Connection Problem using Library HTTPS on AWS FreeRTOS 201910.00

leandropg wrote on December 05, 2019:

Hello Team,

I am testing the new library HTTPS include in the AWS FreeRTOS Version 201910.00 (https://docs.aws.amazon.com/freertos/latest/lib-ref/https/index.html). I am trying consume a REST Webservice using the library HTTPS over Ethernet… My board is Curiosity PIC32MZ EF Development Board and currently it works with HTTP calls in this moment… but I need change this calls by HTTPS… For this reason I want use the library, but the code stucked in the connection. The code is:


    IotHttpsConnectionHandle_t connectionHandle;
    IotHttpsConnectionInfo_t connectionInfo = IOT_HTTPS_CONNECTION_INFO_INITIALIZER;

    // Init Connection Handle
    connectionHandle = IOT_HTTPS_CONNECTION_HANDLE_INITIALIZER;
    
    // Set the Connection Configuration
    connectionInfo.pAddress = "www.amazon.com"
    connectionInfo.addressLen = strlen("www.amazon.com")
    connectionInfo.port = 443;
    connectionInfo.flags = 0;
    connectionInfo.pAlpnProtocols = "alpnproto0,alpnproto1";
    connectionInfo.userBuffer.pBuffer = _pConnUserBuffer;
    connectionInfo.userBuffer.bufferLen = sizeof(_pConnUserBuffer);
    connectionInfo.pNetworkInterface = AwsIotNetworkManager_GetNetworkInterface(AWSIOT_NETWORK_TYPE_ETH);
    connectionInfo.timeout = 7000;

    // Try Connect with HTTPS Server
    httpsClientStatus = IotHttpsClient_Connect(&connectionHandle, &connectionInfo);

I have setted the log level to 4 for show the MBED TLS Messages:

#ifdef MBEDTLS_DEBUG_C
#define tlsDEBUG_VERBOSE 4
#endif

I am new in the SSL protocol… I understand that it has steps to acomplish in the TLS negotiation… In the AWS FreeRTOS code I found this steps as enumeration (mbedtls_ssl_states):

0 MBEDTLS_SSL_HELLO_REQUEST,
1 MBEDTLS_SSL_CLIENT_HELLO,
2 MBEDTLS_SSL_SERVER_HELLO,
3 MBEDTLS_SSL_SERVER_CERTIFICATE,
4 MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
5 MBEDTLS_SSL_CERTIFICATE_REQUEST,
6 MBEDTLS_SSL_SERVER_HELLO_DONE,
7 MBEDTLS_SSL_CLIENT_CERTIFICATE,
8 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
9 MBEDTLS_SSL_CERTIFICATE_VERIFY,
10 MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
11 MBEDTLS_SSL_CLIENT_FINISHED,
12 MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
13 MBEDTLS_SSL_SERVER_FINISHED,
14 MBEDTLS_SSL_FLUSH_BUFFERS,
15 MBEDTLS_SSL_HANDSHAKE_WRAPUP,
16 MBEDTLS_SSL_HANDSHAKE_OVER,
17 MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
18 MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT

In the logs I see that the client state is increment from 0 to 3:

0 MBEDTLS_SSL_HELLO_REQUEST,
1 MBEDTLS_SSL_CLIENT_HELLO,
2 MBEDTLS_SSL_SERVER_HELLO,
3 MBEDTLS_SSL_SERVER_CERTIFICATE,

But it process stops in the step 3 (MBEDTLS_SSL_SERVER_CERTIFICATE)… and the IotHttpsClient_Connect function responds Error Code 203 (IOT_HTTPS_CONNECTION_ERROR)… even the function comes out before that finish the step 3… I have programmed many delays for wait that it responds… but always the code repeat the steps 0 to 3… I don’t understand what is the problem… and for why reason does not complete the connection process… In the example I try connect to www.amazon.com

I hope that someone can give some idea. For understand SSL, I found the next video: https://www.youtube.com/watch?v=sEkw8ZcxtFk

Thanks for all your help.

