Publishing to greengrass using the mqtt demo does not work (CC3220SF)

Hello,

I’m trying to run the mqtt demo using my greengrass server that I confirmed is working using mosquitto with the same certificates and keys.

However, even though the connection is successful, I’m getting errors while publishing. The log looks like this (I have a couple extra timestamps):

0 1000 [Tmr Svc] Simple Link task created
Device came up in Station mode
1 1424 [Tmr Svc] Write certificate...
2 2182 [Tmr Svc] Write certificate...
3 2284 [Tmr Svc] Security alert threshold = 15
4 2284 [Tmr Svc] Current number of alerts = 0
5 2285 [Tmr Svc] Running Demos.
6 2286 [iot_thread] [INFO ][DEMO][2286] ---------STARTING DEMO---------

7 2303 [iot_thread] [INFO ][INIT][2303] SDK successfully initialized.
Device came up in Station mode
[WLAN EVENT] STA Connected to the AP: ******** , BSSID: f8:1a:67:5a:ea:4d
[NETAPP EVENT] IP acquired by the device

Device has connected to ********
Device IP Address is 192.168.0.103

8 3706 [iot_thread] [INFO ][DEMO][3706] Successfully initialized the demo. Network type for the demo: 1
9 3706 [iot_thread] [INFO ][MQTT][3706] MQTT library successfully initialized.
10 3790 [iot_thread] [INFO ][DEMO][3789] MQTT demo client identifier is cc3220sf (length 8).
11 4195 [iot_thread] [INFO ][MQTT][4195] Establishing new MQTT connection.
12 4203 [iot_thread] [INFO ][MQTT][4203] (MQTT connection 20007710, CONNECT operation 20007618) Waiting for operation completion.
13 4210 [iot_thread] [INFO ][MQTT][4210] (MQTT connection 20007710, CONNECT operation 20007618) Wait complete with result SUCCESS.
14 4227 [iot_thread] [INFO ][MQTT][4227] New MQTT connection 20003450 established.
15 4227 [iot_thread] [INFO ][DEMO][4227] MQTT CONNECT (3790, 4227)
16 4242 [iot_thread] [INFO ][DEMO][4242] Publishing messages 0 to 0.
17 4243 [iot_thread] [INFO ][MQTT][4243] (MQTT connection 20007710) MQTT PUBLISH operation queued.
18 4243 [iot_thread] [INFO ][DEMO][4243] Waiting for 1 publishes to be received.
19 5243 [iot_thread] ERROR: -1 Socket send failed.
20 5243 [iot_thread] [ERROR][NET][5243] Error -1 while sending data.
21 5244 [iot_thread] [ERROR][DEMO][5244] MQTT PUBLISH 536970752 could not be sent. Error NETWORK ERROR.
22 9243 [iot_thread] [ERROR][DEMO][9243] Timed out waiting for incoming PUBLISH messages.
23 9243 [iot_thread] [INFO ][DEMO][9243] 0 publishes received.
24 9243 [iot_thread] [INFO ][MQTT][9243] (MQTT connection 20007710) Disconnecting connection.
25 9244 [iot_thread] ERROR: -1 Socket send failed.
26 9244 [iot_thread] [ERROR][NET][9244] Error -1 while sending data.
27 9244 [iot_thread] [INFO ][MQTT][9244] (MQTT connection 20007710, DISCONNECT operation 20007618) Waiting for operation completion.
28 9245 [iot_thread] [INFO ][MQTT][9245] (MQTT connection 20007710, DISCONNECT operation 20007618) Wait complete with result NETWORK ERROR.
29 9245 [iot_thread] [WARN ][MQTT][9245] (MQTT connection 20007710) DISCONNECT not sent, error NETWORK ERROR.
30 9246 [iot_thread] [INFO ][MQTT][9246] (MQTT connection 20007710) Network connection closed.
31 9322 [iot_thread] [INFO ][MQTT][9322] (MQTT connection 20007710) Network connectioDevice disconnected from the AP on application's request
n destroyed.
32 9322 [iot_thread] [INFO ][MQTT][9322] MQTT library cleanup done.
33 9322 [iot_thread] [INFO ][DEMO][9322] memory_metrics::freertos_heap::before::bytes::74024
34 9323 [iot_thread] [INFO ][DEMO][9322] memory_metrics::freertos_heap::after::bytes::44152
35 9323 [iot_thread] [INFO ][DEMO][9323] memory_metrics::demo_task_stack::before::bytes::2816
36 9324 [iot_thread] [INFO ][DEMO][9323] memory_metrics::demo_task_stack::after::bytes::1544
37 9324 [iot_thread] [ERROR][DEMO][9324] Error running demo.
38 9337 [iot_thread] Wi-Fi Disconnected.
39 9387 [iot_thread] [INFO ][INIT][9387] SDK cleanup done.
40 9388 [iot_thread] [INFO ][DEMO][9387] -------DEMO FINISHED-------

