ESP32 aws_iot subscribe/publish example error
Posted: Tue Aug 01, 2017 1:56 am
by raemond
Hi
I can't seem to get the aws_iot examples to work. On my latest attempt, I am working with the subscribe publish example. I am continually getting:
Code: Select all
I (4692) subpub: Connecting to AWS...
I (11722) wifi: pm start, type:0
E (33342) subpub: Error(-28) connecting to asdf.iot.us-west-2.amazonaws.com:8883
E (60352) subpub: Error(-28) connecting to asdf.iot.us-west-2.amazonaws.com:8883
E (72222) aws_iot: failed! mbedtls_ssl_handshake returned -0x6800
Seems like the connection is timing out. Has anyone seen this and figured out a solution? I believe I have everything configured correctly on the AWS side.
Thanks.
Re: ESP32 aws_iot subscribe/publish example error
Posted: Fri Sep 01, 2017 7:32 pm
by pctj101
same issue for me
D (66350) aws_iot: Loading embedded CA root certificate ...
D (66360) aws_iot: ok (0 skipped)
D (66360) aws_iot: Loading embedded client certificate...
D (66370) aws_iot: Loading embedded client private key...
D (66530) aws_iot: ok
D (66530) aws_iot: Connecting to dns.com:8883...
D (69620) aws_iot: ok
D (69620) aws_iot: Setting up the SSL/TLS structure...
D (69620) aws_iot: SSL state connect : 0
D (69620) aws_iot: ok
D (69620) aws_iot: SSL state connect : 0
D (69620) aws_iot: Performing the SSL/TLS handshake...
D (70330) aws_iot: Verify requested for (Depth 2):
D (70330) aws_iot: cert. version : 3
serial number : 18:DA:D1:9E...
issuer name : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Cert
D (70340) aws_iot: This certificate has no flags
D (70350) aws_iot: Verify requested for (Depth 1):
D (70350) aws_iot: cert. version : 3
serial number : 3F:92:87:BE...
issuer name : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Cert
D (70380) aws_iot: This certificate has no flags
D (70380) aws_iot: Verify requested for (Depth 0):
D (70390) aws_iot: cert. version : 3
serial number : 5C:70:1E:E...
issuer name : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
subject name : C=US, ST=Washington, L=
D (70410) aws_iot: This certificate has no flags
I (72190) wifi: active cnt: 14
E (78880) aws_iot: failed! mbedtls_ssl_handshake returned -0x6800
V (78880) aws_iot: FUNC_EXIT: _aws_iot_mqtt_internal_connect L#397 Return Code : -4
V (78890) aws_iot: FUNC_ENTRY: aws_iot_mqtt_set_client_state L#101
V (78890) aws_iot: FUNC_ENTRY: aws_iot_mqtt_client_lock_mutex L#64
V (78900) aws_iot: FUNC_EXIT: aws_iot_mqtt_client_lock_mutex L#82 Return Code : 0
V (78910) aws_iot: FUNC_ENTRY: aws_iot_mqtt_get_client_state L#54
V (78910) aws_iot: FUNC_EXIT: aws_iot_mqtt_get_client_state L#59 Return Code : 2
V (78920) aws_iot: FUNC_EXIT: aws_iot_mqtt_set_client_state L#126 Return Code : 0
V (78930) aws_iot: FUNC_EXIT: aws_iot_mqtt_connect L#481 Return Code : -4
E (78940) subpub: Error(-4) connecting to dns.com:8883
V (79940) aws_iot: FUNC_ENTRY: aws_iot_mqtt_connect L#455
V (79940) aws_iot: FUNC_ENTRY: aws_iot_mqtt_get_client_state L#54
Re: ESP32 aws_iot subscribe/publish example error
Posted: Mon Sep 04, 2017 12:54 am
by ESP_Angus
raemond wrote:
Seems like the connection is timing out. Has anyone seen this and figured out a solution? I believe I have everything configured correctly on the AWS side.
The current master branch works for me (using the default project config with only my endpoint hostname & WiFi credentials changed.)