I attached the log genereated:

3 4190 mbedTLS: |2| 0x800556e4: client state: 0
4 4190 mbedTLS: |2| 0x800556e4: => flush output
5 4190 mbedTLS: |2| 0x800556e4: <= flush output
6 4190 mbedTLS: |2| 0x800556e4: client state: 1
7 4190 mbedTLS: |2| 0x800556e4: => flush output
8 4191 mbedTLS: |2| 0x800556e4: <= flush output
9 4191 mbedTLS: |2| 0x800556e4: => write client hello
10 4191 mbedTLS: |3| 0x800556e4: client hello, max version: [3:3]
11 4191 mbedTLS: |3| 0x800556e4: dumping ‘client hello, random bytes’ (32 bytes)
12 4191 mbedTLS: |3| 0x800556e4: 0000: 45 1d a3 ba a0 c2 3d c2 ea d4 16 6c 75 f8 0e 7f E…=…lu…
13 4191 mbedTLS: |3| 0x800556e4: 0010: 7a d2 a7 77 91 f4 9d 77 fb ad b9 8c d8 84 ad a2 z…w…w…
14 4191 mbedTLS: |3| 0x800556e4: client hello, session id len.: 0
15 4191 mbedTLS: |3| 0x800556e4: dumping ‘client hello, session id’ (0 bytes)
16 4191 mbedTLS: |3| 0x800556e4: client hello, add ciphersuite: c00a
17 4191 mbedTLS: |3| 0x800556e4: client hello, add ciphersuite: c014
18 4191 mbedTLS: |3| 0x800556e4: client hello, add ciphersuite: c02b
19 4191 mbedTLS: |3| 0x800556e4: client hello, add ciphersuite: c02f
20 4191 mbedTLS: |3| 0x800556e4: client hello, add ciphersuite: c023
21 4191 mbedTLS: |3| 0x800556e4: client hello, add ciphersuite: c027
22 4191 mbedTLS: |3| 0x800556e4: client hello, add ciphersuite: c009
23 4191 mbedTLS: |3| 0x800556e4: client hello, add ciphersuite: c013
24 4191 mbedTLS: |3| 0x800556e4: client hello, got 8 ciphersuites (excluding SCSVs)
25 4191 mbedTLS: |3| 0x800556e4: adding EMPTY_RENEGOTIATION_INFO_SCSV
26 4191 mbedTLS: |3| 0x800556e4: client hello, compress len.: 1
27 4191 mbedTLS: |3| 0x800556e4: client hello, compress alg.: 0
28 4191 mbedTLS: |3| 0x800556e4: client hello, adding server name extension: www.amazon.com
29 4191 mbedTLS: |3| 0x800556e4: client hello, adding signature_algorithms extension
30 4191 mbedTLS: |3| 0x800556e4: client hello, adding supported_elliptic_curves extension
31 4191 mbedTLS: |3| 0x800556e4: client hello, adding supported_point_formats extension
32 4192 mbedTLS: |3| 0x800556e4: client hello, adding encrypt_then_mac extension
33 4192 mbedTLS: |3| 0x800556e4: client hello, adding extended_master_secret extension
34 4192 mbedTLS: |3| 0x800556e4: client hello, total extension length: 59
35 4192 mbedTLS: |2| 0x800556e4: => write handshake message
36 4192 mbedTLS: |2| 0x800556e4: => write record
37 4192 mbedTLS: |3| 0x800556e4: output record: msgtype = 22, version = [3:3], msglen = 122
38 4192 mbedTLS: |4| 0x800556e4: dumping ‘output record sent to network’ (127 bytes)
39 4192 mbedTLS: |4| 0x800556e4: 0000: 16 03 03 00 7a 01 00 00 76 03 03 45 1d a3 ba a0 …z…v…E…
40 4192 mbedTLS: |4| 0x800556e4: 0010: c2 3d c2 ea d4 16 6c 75 f8 0e 7f 7a d2 a7 77 91 .=…lu…z…w.
41 4192 mbedTLS: |4| 0x800556e4: 0020: f4 9d 77 fb ad b9 8c d8 84 ad a2 00 00 12 c0 0a …w…