As the connection is successful, I’m assuming the key setup works, but I don’t see what else could be broken.

Hello @bakir

Please note that it is still possible for connection to succeed even if the keys aren’t setup correctly.

Are you able to provide more details such as wireshark traces for these attempted transactions and any default demo configurations that were modified? Please do not include any keys.

Did you use the Quick Connect Workflow available in the AWS FreeRTOS Console? There are several aspects that this flow simplifies for the user such as ensuring keys are created, correct policies are created, and association of keys/policies are made for you target device.

It may also help to reference auto-generated version of an aws_clientcredential_keys.h file to compare and ensure that key formatting is correct. It’s possible that Mosquitto uses a format for keys that is different than formatting required in aws_clientcredential_keys.h.

Hi David,

Thanks for the reply. Sorry I couldn’t get back sooner, but I was disrupted heavily due to the COVID-19 situation.

I don’t have a wireshark trace, but I acquired a trace between the greengrass instance and the device with tcpdump (tcpdump "dst DEVICe || src DEVICE" -X). For whatever reason, the forum isn’t allowing me to attach files so I’m just including it below.

Can you make any sense out of this?


23:55:24.648933 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [S], seq 4243780474, win 33580, options [mss 1386,nop,nop,nop,eol], length 0
        0x0000:  4500 0030 9e3f 0000 7d06 e03d a9e7 096a  E..0.?..}..=...j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f37a 0000 0000  .....>"....z....
        0x0020:  7002 832c 6494 0000 0204 056a 0101 0100  p..,d......j....
23:55:24.648976 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [S.], seq 306415442, ack 4243780475, win 29200, options [mss 1460], length 0
        0x0000:  4500 002c 0000 4000 4006 7b81 0a0b 01ef  E..,..@.@.{.....
        0x0010:  a9e7 096a 22b3 cc3e 1243 8752 fcf2 f37b  ...j"..>.C.R...{
        0x0020:  6012 7210 bf69 0000 0204 05b4            `.r..i......
23:55:24.686940 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [.], ack 1, win 33580, length 0
        0x0000:  4500 0028 9fe5 0000 7d06 de9f a9e7 096a  E..(....}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f37b 1243 8753  .....>"....{.C.S
        0x0020:  5010 832c f465 0000                      P..,.e..
23:55:24.701301 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [P.], seq 1:119, ack 1, win 33580, length 118
        0x0000:  4500 009e a05d 0000 7d06 ddb1 a9e7 096a  E....]..}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f37b 1243 8753  .....>"....{.C.S
        0x0020:  5018 832c 7f6c 0000 1603 0300 7101 0000  P..,.l......q...
        0x0030:  6d03 0384 8c9f d6c6 e6d3 7629 2e15 be9d  m.........v)....
        0x0040:  c36d 74d7 9566 b708 fe00 ce60 0313 5a4b  .mt..f.....`..ZK
        0x0050:  d1a3 7a00 0002 009c 0100 0042 000d 000a  ..z........B....
        0x0060:  0008 0601 0501 0401 0201 0010 001e 001c  ................
        0x0070:  0868 7474 702f 312e 3102 6832 0368 3263  .http/1.1.h2.h2c
        0x0080:  0568 322d 3134 0568 322d 3136 000a 000e  .h2-14.h2-16....
