10,
   0x30, 0x82, 0x01, 0xB6, 0x30, 0x82, 0x01, 0x5B,
   0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x06,
   0x6C, 0x9F, 0xD5, 0x74, 0x97, 0x36, 0x66, 0x3F,
   0x3B, 0x0B, 0x9A, 0xD9, 0xE8, 0x9E, 0x76, 0x03,
   0xF2, 0x4A, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
   0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x39,
   0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
   0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30,
   0x0D, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x06,
   0x41, 0x6D, 0x61, 0x7A, 0x6F, 0x6E, 0x31, 0x19,
   0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
   0x10, 0x41, 0x6D, 0x61, 0x7A, 0x6F, 0x6E, 0x20,
   0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41, 0x20,
   0x33, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30,
   0x35, 0x32, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30,
   0x30, 0x5A, 0x17, 0x0D, 0x34, 0x30, 0x30, 0x35,
   0x32, 0x36, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
   0x5A, 0x30, 0x39, 0x31, 0x0B, 0x30, 0x09, 0x06,
   0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
   0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04,
   0x0A, 0x13, 0x06, 0x41, 0x6D, 0x61, 0x7A, 0x6F,
   0x6E, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
   0x04, 0x03, 0x13, 0x10, 0x41, 0x6D, 0x61, 0x7A,
   0x6F, 0x6E, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20,
   0x43, 0x41, 0x20, 0x33, 0x30, 0x59, 0x30, 0x13,
   0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02,
   0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
   0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x29,
   0x97, 0xA7, 0xC6, 0x41, 0x7F, 0xC0, 0x0D, 0x9B,
   0xE8, 0x01, 0x1B, 0x56, 0xC6, 0xF2, 0x52, 0xA5,
   0xBA, 0x2D, 0xB2, 0x12, 0xE8, 0xD2, 0x2E, 0xD7,
   0xFA, 0xC9, 0xC5, 0xD8, 0xAA, 0x6D, 0x1F, 0x73,
   0x81, 0x3B, 0x3B, 0x98, 0x6B, 0x39, 0x7C, 0x33,
   0xA5, 0xC5, 0x4E, 0x86, 0x8E, 0x80, 0x17, 0x68,
   0x62, 0x45, 0x57, 0x7D, 0x44, 0x58, 0x1D, 0xB3,
   0x37, 0xE5, 0x67, 0x08, 0xEB, 0x66, 0xDE, 0xA3,
   0x42, 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55,
   0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30,
   0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03,
   0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04,
   0x03, 0x02, 0x01, 0x86, 0x30, 0x1D, 0x06, 0x03,
   0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xAB,
   0xB6, 0xDB, 0xD7, 0x06, 0x9E, 0x37, 0xAC, 0x30,
   0x86, 0x07, 0x91, 0x70, 0xC7, 0x9C, 0xC4, 0x19,
   0xB1, 0x78, 0xC0, 0x30, 0x0A, 0x06, 0x08, 0x2A,
   0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03,
   0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE0,
   0x85, 0x92, 0xA3, 0x17, 0xB7, 0x8D, 0xF9, 0x2B,
   0x06, 0xA5, 0x93, 0xAC, 0x1A, 0x98, 0x68, 0x61,
   0x72, 0xFA, 0xE1, 0xA1, 0xD0, 0xFB, 0x1C, 0x78,
   0x60, 0xA6, 0x43, 0x99, 0xC5, 0xB8, 0xC4, 0x02,
   0x21, 0x00, 0x9C, 0x02, 0xEF, 0xF1, 0x94, 0x9C,
   0xB3, 0x96, 0xF9, 0xEB, 0xC6, 0x2A, 0xF8, 0xB6,
   0x2C, 0xFE, 0x3A, 0x90, 0x14, 0x16, 0xD7, 0x8C,
   0x63, 0x24, 0x48, 0x1C, 0xDF, 0x30, 0x7D, 0xD5,
   0x68, 0x3B
};
 