42 4192 mbedTLS: |4| 0x800556e4: 0030: c0 14 c0 2b c0 2f c0 23 c0 27 c0 09 c0 13 00 ff …+./.#.’…
43 4192 mbedTLS: |4| 0x800556e4: 0040: 01 00 00 3b 00 00 00 13 00 11 00 00 0e 77 77 77 …;…www
44 4192 mbedTLS: |4| 0x800556e4: 0050: 2e 61 6d 61 7a 6f 6e 2e 63 6f 6d 00 0d 00 0a 00 .amazon.com…
45 4192 mbedTLS: |4| 0x800556e4: 0060: 08 04 03 04 01 03 03 03 01 00 0a 00 04 00 02 00 …
46 4192 mbedTLS: |4| 0x800556e4: 0070: 17 00 0b 00 02 01 00 00 16 00 00 00 17 00 00 …
47 4192 mbedTLS: |2| 0x800556e4: => flush output
48 4192 mbedTLS: |2| 0x800556e4: message length: 127, out_left: 127
49 4193 mbedTLS: |2| 0x800556e4: ssl->f_send() returned 127 (-0xffffff81)
50 4193 mbedTLS: |2| 0x800556e4: <= flush output
51 4193 mbedTLS: |2| 0x800556e4: <= write record
52 4193 mbedTLS: |2| 0x800556e4: <= write handshake message
53 4193 mbedTLS: |2| 0x800556e4: <= write client hello
54 4193 mbedTLS: |2| 0x800556e4: client state: 2
55 4193 mbedTLS: |2| 0x800556e4: => flush output
56 4193 mbedTLS: |2| 0x800556e4: <= flush output
57 4193 mbedTLS: |2| 0x800556e4: => parse server hello
58 4193 mbedTLS: |2| 0x800556e4: => read record
59 4193 mbedTLS: |2| 0x800556e4: => fetch input
60 4193 mbedTLS: |2| 0x800556e4: in_left: 0, nb_want: 5
61 4290 mbedTLS: |2| 0x800556e4: in_left: 0, nb_want: 5
62 4290 mbedTLS: |2| 0x800556e4: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
63 4290 mbedTLS: |2| 0x800556e4: <= fetch input
64 4290 mbedTLS: |4| 0x800556e4: dumping ‘input record header’ (5 bytes)
65 4291 mbedTLS: |4| 0x800556e4: 0000: 16 03 03 00 3d …=
66 4291 mbedTLS: |3| 0x800556e4: input record: msgtype = 22, version = [3:3], msglen = 61
67 4291 mbedTLS: |2| 0x800556e4: => fetch input
68 4291 mbedTLS: |2| 0x800556e4: in_left: 5, nb_want: 66
69 4291 mbedTLS: |2| 0x800556e4: in_left: 5, nb_want: 66
70 4291 mbedTLS: |2| 0x800556e4: ssl->f_recv(_timeout)() returned 61 (-0xffffffc3)
71 4291 mbedTLS: |2| 0x800556e4: <= fetch input
72 4291 mbedTLS: |4| 0x800556e4: dumping ‘input record from network’ (66 bytes)
73 4291 mbedTLS: |4| 0x800556e4: 0000: 16 03 03 00 3d 02 00 00 39 03 03 6c f5 91 6f 8f …=…9…l…o.
74 4291 mbedTLS: |4| 0x800556e4: 0010: ac 0e 5c a2 69 e8 fe 32 fe 1b df c5 62 29 7a 0a …i…2…b)z.
75 4291 mbedTLS: |4| 0x800556e4: 0020: fb 3a a6 f7 ce c1 e7 37 10 66 0b 00 c0 2f 00 00 .:…7.f…/…
76 4291 mbedTLS: |4| 0x800556e4: 0030: 11 00 00 00 00 ff 01 00 01 00 00 0b 00 04 03 00 …
77 4291 mbedTLS: |4| 0x800556e4: 0040: 01 02 …
78 4291 mbedTLS: |3| 0x800556e4: handshake message: msglen = 61, type = 2, hslen = 61
79 4291 mbedTLS: |2| 0x800556e4: <= read record
80 4291 mbedTLS: |3| 0x800556e4: dumping ‘server hello, version’ (2 bytes)
81 4291 mbedTLS: |3| 0x800556e4: 0000: 03 03 …
82 4291 mbedTLS: |3| 0x800556e4: server hello, current time: 1828032879
83 4291 mbedTLS: |3| 0x800556e4: dumping ‘server hello, random bytes’ (32 bytes)