I haven't seen this particular behaviour (TLS timeout) before, but maybe AWS has reconfigured the way that it will "hang up" on a bad connection. It will unceremoniously stop responding if there's any mismatch with your client cert & hostname, or if the Policy is set wrong. You can find some troubleshooting tips and a list of things to check, here:
https://github.com/espressif/esp-idf/tr ... leshooting
Re: ESP32 aws_iot subscribe/publish example error
Posted: Tue May 29, 2018 2:50 pm
by cadrjr1
I've got a similar problem to raemond ..... I've spent days working on the AWS subscribe_publish example without getting it working.
I've gone over certificates and policies, etc. and I'm pretty sure I've got them correctly configured.
Any help much appreciated .........
I get:
--- idf_monitor on COM12 115200 ---
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---
:31ets Jun 8 2016 00:22:57
rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
ets Jun 8 2016 00:22:57
rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:5664
ho 0 tail 12 room 4
load:0x40078000,len:0
load:0x40078000,len:14008
entry 0x4007860c
I (31) boot: ESP-IDF v3.1-dev-841-gedcaa5f3 2nd stage bootloader
I (31) boot: compile time 17:06:08
I (31) boot: Enabling RNG early entropy source...
I (37) boot: SPI Speed : 40MHz
I (41) boot: SPI Mode : DIO
I (45) boot: SPI Flash Size : 4MB
I (49) boot: Partition Table:
I (53) boot: ## Label Usage Type ST Offset Length
I (60) boot: 0 nvs WiFi data 01 02 00009000 00006000
I (67) boot: 1 phy_init RF data 01 01 0000f000 00001000
I (75) boot: 2 factory factory app 00 00 00010000 00100000
I (82) boot: End of partition table
I (86) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x19cb8 (105
656) map
I (132) esp_image: segment 1: paddr=0x00029ce0 vaddr=0x3ffb0000 size=0x038a4 ( 1
4500) load
I (138) esp_image: segment 2: paddr=0x0002d58c vaddr=0x40080000 size=0x00400 (
1024) load
0x40080000: _iram_start at D:/esp32_software_dev/esp-idf/components/freertos/xte
nsa_vectors.S:1685
I (140) esp_image: segment 3: paddr=0x0002d994 vaddr=0x40080400 size=0x0267c (
9852) load
I (152) esp_image: segment 4: paddr=0x00030018 vaddr=0x400d0018 size=0x7ce38 (51
1544) map
0x400d0018: _stext at ??:?
I (336) esp_image: segment 5: paddr=0x000ace58 vaddr=0x40082a7c size=0x0ce74 ( 5
2852) load
0x40082a7c: heap_caps_calloc_prefer at D:/esp32_software_dev/esp-idf/components/
heap/heap_caps.c:123
I (358) esp_image: segment 6: paddr=0x000b9cd4 vaddr=0x400c0000 size=0x00000 (
0) load
I (368) boot: Loaded app from partition at offset 0x10000
I (368) boot: Disabling RNG early entropy source...
I (370) cpu_start: Pro cpu up.
I (374) cpu_start: Starting app cpu, entry point is 0x40080f80
0x40080f80: call_start_cpu1 at D:/esp32_software_dev/esp-idf/components/esp32/cp
u_start.c:224
I (0) cpu_start: App cpu up.
I (384) heap_init: Initializing. RAM available for dynamic allocation:
I (391) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (397) heap_init: At 3FFB94A0 len 00026B60 (154 KiB): DRAM
I (403) heap_init: At 3FFE0440 len 00003BC0 (14 KiB): D/IRAM
I (410) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (416) heap_init: At 4008F8F0 len 00010710 (65 KiB): IRAM
I (422) cpu_start: Pro cpu start user code
I (105) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
I (189) wifi: wifi firmware version: d17e64c
I (189) wifi: config NVS flash: enabled
I (189) wifi: config nano formating: disabled
I (189) system_api: Base MAC address is not set, read default base MAC address f
rom BLK0 of EFUSE
I (199) system_api: Base MAC address is not set, read default base MAC address f
rom BLK0 of EFUSE
I (229) wifi: Init dynamic tx buffer num: 32
I (229) wifi: Init data frame dynamic rx buffer num: 32
I (229) wifi: Init management frame dynamic rx buffer num: 32
I (229) wifi: wifi driver task: 3ffc0a90, prio:23, stack:4096
I (239) wifi: Init static rx buffer num: 10
I (239) wifi: Init dynamic rx buffer num: 32
I (249) subpub: Setting WiFi configuration SSID xxxxxx
I (309) phy: phy_version: 386.0, 67c798f, Mar 14 2018, 16:34:06, 0, 0
I (319) wifi: mode : sta (18:fe:34:6a:93:1a)
I (319) subpub: AWS IoT SDK Version 2.2.1-
I (439) wifi: n:1 0, o:1 0, ap:255 255, sta:1 0, prof:1
I (1419) wifi: state: init -> auth (b0)
I (1419) wifi: state: auth -> assoc (0)
I (1429) wifi: state: assoc -> run (10)
I (1499) wifi: connected with xxxxxx, channel 1
I (1499) wifi: pm start, type: 1
I (7399) event: sta ip: 136.206.223.68, mask: 255.255.255.0, gw: 136.206.223.254
I (7399) subpub: Connecting to AWS...