 
Now in aws_run.c file, following code fails:
 
    cert_buf = aws_calist;
    cert_buf_size = sizeof(aws_calist);
 
    memset(&cert_info, 0, sizeof(cert_info));
    cert_info.cert_Type = QAPI_NET_SSL_BIN_CA_LIST_E;
    ca_info.ca_Buf =  cert_buf;
    ca_info.ca_Size = cert_buf_size;
    cert_info.info.pem_CA_List.ca_Cnt = 1;
    cert_info.info.pem_CA_List.ca_Info[0] = &ca_info;
    status = qapi_Net_SSL_Cert_Store(&cert_info, AWS_CALIST_LOC);
    if (QAPI_OK != status)
    {
        IOT_INFO("Certificate store is failed %d %d\n", status, __LINE__);
        return FAILURE;
    }
    else
    {
        IOT_INFO("certificate store is success ......................\n");
    }
 
When this code runs, it prints Certificate store failed. And after that it prints AWS THREAD EXITED !!!
I have make sure that code section and data section are set properly in linker script as per explanation in document.
What is happening wrong here? Please let me know.
  • Up0
  • Down0
c_rpedad
Profile picture
Join Date: 18 Jun 18
Location: San Jose
Posts: 317
Posted: Wed, 2020-02-12 15:10

Since you are using BIN_CA_LIST, kinldy use bin_CA_List instead of pem_CA_List. I am providing sample code for your referance:

 589 static void init_root_ca_cert(void) {
 590     static unsigned char crt[] = {
 591         0x00, 0x00, 0x00, 0x01, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x00, 0x00, 0x00, 0x10,
 592         0x30, 0x82, 0x03, 0xAF, 0x30, 0x82, 0x02, 0x97, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x08,
 593         0x3B, 0xE0,
 ************
 655         0x95, 0x6D, 0xDE
 750     };
 751
 752     write_ca_to_tee(QAPI_NET_SSL_BIN_CA_LIST_E, crt, sizeof(crt));
 753 }
 754
 755 static int write_ca_to_tee(qapi_Net_SSL_Cert_Type_t certType, uint8_t *ca_file_buf, uint32_t ca_cert_size) {
 756     qapi_Status_t status;
 757     qapi_CA_Info_t ca_info;
 758     qapi_Net_SSL_Cert_Info_t cert_info = {0};
 759
 760     switch ((qapi_Net_SSL_Cert_Type_t)certType) {
 761         case QAPI_NET_SSL_PEM_CA_LIST_E: {
 762                 ca_info.ca_Buf = ca_file_buf;
 763                 ca_info.ca_Size = ca_cert_size;
 764                 cert_info.cert_Type = QAPI_NET_SSL_PEM_CA_LIST_E;
 765                 cert_info.info.pem_CA_List.ca_Cnt = 1;
 766                 cert_info.info.pem_CA_List.ca_Info[0] = &ca_info;
 767                 break;
 768             }
 769         case QAPI_NET_SSL_BIN_CA_LIST_E: {
 770                 cert_info.cert_Type = QAPI_NET_SSL_BIN_CA_LIST_E;
 771                 cert_info.info.bin_CA_List.ca_List_Buf = ca_file_buf;
 772                 cert_info.info.bin_CA_List.ca_List_Size = ca_cert_size;
 773                 break;
 774             }
 775         default:
 776              IOT_INFO("Unknown certificate/CA type %d\n", certType);
 777             break;
 778     }
 779
 780     status = qapi_Net_SSL_Cert_Store(&cert_info, AWS_CALIST_LOC);
 781      IOT_INFO("CA storing: %d\n", status);
 782     if (QAPI_OK != status) {
 783          IOT_INFO("CA storing failed: %d\n", status);
 784     }
 785     return status;
 786 }

 

  • Up0
  • Down0
darshan.prajapati
Join Date: 4 Feb 20
Posts: 8
Posted: Wed, 2020-02-12 16:03

With PEM certificate also its giving error. Tried with following:


uint8_t aws_calist[] =
{
"-----BEGIN CERTIFICATE-----\r\n\
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\
jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\
AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\
A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\
U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\
N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\
o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\
5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\
rqXRfboQnoZsG4q5WTP468SQvvG5\
-----END CERTIFICATE-----\r\n"
};
 
cert_buf = aws_calist;
    cert_buf_size = sizeof(aws_calist);
 
    memset(&cert_info, 0, sizeof(cert_info));
    cert_info.cert_Type = QAPI_NET_SSL_BIN_CA_LIST_E;
    ca_info.ca_Buf =  cert_buf;
    ca_info.ca_Size = cert_buf_size;
    cert_info.info.pem_CA_List.ca_Cnt = 1;
    cert_info.info.pem_CA_List.ca_Info[0] = &ca_info;
   
    status = qapi_Net_SSL_Cert_Store(&cert_info, AWS_CALIST_LOC);
    if (QAPI_OK != status)
    {
        IOT_INFO("Certificate store is failed %d %d\n", status, __LINE__);
        return FAILURE;
    }
    else
    {
        IOT_INFO("certificate store is success ......................\n");
    }

Why above code is failing?