84 4292 mbedTLS: |3| 0x800556e4: 0000: 6c f5 91 6f 8f ac 0e 5c a2 69 e8 fe 32 fe 1b df l…o…i…2…
85 4292 mbedTLS: |3| 0x800556e4: 0010: c5 62 29 7a 0a fb 3a a6 f7 ce c1 e7 37 10 66 0b .b)z…:…7.f.
86 4292 mbedTLS: |3| 0x800556e4: server hello, session id len.: 0
87 4292 mbedTLS: |3| 0x800556e4: dumping ‘server hello, session id’ (0 bytes)
88 4292 mbedTLS: |3| 0x800556e4: no session has been resumed
89 4292 mbedTLS: |3| 0x800556e4: server hello, chosen ciphersuite: c02f
90 4292 mbedTLS: |3| 0x800556e4: server hello, compress alg.: 0
91 4292 mbedTLS: |3| 0x800556e4: server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
92 4292 mbedTLS: |2| 0x800556e4: server hello, total extension length: 17
93 4292 mbedTLS: |3| 0x800556e4: unknown extension found: 0 (ignoring)
94 4292 mbedTLS: |3| 0x800556e4: found renegotiation extension
95 4292 mbedTLS: |3| 0x800556e4: found supported_point_formats extension
96 4292 mbedTLS: |4| 0x800556e4: point format selected: 0
97 4292 mbedTLS: |2| 0x800556e4: <= parse server hello
98 4292 mbedTLS: |2| 0x800556e4: client state: 3
99 4292 mbedTLS: |2| 0x800556e4: => flush output
100 4292 mbedTLS: |2| 0x800556e4: <= flush output
101 4292 mbedTLS: |2| 0x800556e4: => parse certificate
102 4292 mbedTLS: |2| 0x800556e4: => read record
103 4292 mbedTLS: |2| 0x800556e4: => fetch input
104 4292 mbedTLS: |2| 0x800556e4: in_left: 0, nb_want: 5
105 4292 mbedTLS: |2| 0x800556e4: in_left: 0, nb_want: 5
106 4292 mbedTLS: |2| 0x800556e4: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
107 4292 mbedTLS: |2| 0x800556e4: <= fetch input
108 4292 mbedTLS: |4| 0x800556e4: dumping ‘input record header’ (5 bytes)
109 4292 mbedTLS: |4| 0x800556e4: 0000: 16 03 03 11 06 …
110 4292 mbedTLS: |3| 0x800556e4: input record: msgtype = 22, version = [3:3], msglen = 4358
111 4292 mbedTLS: |2| 0x800556e4: => fetch input
112 4293 mbedTLS: |2| 0x800556e4: in_left: 5, nb_want: 4363
113 4293 mbedTLS: |2| 0x800556e4: in_left: 5, nb_want: 4363
114 4293 mbedTLS: |2| 0x800556e4: ssl->f_recv(_timeout)() returned 1329 (-0xfffffacf)
115 4387 mbedTLS: |2| 0x800556e4: in_left: 1334, nb_want: 4363
116 4387 mbedTLS: |2| 0x800556e4: ssl->f_recv(_timeout)() returned 1400 (-0xfffffa88)
117 4483 mbedTLS: |2| 0x800556e4: in_left: 2734, nb_want: 4363
118 4483 mbedTLS: |2| 0x800556e4: ssl->f_recv(_timeout)() returned 700 (-0xfffffd44)
119 4484 mbedTLS: |2| 0x800556e4: in_left: 3434, nb_want: 4363
120 4484 mbedTLS: |2| 0x800556e4: ssl->f_recv(_timeout)() returned 700 (-0xfffffd44)
121 4579 mbedTLS: |2| 0x800556e4: in_left: 4134, nb_want: 4363
122 4579 mbedTLS: |2| 0x800556e4: ssl->f_recv(timeout)() returned 229 (-0xffffff1b)
123 4579 mbedTLS: |2| 0x800556e4: <= fetch input
124 4579 mbedTLS: |4| 0x800556e4: dumping ‘input record from network’ (4363 bytes)
