AWS HTTPS client on cortex M4 boards cannot connect to HTTPS server

I want to communicate to HTTPS server running on my windows machine. Here HTTPS server is created using FLASK utility in python. Cortex M4 board is HTTPS client (AWS HTTPS library/SDK is used to configure the cortex M4 board as HTTPS client.)

I followed a demo example available on github.
As HTTPS server is running on local machine I have not used IotHttpsClient_GetUrlPath() and IotHttpsClient_GetUrlAddress().

Instead I fed IP address of local machine in connConfig, mentioned below.
When I try to connect to HTTPS server, I always get the error “IOT_HTTPS_CONNECTION_ERROR” from function “IotHttpsClient_Connect( &connHandle, &connConfig );

The config structure used as follows:
connConfig.pAddress = (“”);///IP address of windows machine
connConfig.addressLen = strlen(“”);
connConfig.port = 4433;///Custom port used
connConfig.pAlpnProtocols = NULL;
connConfig.caCertLen = sizeof( SERVER_CERTIFICATE_PEM );
connConfig.userBuffer.pBuffer = _pConnUserBuffer;
connConfig.userBuffer.bufferLen = sizeof( _pConnUserBuffer );
connConfig.pClientCert = pNetworkCredentialInfo.pClientCert;
connConfig.clientCertLen = pNetworkCredentialInfo.clientCertSize;
connConfig.pPrivateKey = pNetworkCredentialInfo.pPrivateKey;
connConfig.privateKeyLen = pNetworkCredentialInfo.privateKeySize;
connConfig.pNetworkInterface = & IotNetworkAfr;

The certificates used are self signed certificates and created using openSSL.

Hello @suraj.gaikwad,

Can you post what version of Amazon FreeRTOS you are using? Also can you attach a more complete log so we can begin to trouble shoot. Would it be possible to first establish a HTTP connection to rule out any issues with the credentials?



Hi @lundinc, Thanks for reply.
The freeRTOS version used is FreeRTOS: 202007.00.
FreeRTOS logging is disabled, so I may not be able to provide the detailed logs.
After debugging I found that TLS_Connect() APi is failing, which results in failure of the SOCKET_connect() API.

I have not tried this, I shall try this way and let you know the results.

I am new to this platform, Sorry if I sound noob.

Hi @suraj.gaikwad,

In that case it may seem to be an issue with the TLS setup. Please let me know if you need assistance in enabling the logs, the TLS stack logs can be particularly helpful in diagnosing an issue with the TLS.

You do not sound noob! :slight_smile:



I understand that by default this library will enable the secured communication. So I updated the connConfig structure to disable the TLS handshaking, by setting the flag to connConfig.flags = IOT_HTTPS_IS_NON_TLS_FLAG; and it worked,
IotHttpsClient_Connect( &connHandle, &connConfig );returned the IOT_HTTPS_OK return code.

Seems that this is the issue. When I debugged the application I found that IotHttpsClient_Connect(&connHandle, &connConfig);calls SOCKETS_Socket(); and Socket connect(); API’s/functions. Out of these 2 functions SOCKETS_Socket(SOCKETS_AF_INET,SOCKETS_SOCK_STREAM,SOCKETS_IPPROTO_TCP); function is returning the non-null. Inside SOCKET_Connect() function, handshaking is started. The function TLS_Connect() is failing with SOCKETS_TLS_HANDSHAKE_ERROR error code.

I am using self signed certificates, created using OpenSSL library. The procedure I followed to generate the certificates is available at this location. Let me know if I have missed any step.
I tried attaching the Wireshark logs, but it is not allowing me to attach the file.


Hi @suraj.gaikwad,

It may be better to follow the instructions here Currently there are no examples / code using PKCS #12 for key and certificate bundling.

You will see in the readme I linked above, where the client and server certificates should go. If you do not want to verify the client identity, you can skip the client certificates, and only add the server certificate to your CA certificate chain.



@lundinc Thank you for your help, the application is working. SNI was enabled by default this was causing the problem. after disabling the SNI handshake is successfully completed. As of now I don’t have much knowledge on SNI. I shall work on it.

If you can help me with some document/example, it would great help.

This ticket/issue can be closed.

Thank you for the help.