  • Up0
  • Down0
c_rpedad
Profile picture
Join Date: 18 Jun 18
Location: San Jose
Posts: 317
Posted: Wed, 2020-02-12 17:06

The reason for the failure is you have specifed cert_type as BIN and passing the arguments to pem_CA_List.

In case of   cert_info.cert_Type = QAPI_NET_SSL_BIN_CA_LIST_E, use below params:
    ca_info.ca_Buf =  cert_buf;
    ca_info.ca_Size = cert_buf_size;
    cert_info.info.bin_CA_List.ca_List_Buf = ca_file_buf;
    cert_info.info.bin_CA_List.ca_List_Size = ca_cert_size;

In case of   cert_info.cert_Type = QAPI_NET_SSL_PEM_CA_LIST_E, use below params:
    ca_info.ca_Buf =  cert_buf;
    ca_info.ca_Size = cert_buf_size;
    cert_info.info.pem_CA_List.ca_Cnt = 1;
    cert_info.info.pem_CA_List.ca_Info[0] = &ca_info;

 

  • Up0
  • Down0
darshan.prajapati
Join Date: 4 Feb 20
Posts: 8
Posted: Thu, 2020-02-13 08:40
uint8_t aws_calist[] =
{
"-----BEGIN CERTIFICATE-----\r\n\
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\
jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\
AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\
A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\
U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\
N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\
o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\
5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\
rqXRfboQnoZsG4q5WTP468SQvvG5\
-----END CERTIFICATE-----\r\n"
};
 
cert_buf = aws_calist;
    cert_buf_size = sizeof(aws_calist);
 
    memset(&cert_info, 0, sizeof(cert_info));
    cert_info.cert_Type = QAPI_NET_SSL_PEM_CA_LIST_E;
    ca_info.ca_Buf =  cert_buf;
    ca_info.ca_Size = cert_buf_size;
    cert_info.info.pem_CA_List.ca_Cnt = 1;
    cert_info.info.pem_CA_List.ca_Info[0] = &ca_info;
   
    status = qapi_Net_SSL_Cert_Store(&cert_info, AWS_CALIST_LOC);
    if (QAPI_OK != status)
    {
        IOT_INFO("Certificate store is failed %d %d\n", status, __LINE__);
        return FAILURE;
    }
    else
    {
        IOT_INFO("certificate store is success ......................\n");
    }

 

I have tried above code now with correct enum of PEM type certificate. Still it fails. Is it because of aws_calist array definition? Anything wrong in that?

  • Up0
  • Down0
c_rpedad
Profile picture
Join Date: 18 Jun 18
Location: San Jose
Posts: 317
Posted: Thu, 2020-02-13 09:51

Kindly try copying contents of aws_calist[] under a single line statement as described under Prerequisites to build onboard AWS demo in QCA402x (CDB2x) Development Kit User Guide.

Example:

uint8_t aws_calist[] =
{-----BEGIN CERTIFICATE-----MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5-----END CERTIFICATE-----};

 




 

  • Up0
  • Down0
darshan.prajapati
Join Date: 4 Feb 20
Posts: 8
Posted: Thu, 2020-02-13 10:04

Tried putting everything in one line as per documentation, but its not working, so I tried putting CR LF at end of each line as suggested in funciton comment of qapi_Net_SSL_Cert_Store. You can try it and you will see its not working.