125 4579 mbedTLS: |4| 0x800556e4: 0000: 16 03 03 11 06 0b 00 11 02 00 10 ff 00 07 84 30 …0
126 4579 mbedTLS: |4| 0x800556e4: 0010: 82 07 80 30 82 06 68 a0 03 02 01 02 02 10 0a 9e …0…h…
127 4579 mbedTLS: |4| 0x800556e4: 0020: 1e 13 8c c6 ad 57 82 c6 7c 26 c3 db 59 24 30 0d …W…|&…Y$0.
128 4579 mbedTLS: |4| 0x800556e4: 0030: 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 44 31 ….H…0D1
129 4580 mbedTLS: |4| 0x800556e4: 0040: 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 .0…U…US1.0.
130 4580 mbedTLS: |4| 0x800556e4: 0050: 06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20 …U…DigiCert
131 4580 mbedTLS: |4| 0x800556e4: 0060: 49 6e 63 31 1e 30 1c 06 03 55 04 03 13 15 44 69 Inc1.0…U…Di
132 4580 mbedTLS: |4| 0x800556e4: 0070: 67 69 43 65 72 74 20 47 6c 6f 62 61 6c 20 43 41 giCert Global CA
133 4580 mbedTLS: |4| 0x800556e4: 0080: 20 47 32 30 1e 17 0d 31 39 30 39 31 38 30 30 30 G20…190918000
134 4580 mbedTLS: |4| 0x800556e4: 0090: 30 30 30 5a 17 0d 32 30 30 38 32 33 31 32 30 30 000Z…2008231200
135 4580 mbedTLS: |4| 0x800556e4: 00a0: 30 30 5a 30 68 31 0b 30 09 06 03 55 04 06 13 02 00Z0h1.0…U…
136 4580 mbedTLS: |4| 0x800556e4: 00b0: 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 US1.0…U…Was
137 4580 mbedTLS: |4| 0x800556e4: 00c0: 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 hington1.0…U…
138 4580 mbedTLS: |4| 0x800556e4: 00d0: 13 07 53 65 61 74 74 6c 65 31 19 30 17 06 03 55 …Seattle1.0…U
139 4580 mbedTLS: |4| 0x800556e4: 00e0: 04 0a 13 10 41 6d 61 7a 6f 6e 2e 63 6f 6d 2c 20 …Amazon.com,
140 4580 mbedTLS: |4| 0x800556e4: 00f0: 49 6e 63 2e 31 17 30 15 06 03 55 04 03 13 0e 77 Inc.1.0…U…w
141 4581 mbedTLS: |4| 0x800556e4: 0100: 77 77 2e 61 6d 61 7a 6f 6e 2e 63 6f 6d 30 82 01 ww.amazon.com0…
142 4581 mbedTLS: |4| 0x800556e4: 0110: 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 "0…
.H…
143 4581 mbedTLS: |4| 0x800556e4: 0120: 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 83 22 …0…"
144 4581 mbedTLS: |4| 0x800556e4: 0130: 59 e0 8b 21 1e 77 4b 5c c7 33 a9 dd 19 31 c2 4b Y…!.wK.3…1.K
145 4581 mbedTLS: |4| 0x800556e4: 0140: 18 7d 44 16 80 98 57 9c 53 9b 6c 97 40 b0 ab 96 .}D…W.S.l.@…
146 4581 mbedTLS: |4| 0x800556e4: 0150: 51 cc 43 d1 25 66 a3 aa f5 39 0d b1 3d 7a db 68 Q.C.%f…9…=z.h
147 4581 mbedTLS: |4| 0x800556e4: 0160: 30 e5 a0 d7 1f a0 e2 04 02 eb 24 34 ed 31 95 7e 0…$4.1.~
148 4581 mbedTLS: |4| 0x800556e4: 0170: d4 53 61 b9 6c 2a 9f ae e7 aa 5d 32 18 f7 07 93 .Sa.l*…]2…
149 4581 mbedTLS: |4| 0x800556e4: 0180: 16 e0 e0 d7 01 7e 0a 55 2b 4c 3f 72 54 6c dc e5 …~.U+L?rTl…
150 4581 mbedTLS: |4| 0x800556e4: 0190: a9 bd da 1d d9 9f 37 e8 cc 7e ba 6e 3b 4b 3f 76 …7…~.n;K?v
151 4581 mbedTLS: |4| 0x800556e4: 01a0: dc dc 65 74 59 7c 01 f7 4c 52 b4 6b f2 59 9b 06 …etY|…LR.k.Y…
152 4581 mbedTLS: |4| 0x800556e4: 01b0: f5 1d 5c be 6d ef 57 4a 8a 96 53 75 c3 03 a6 0c …m.WJ…Su…