I (7619) mbedtls: ssl_tls.c:6557 => handshake
I (7629) mbedtls: ssl_cli.c:3363 client state: 0
I (7629) mbedtls: ssl_tls.c:2416 => flush output
I (7629) mbedtls: ssl_tls.c:2428 <= flush output
I (7639) mbedtls: ssl_cli.c:3363 client state: 1
I (7639) mbedtls: ssl_tls.c:2416 => flush output
I (7649) mbedtls: ssl_tls.c:2428 <= flush output
I (7649) mbedtls: ssl_cli.c:719 => write client hello
I (7659) mbedtls: ssl_tls.c:2701 => write record
I (7669) mbedtls: ssl_tls.c:2416 => flush output
I (7669) mbedtls: ssl_tls.c:2435 message length: 271, out_left: 271
I (7679) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 271 (-0xfffffef1)
I (7679) mbedtls: ssl_tls.c:2460 <= flush output
I (7689) mbedtls: ssl_tls.c:2850 <= write record
I (7689) mbedtls: ssl_cli.c:1051 <= write client hello
I (7699) mbedtls: ssl_cli.c:3363 client state: 2
I (7709) mbedtls: ssl_tls.c:2416 => flush output
I (7709) mbedtls: ssl_tls.c:2428 <= flush output
I (7719) mbedtls: ssl_cli.c:1447 => parse server hello
I (7719) mbedtls: ssl_tls.c:3721 => read record
I (7729) mbedtls: ssl_tls.c:2208 => fetch input
I (7729) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (7739) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (7749) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb
)
I (7749) mbedtls: ssl_tls.c:2403 <= fetch input
I (7759) mbedtls: ssl_tls.c:2208 => fetch input
I (7769) mbedtls: ssl_tls.c:2366 in_left: 5, nb_want: 2663
I (7769) mbedtls: ssl_tls.c:2390 in_left: 5, nb_want: 2663
I (7779) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 2658 (-0xfffff
59e)
I (7789) mbedtls: ssl_tls.c:2403 <= fetch input
I (7809) mbedtls: ssl_tls.c:3754 <= read record
I (7819) mbedtls: ssl_cli.c:1733 server hello, total extension length: 5
I (7819) mbedtls: ssl_cli.c:1922 <= parse server hello
I (7819) mbedtls: ssl_cli.c:3363 client state: 3
I (7829) mbedtls: ssl_tls.c:2416 => flush output
I (7829) mbedtls: ssl_tls.c:2428 <= flush output
I (7839) mbedtls: ssl_tls.c:4320 => parse certificate
I (7839) mbedtls: ssl_tls.c:3721 => read record
I (7869) mbedtls: ssl_tls.c:3754 <= read record
I (8509) mbedtls: ssl_tls.c:4684 <= parse certificate
I (8509) mbedtls: ssl_cli.c:3363 client state: 4
I (8509) mbedtls: ssl_tls.c:2416 => flush output
I (8519) mbedtls: ssl_tls.c:2428 <= flush output
I (8519) mbedtls: ssl_cli.c:2263 => parse server key exchange
I (8529) mbedtls: ssl_tls.c:3721 => read record
I (8539) mbedtls: ssl_tls.c:3754 <= read record
I (8539) mbedtls: ssl_cli.c:1982 ECDH curve: secp521r1
I (8549) mbedtls: ssl_cli.c:2205 Server used SignatureAlgorithm 3
I (8549) mbedtls: ssl_cli.c:2206 Server used HashAlgorithm 6
I (9159) mbedtls: ssl_cli.c:2607 <= parse server key exchange
I (9159) mbedtls: ssl_cli.c:3363 client state: 5
I (9159) mbedtls: ssl_tls.c:2416 => flush output
I (9169) mbedtls: ssl_tls.c:2428 <= flush output
I (9169) mbedtls: ssl_cli.c:2640 => parse certificate request
I (9179) mbedtls: ssl_tls.c:3721 => read record
I (9189) mbedtls: ssl_tls.c:3754 <= read record
I (9189) mbedtls: ssl_cli.c:2757 <= parse certificate request
I (9199) mbedtls: ssl_cli.c:3363 client state: 6
I (9199) mbedtls: ssl_tls.c:2416 => flush output
I (9209) mbedtls: ssl_tls.c:2428 <= flush output
I (9209) mbedtls: ssl_cli.c:2767 => parse server hello done
I (9219) mbedtls: ssl_tls.c:3721 => read record
I (9229) mbedtls: ssl_tls.c:3754 <= read record