  • Up0
  • Down0
c_rpedad
Profile picture
Join Date: 18 Jun 18
Location: San Jose
Posts: 317
Posted: Thu, 2020-02-13 10:44

I have tried locally using the same and no issues were seen :

include\cert_buf.h

uint8_t aws_calist[] =
{"-----BEGIN CERTIFICATE-----MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5-----END CERTIFICATE-----"};

 

 

Serial Console:

Onboard: AWS IoT SDK Version 3.0.1-
Onboard: Stack rc=100a0474 ret=100a0480
Onboard: Malloc mqttClient=100a04d8

Onboard:  AWS shadow_init done
Onboard: Hostname:a2********-ats.iot.us-west-2.amazonaws.com
Onboard: Client crt file name:cert
Onboard: Client Thing name:QCA4020
Onboard: bytes_written num = 1
Onboard: Enable WLAN numVDEV:2Wlan enable_success
Onboard: Thread creation return value

Onboard: Waiting for Onboard events ...
Onboard: Mac Addr = 02:03:7f:99:92:14
Onboard: Monitor Thread is runnning ----------------------
Onboard: waiting on Monitor thread
Onboard: Current operation mode:0
Onboard: CONNECTING to SSID:QCA4020_9214, pwd:123456789
Onboard: setting to ap mode
Onboard:
Onboard: Setting SSID to QCA4020_9214
Onboard:
Onboard: certificate store is success ......................
Onboard: certificate store is success ......................
Onboard: WLANCB: dID:0, cbID:0, val:1
Onboard: Connect event on devId:0 val:1
Onboard: devid - 0 1 CONNECTED MAC addr 02:03:7f:99:92:14
Onboard: Server started.........
Onboard: Waiting on accept ...........................


Kindly share us your folder to verify the issue .

 

  • Up0
  • Down0
darshan.prajapati
Join Date: 4 Feb 20
Posts: 8
Posted: Thu, 2020-02-13 13:10

For now I have used binary certificate array and certificate load error has gone. Now it throws error in shadow connection. Following are the logs.

Onboard: START AWS: running(0)
Onboard:            total       used       free
Onboard: Shadow Init
 
Onboard: Heap:     294656     131696     162960
Onboard: Shadow Connect
 
Onboard: mutex unlock done ---------
Onboard: waiting on Monitor thread
Onboard: Shadow Connection Error
 
Onboard: : rc = -17
Onboard: Please restart the device
 
Error code -17 refers to 
/** A generic error code for Network layer errors */
NETWORK_SSL_UNKNOWN_ERROR = -17,
 
How to resolve this network layer error now?
 
I checked wireshark for SSL packets. Found that after initial TCP handshake, QCA4020 does not send Client Hello packet to AWS server. Something wrong at Network layer. I have verified that certificates are ok and it does work on Linux PC with a standalone AWS IoT client. Please provide help to resolve the issue.
 
PS: Wanted to attach screenshot of Wireshark packet long, don't see an option to attach file.

 

  • Up0
  • Down0
c_rpedad
Profile picture
Join Date: 18 Jun 18
Location: San Jose
Posts: 317
Posted: Thu, 2020-02-13 13:25

Kindly make sure your network is not blocking any AWS connection.
Check if there are any check blocking new devices for connection.
Restart QCA4020 to confirm if the behaviour is consistent.

However, can you also confirm if the same issue is seen with hotspot or non-corporate network ?

  • Up0
  • Down0
darshan.prajapati
Join Date: 4 Feb 20
Posts: 8
Posted: Thu, 2020-02-13 14:18

I checked with mobile hotspot and non-corporate network as well. Issue still remains the same. Actually QCA4020 does not send Client Hello packet for initial SSL connection. Blocking in network comes later. Seems like issue with SDK. Please let me know if you need further information.

  • Up0
  • Down0
c_rpedad
Profile picture
Join Date: 18 Jun 18
Location: San Jose
Posts: 317
Posted: Fri, 2020-02-14 13:11
Kindly try the demo using QCA4020.OR.3.2 OEM QCA SDK+CDB posted on Dec 12, 2020 and let us know if you still face issues ?
  • Up0
  • Down0
or Register

Opinions expressed in the content posted here are the personal opinions of the original authors, and do not necessarily reflect those of Qualcomm Incorporated or its subsidiaries (“Qualcomm”). The content is provided for informational purposes only and is not meant to be an endorsement or representation by Qualcomm or any other party. This site may also provide links or references to non-Qualcomm sites and resources. Qualcomm makes no representations, warranties, or other commitments whatsoever about any non-Qualcomm sites or third-party resources that may be referenced, accessible from, or linked to this site.