153 4581 mbedTLS: |4| 0x800556e4: 01c0: 49 92 14 19 1c 23 c6 fe 01 80 fa ee c1 dc 83 fe I…#…
154 4582 mbedTLS: |4| 0x800556e4: 01d0: 68 51 e1 da b0 9a 9c 81 62 6a 5f c3 a7 49 c2 9a hQ…bj
…I…
155 4582 mbedTLS: |4| 0x800556e4: 01e0: b2 7e 2e 74 2d c4 c8 c7 0c 30 0f 60 29 d2 45 e8 .~.t-…0.`).E.
156 4582 mbedTLS: |4| 0x800556e4: 01f0: 8c d6 51 72 47 de 46 2b a1 05 73 89 83 cc 9f ed …QrG.F+…s…
157 4582 mbedTLS: |4| 0x800556e4: 0200: 9a 03 ac e5 8a bd 15 0d e1 6c de 53 0e 83 b3 8e …l.S…
158 4582 mbedTLS: |4| 0x800556e4: 0210: 96 05 eb d2 86 19 d5 99 55 df 06 6f d4 76 2d 34 …U…o.v-4
159 4582 mbedTLS: |4| 0x800556e4: 0220: 91 a0 82 9e 8a 36 02 fa 2c 6c f8 37 b2 65 02 03 …6…,l.7.e…
160 4582 mbedTLS: |4| 0x800556e4: 0230: 01 00 01 a3 82 04 48 30 82 04 44 30 1f 06 03 55 …H0…D0…U
161 4582 mbedTLS: |4| 0x800556e4: 0240: 1d 23 04 18 30 16 80 14 24 6e 2b 2d d0 6a 92 51 .#…0…$n±.j.Q
162 4582 mbedTLS: |4| 0x800556e4: 0250: 51 25 69 01 aa 9a 47 a6 89 e7 40 20 30 1d 06 03 Q%i…G…@ 0…
163 4582 mbedTLS: |4| 0x800556e4: 0260: 55 1d 0e 04 16 04 14 20 c8 61 a9 e9 63 95 d6 df U… .a…c…
164 4582 mbedTLS: |4| 0x800556e4: 0270: 46 2b 33 ed 96 39 1c b7 5e 53 74 30 82 01 82 06 F+3…9…^St0…
165 4582 mbedTLS: |4| 0x800556e4: 0280: 03 55 1d 11 04 82 01 79 30 82 01 75 82 0a 61 6d .U…y0…u…am
166 4582 mbedTLS: |4| 0x800556e4: 0290: 61 7a 6f 6e 2e 63 6f 6d 82 08 61 6d 7a 6e 2e 63 azon.com…amzn.c
167 4583 mbedTLS: |4| 0x800556e4: 02a0: 6f 6d 82 11 75 65 64 61 74 61 2e 61 6d 61 7a 6f om…uedata.amazo
168 4583 mbedTLS: |4| 0x800556e4: 02b0: 6e 2e 63 6f 6d 82 0d 75 73 2e 61 6d 61 7a 6f 6e n.com…us.amazon
169 4583 mbedTLS: |4| 0x800556e4: 02c0: 2e 63 6f 6d 82 0e 77 77 77 2e 61 6d 61 7a 6f 6e .com…www.amazon
170 4583 mbedTLS: |4| 0x800556e4: 02d0: 2e 63 6f 6d 82 0c 77 77 77 2e 61 6d 7a 6e 2e 63 .com…www.amzn.c
171 4583 mbedTLS: |4| 0x800556e4: 02e0: 6f 6d 82 14 63 6f 72 70 6f 72 61 74 65 2e 61 6d om…corporate.am
172 4583 mbedTLS: |4| 0x800556e4: 02f0: 61 7a 6f 6e 2e 63 6f 6d 82 11 62 75 79 62 6f 78 azon.com…buybox
173 4583 mbedTLS: |4| 0x800556e4: 0300: 2e 61 6d 61 7a 6f 6e 2e 63 6f 6d 82 11 69 70 68 .amazon.com…iph
174 4583 mbedTLS: |4| 0x800556e4: 0310: 6f 6e 65 2e 61 6d 61 7a 6f 6e 2e 63 6f 6d 82 0d one.amazon.com
175 4583 mbedTLS: |4| 0x800556e4: 0320: 79 70 2e 61 6d 61 7a 6f 6e 2e 63 6f 6d 82 0f 68 yp.amazon.com…h
176 4583 mbedTLS: |4| 0x800556e4: 0330: 6f 6d 65 2e 61 6d 61 7a 6f 6e 2e 63 6f 6d 82 15 ome.amazon.com
177 4583 mbedTLS: |4| 0x800556e4: 0340: 6f 72 69 67 69 6e 2d 77 77 77 2e 61 6d 61 7a 6f origin-www.amazo
178 4583 mbedTLS: |4| 0x800556e4: 0350: 6e 2e 63 6f 6d 82 21 62 75 63 6b 65 79 65 2d 72 n.com.!buckeye-r
179 4583 mbedTLS: |4| 0x800556e4: 0360: 65 74 61 69 6c 2d 77 65 62 73 69 74 65 2e 61 6d etail-website.am
180 4584 mbedTLS: |4| 0x800556e4: 0370: 61 7a 6f 6e 2e 63 6f 6d 82 12 68 75 64 64 6c 65 azon.com…huddle