I (9229) mbedtls: ssl_cli.c:2797 <= parse server hello done
I (9239) mbedtls: ssl_cli.c:3363 client state: 7
I (9239) mbedtls: ssl_tls.c:2416 => flush output
I (9249) mbedtls: ssl_tls.c:2428 <= flush output
I (9249) mbedtls: ssl_tls.c:4203 => write certificate
I (9259) mbedtls: ssl_tls.c:2701 => write record
I (9269) mbedtls: ssl_tls.c:2416 => flush output
I (9279) mbedtls: ssl_tls.c:2435 message length: 876, out_left: 876
I (9279) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 876 (-0xfffffc94)
I (9289) mbedtls: ssl_tls.c:2460 <= flush output
I (9289) mbedtls: ssl_tls.c:2850 <= write record
I (9299) mbedtls: ssl_tls.c:4307 <= write certificate
I (9299) mbedtls: ssl_cli.c:3363 client state: 8
I (9309) mbedtls: ssl_tls.c:2416 => flush output
I (9309) mbedtls: ssl_tls.c:2428 <= flush output
I (9319) mbedtls: ssl_cli.c:2809 => write client key exchange
I (10839) mbedtls: ssl_tls.c:2701 => write record
I (10839) mbedtls: ssl_tls.c:2416 => flush output
I (10839) mbedtls: ssl_tls.c:2435 message length: 143, out_left: 143
I (10849) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 143 (-0xffffff71)
I (10849) mbedtls: ssl_tls.c:2460 <= flush output
I (10859) mbedtls: ssl_tls.c:2850 <= write record
I (10859) mbedtls: ssl_cli.c:3051 <= write client key exchange
I (10869) mbedtls: ssl_cli.c:3363 client state: 9
I (10879) mbedtls: ssl_tls.c:2416 => flush output
I (10879) mbedtls: ssl_tls.c:2428 <= flush output
I (10889) mbedtls: ssl_cli.c:3102 => write certificate verify
I (10889) mbedtls: ssl_tls.c:501 => derive keys
I (10909) mbedtls: ssl_tls.c:957 <= derive keys
I (10919) mbedtls: ssl_tls.c:1067 => calc verify sha384
I (10919) mbedtls: ssl_tls.c:1073 <= calc verify
I (12409) mbedtls: ssl_tls.c:2701 => write record
I (12409) mbedtls: ssl_tls.c:2416 => flush output
I (12409) mbedtls: ssl_tls.c:2435 message length: 269, out_left: 269
I (12419) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 269 (-0xfffffef3)
I (12429) mbedtls: ssl_tls.c:2460 <= flush output
I (12429) mbedtls: ssl_tls.c:2850 <= write record
I (12439) mbedtls: ssl_cli.c:3236 <= write certificate verify
I (12439) mbedtls: ssl_cli.c:3363 client state: 10
I (12449) mbedtls: ssl_tls.c:2416 => flush output
I (12449) mbedtls: ssl_tls.c:2428 <= flush output
I (12459) mbedtls: ssl_tls.c:4700 => write change cipher spec
I (12469) mbedtls: ssl_tls.c:2701 => write record
I (12469) mbedtls: ssl_tls.c:2416 => flush output
I (12479) mbedtls: ssl_tls.c:2435 message length: 6, out_left: 6
I (12489) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 6 (-0xfffffffa)
I (12489) mbedtls: ssl_tls.c:2460 <= flush output
I (12499) mbedtls: ssl_tls.c:2850 <= write record
I (12499) mbedtls: ssl_tls.c:4714 <= write change cipher spec
I (12509) mbedtls: ssl_cli.c:3363 client state: 11
I (12509) mbedtls: ssl_tls.c:2416 => flush output
I (12519) mbedtls: ssl_tls.c:2428 <= flush output
I (12529) mbedtls: ssl_tls.c:5233 => write finished
I (12529) mbedtls: ssl_tls.c:5107 => calc finished tls sha384
I (12539) mbedtls: ssl_tls.c:5137 <= calc finished
I (12539) mbedtls: ssl_tls.c:2701 => write record
I (12549) mbedtls: ssl_tls.c:1258 => encrypt buf
I (12559) mbedtls: ssl_tls.c:1560 <= encrypt buf
I (12559) mbedtls: ssl_tls.c:2416 => flush output
I (12569) mbedtls: ssl_tls.c:2435 message length: 45, out_left: 45
I (12569) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 45 (-0xffffffd3)
I (12579) mbedtls: ssl_tls.c:2460 <= flush output
I (12589) mbedtls: ssl_tls.c:2850 <= write record
I (12589) mbedtls: ssl_tls.c:5342 <= write finished
I (12599) mbedtls: ssl_cli.c:3363 client state: 12
I (12599) mbedtls: ssl_tls.c:2416 => flush output
I (12609) mbedtls: ssl_tls.c:2428 <= flush output
I (12609) mbedtls: ssl_tls.c:4723 =>Task watchdog got triggered. The following t
asks did not reset the watchdog in time:
- IDLE (CPU 1)
Tasks currently running:
CPU 0: IDLE
CPU 1: aws_iot_task
parse change cipher spec
I (12639) mbedtls: ssl_tls.c:3721 => read record
I (12639) mbedtls: ssl_tls.c:2208 => fetch input
I (12649) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (12649) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (12659) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 5 (-0xfffffff
b)
I (12669) mbedtls: ssl_tls.c:2403 <= fetch input
I (12669) mbedtls: ssl_tls.c:2208 => fetch input
I (12679) mbedtls: ssl_tls.c:2366 in_left: 5, nb_want: 6
I (12679) mbedtls: ssl_tls.c:2390 in_left: 5, nb_want: 6
I (12689) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 1 (-0xfffffff
f)
I (12699) mbedtls: ssl_tls.c:2403 <= fetch input
I (12699) mbedtls: ssl_tls.c:3754 <= read record
I (12709) mbedtls: ssl_tls.c:4801 <= parse change cipher spec
I (12719) mbedtls: ssl_cli.c:3363 client state: 13
I (12719) mbedtls: ssl_tls.c:2416 => flush output
I (12729) mbedtls: ssl_tls.c:2428 <= flush output
I (12729) mbedtls: ssl_tls.c:5359 => parse finished
I (12739) mbedtls: ssl_tls.c:5107 => calc finished tls sha384
I (12749) mbedtls: ssl_tls.c:5137 <= calc finished
I (12749) mbedtls: ssl_tls.c:3721 => read record
I (12759) mbedtls: ssl_tls.c:2208 => fetch input
I (12759) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (12769) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (12769) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 5 (-0xfffffff
b)
I (12779) mbedtls: ssl_tls.c:2403 <= fetch input
I (12789) mbedtls: ssl_tls.c:2208 => fetch input
I (12789) mbedtls: ssl_tls.c:2366 in_left: 5, nb_want: 45
I (12799) mbedtls: ssl_tls.c:2390 in_left: 5, nb_want: 45
I (12809) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 40 (-0xffffff
d8)
I (12809) mbedtls: ssl_tls.c:2403 <= fetch input
I (12819) mbedtls: ssl_tls.c:1576 => decrypt buf
I (12829) mbedtls: ssl_tls.c:2051 <= decrypt buf
I (12829) mbedtls: ssl_tls.c:3754 <= read record
I (12839) mbedtls: ssl_tls.c:5427 <= parse finished
I (12839) mbedtls: ssl_cli.c:3363 client state: 14
I (12849) mbedtls: ssl_tls.c:2416 => flush output
I (12849) mbedtls: ssl_tls.c:2428 <= flush output
I (12859) mbedtls: ssl_cli.c:3474 handshake: done
I (12859) mbedtls: ssl_cli.c:3363 client state: 15
I (12869) mbedtls: ssl_tls.c:2416 => flush output
I (12879) mbedtls: ssl_tls.c:2428 <= flush output
I (12879) mbedtls: ssl_tls.c:6567 <= handshake
I (12899) mbedtls: ssl_tls.c:7143 => write
I (12899) mbedtls: ssl_tls.c:2701 => write record
I (12899) mbedtls: ssl_tls.c:1258 => encrypt buf
I (12899) mbedtls: ssl_tls.c:1560 <= encrypt buf
I (12909) mbedtls: ssl_tls.c:2416 => flush output
I (12909) mbedtls: ssl_tls.c:2435 message length: 72, out_left: 72
I (12919) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 72 (-0xffffffb8)
I (12929) mbedtls: ssl_tls.c:2460 <= flush output
I (12929) mbedtls: ssl_tls.c:2850 <= write record