Edited by: leandropg on Dec 5, 2019 12:21 PM

leandropg wrote on December 10, 2019:

Hi Dan… Thank you for your response… I answer your questions:

  1. After the line 180, there aren’t more lines related with the HTTPS process… insted the call to the function IotHttpsClient_Connect finished with error, and my code continue work

  2. Yes, I have increased the value configTOTAL_HEAP_SIZE to the maximum… but the process does not work… In this moment the value is 390.000 but my current aplication works fine with 330.000 … I have increase this value in 60.000… I don’t know is this value is sufficient

  3. When I make a debug session, I can trace the code until some point… after the code crashed for any specific reason and I don’t understand what is the real problem… the TLS code is very complex for understand in which step crash and for why

  4. I started to use the MQTT Library and I have the same problem when I use the function IotMqtt_Connect… the process stops in the step 2 (MBEDTLS_SSL_SERVER_HELLO) and the code reboot in this step

  5. I don’t know how continue… I don’t achive a MQTT connection or HTTPS connection and my project need it now…

Thank your for all your help

DanAG-aws wrote on December 10, 2019:

Hi, leandropg.
I read through the log messages you posted. They appear to end quite abruptly. Are there any more log messages after message #180?

As a shot in the dark, have you tried increasing configTOTAL_HEAP_SIZE ?

Are you able to step through the code in a debugger?

Yuki-AWS wrote on December 17, 2019:

From the original post, it seems this issue is not in HTTP or MQTT. But rather socket/TLS.

I would start with MQTT demo, to confirm certification, endpoint, and IoT permission etc. are correct before moving on to HTTP. MQTT demo and all its dependencies are expected to work out of box. (So does HTTP, though I’m not an expert in HTTP and I didn’t try. Just to clarify.) If handshake is failing in MQTT demo, I would double check –
(for demos)
./demos/include/aws_clientcredential.h
./demos/include/aws_clientcredential_keys.h
(for tests)
./tests/include/aws_clientcredential.h
./tests/include/aws_clientcredential_keys.h

to confirm WiFi SSID/password/security type && thing name && broker endpoint && client cert/private key combination is correct. (I’m assuming client cert/private key are correctly generated from IoT Core, that is it has worked before for you.)