I (12939) mbedtls: ssl_tls.c:7171 <= write
I (12949) mbedtls: ssl_tls.c:6743 => read
I (12949) mbedtls: ssl_tls.c:3721 => read record
I (12949) mbedtls: ssl_tls.c:2208 => fetch input
I (12959) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (12969) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (12969) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 5 (-0xfffffff
b)
I (12979) mbedtls: ssl_tls.c:2403 <= fetch input
I (12989) mbedtls: ssl_tls.c:2208 => fetch input
I (12989) mbedtls: ssl_tls.c:2366 in_left: 5, nb_want: 31
I (12999) mbedtls: ssl_tls.c:2390 in_left: 5, nb_want: 31
I (12999) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 26 (-0xffffff
e6)
I (13009) mbedtls: ssl_tls.c:2403 <= fetch input
I (13019) mbedtls: ssl_tls.c:1576 => decrypt buf
I (13019) mbedtls: ssl_tls.c:2051 <= decrypt buf
I (13029) mbedtls: ssl_tls.c:4053 got an alert message, type: [1:0]
I (13039) mbedtls: ssl_tls.c:4068 is a close notify message
W (13039) mbedtls: ssl_tls.c:3739 mbedtls_ssl_read_record_layer() returned -3084
8 (-0x7880)
W (13049) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -30848 (-0x
7880)
I (13059) mbedtls: ssl_tls.c:6743 => read
I (13069) mbedtls: ssl_tls.c:3721 => read record
I (13069) mbedtls: ssl_tls.c:2208 => fetch input
I (13079) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (13079) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (13089) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 0 (-0x0000)
W (13099) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -29312 (-0x
7280)
W (13109) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2931
2 (-0x7280)
I (13109) mbedtls: ssl_tls.c:6743 => read
I (13119) mbedtls: ssl_tls.c:3721 => read record
I (13129) mbedtls: ssl_tls.c:2208 => fetch input
I (13129) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (18139) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (18139) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned -26624 (-0x68
00)
W (18139) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -26624 (-0x
6800)
W (18149) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2662
4 (-0x6800)
W (18159) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -26624 (-0x
6800)
I (18169) mbedtls: ssl_tls.c:6743 => read
I (18169) mbedtls: ssl_tls.c:3721 => read record
I (18179) mbedtls: ssl_tls.c:2208 => fetch input
I (18179) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (23189) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (23189) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned -26624 (-0x68
00)
W (23189) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -26624 (-0x
6800)
W (23199) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2662
4 (-0x6800)
W (23209) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -26624 (-0x
6800)
I (23219) mbedtls: ssl_tls.c:6743 => read
I (23219) mbedtls: ssl_tls.c:3721 => read record
I (23229) mbedtls: ssl_tls.c:2208 => fetch input
I (23229) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (28239) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (28239) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned -26624 (-0x68
00)
W (28239) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -26624 (-0x
6800)
W (28249) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2662
4 (-0x6800)
W (28259) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -26624 (-0x
6800)
I (28269) mbedtls: ssl_tls.c:6743 => read
I (28269) mbedtls: ssl_tls.c:3721 => read record
I (28279) mbedtls: ssl_tls.c:2208 => fetch input
I (28279) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5
I (32909) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5
I (32909) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned -26624 (-0x68
00)
W (32909) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -26624 (-0x
6800)
W (32919) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2662
4 (-0x6800)
W (32929) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -26624 (-0x
6800)
I (32939) mbedtls: ssl_tls.c:7186 => write close notify
I (32939) mbedtls: ssl_tls.c:4124 => send alert message
I (32949) mbedtls: ssl_tls.c:2701 => write record
I (32949) mbedtls: ssl_tls.c:1258 => encrypt buf
I (32959) mbedtls: ssl_tls.c:1560 <= encrypt buf
I (32969) mbedtls: ssl_tls.c:2416 => flush output
I (32969) mbedtls: ssl_tls.c:2435 message length: 31, out_left: 31
I (32979) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 31 (-0xffffffe1)
I (32989) mbedtls: ssl_tls.c:2460 <= flush output
I (32989) mbedtls: ssl_tls.c:2850 <= write record
I (32999) mbedtls: ssl_tls.c:4137 <= send alert message
I (32999) mbedtls: ssl_tls.c:7202 <= write close notify
I (33009) mbedtls: ssl_tls.c:7344 => free
I (33019) mbedtls: ssl_tls.c:7409 <= free
E (33019) subpub: Error(-28) connecting to a1mnryxxxxxx.iot.eu-west-1.amazonaw
s.com:8883
This repeats .......
..................
I checked connection by doing:
$ openssl s_client -connect a1mnry3c7llm0e.iot.eu-west-1.amazonaws.com:8883 -CAfile aws-root-ca.pem -cert certificate.pem.crt -key private.pem.key
CONNECTED(00000264)
---
Certificate chain
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.iot.eu-west-1.amazonaws.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGFjCCBP6gAwIBAgIQUdXgOgfSmqLRc8etqDAnajANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MTEyNzAwMDAwMFoX
DTE4MTEyODIzNTk1OVowdzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0
b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x
JjAkBgNVBAMMHSouaW90LmV1LXdlc3QtMS5hbWF6b25hd3MuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYHg9FYJADrs+5hZ3jEAlfu+U/fKpNNG
................
rhCGUgOWXU4usddFbcoEOiUuKmMCdIF24fBEJLMQBDFm8ubz7cRYsv1G5lILg1Ke
Am0QwYtO76FPNr0hDCcMuGov/vZCR3GyKsm6G3Kz12M0Q6xKYny6a11pLmUZRr3j
EWcvjDAxrleK1XzkqLXu9XRg4aU/aVnicZg=
-----END CERTIFICATE-----
subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.iot.eu-west-1.amazonaws.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3427 bytes and written 1579 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 5B0D67DD790DA9764F96C6F004B21C894F2251F5F7C9C09352077D088609AAEC
Session-ID-ctx:
Master-Key: 3B69962F4A6439AC4DB7441FAD008F550C7A93A189B215F700075E9E55140D1B7C869B001704B7DE630D366EA7FEE779
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1527605212
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Any help much appreciated .........
Re: ESP32 aws_iot subscribe/publish example error
Posted: Fri Jun 01, 2018 12:02 pm
by cadrjr1
The problem was solved by changing the policy.
Thanks to grant.rolls
viewtopic.php?t=5324#p23121
See policy below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Connect",
"iot:Receive",
"iot:Subscribe",
"iot:GetThingShadow",
"iot:DeleteThingShadow",
"iot:UpdateThingShadow"
],
"Resource": [
"*"
]
}
]
}