        0x0090:  000c 0010 0013 0015 0017 0018 0019       ..............
23:55:24.701352 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [.], ack 119, win 29200, length 0
        0x0000:  4500 0028 9bfe 4000 4006 df86 0a0b 01ef  E..(..@.@.......
        0x0010:  a9e7 096a 22b3 cc3e 1243 8753 fcf2 f3f1  ...j"..>.C.S....
        0x0020:  5010 7210 bf65 0000                      P.r..e..
23:55:24.702022 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [P.], seq 1:1392, ack 119, win 29200, length 1391
        0x0000:  4500 0597 9bff 4000 4006 da16 0a0b 01ef  E.....@.@.......
        0x0010:  a9e7 096a 22b3 cc3e 1243 8753 fcf2 f3f1  ...j"..>.C.S....
        0x0020:  5018 7210 c4d4 0000 1603 0300 2a02 0000  P.r.........*...
        0x0030:  2603 0326 3cc7 4c3d ac0e b469 ceef 79f4  &..&<.L=...i..y.
        0x0040:  49a5 0cd9 04aa e736 0672 2e59 0ac0 af61  I......6.r.Y...a
        0x0050:  2e2f 2a00 009c 0016 0303 0512 0b00 050e  ./*.............
        0x0060:  0005 0b00 0508 3082 0504 3082 03ec a003  ......0...0.....
        0x0070:  0201 0202 1500 e69d b510 0251 5975 da49  ...........QYu.I
        0x0080:  d6c1 15f1 1b9c 9a19 64dd 300d 0609 2a86  ........d.0...*.
        0x0090:  4886 f70d 0101 0b05 0030 81a8 310b 3009  H........0..1.0.
        0x00a0:  0603 5504 0613 0255 5331 1830 1606 0355  ..U....US1.0...U
        0x00b0:  040a 0c0f 416d 617a 6f6e 2e63 6f6d 2049  ....Amazon.com.I
        0x00c0:  6e63 2e31 1c30 1a06 0355 040b 0c13 416d  nc.1.0...U....Am
        0x00d0:  617a 6f6e 2057 6562 2053 6572 7669 6365  azon.Web.Service
        0x00e0:  7331 1330 1106 0355 0408 0c0a 5761 7368  s1.0...U....Wash
        0x00f0:  696e 6774 6f6e 3110 300e 0603 5504 070c  ington1.0...U...
        0x0100:  0753 6561 7474 6c65 313a 3038 0603 5504  .Seattle1:08..U.
        0x0110:  030c 3136 3033 3439 3532 3932 3031 373a  ..1603495292017:
        0x0120:  3830 3436 3661 3734 2d65 6638 652d 3436  80466a74-ef8e-46
        0x0130:  6364 2d61 3130 382d 3436 6635 6334 3066  cd-a108-46f5c40f
        0x0140:  3337 6334 301e 170d 3230 3033 3139 3232  37c40...20031922
        0x0150:  3234 3533 5a17 0d32 3030 3332 3632 3232  2453Z..200326222
        0x0160:  3435 335a 3081 8431 0b30 0906 0355 0406  453Z0..1.0...U..
        0x0170:  1302 5553 3113 3011 0603 5504 0813 0a57  ..US1.0...U....W
        0x0180:  6173 6869 6e67 746f 6e31 1030 0e06 0355  ashington1.0...U
        0x0190:  0407 1307 5365 6174 746c 6531 1830 1606  ....Seattle1.0..
        0x01a0:  0355 040a 130f 416d 617a 6f6e 2e63 6f6d  .U....Amazon.com
        0x01b0:  2049 6e63 2e31 1c30 1a06 0355 040b 1313  .Inc.1.0...U....
        0x01c0:  416d 617a 6f6e 2057 6562 2053 6572 7669  Amazon.Web.Servi
        0x01d0:  6365 7331 1630 1406 0355 0403 0c0d 6361  ces1.0...U....ca
        0x01e0:  7070 6170 6572 5f43 6f72 6530 8201 2230  ppaper_Core0.."0
        0x01f0:  0d06 092a 8648 86f7 0d01 0101 0500 0382  ...*.H..........
        0x0200:  010f 0030 8201 0a02 8201 0100 e64a 11e4  ...0.........J..
        0x0210:  e61f 24f9 823e 4a15 e3e3 2c03 326f cb92  ..$..>J...,.2o..
        0x0220:  679f 3fb9 f68e 983b 1891 3101 972a 2285  g.?....;..1..*".
        0x0230:  6aeb 2f4f d681 42b9 f129 cac9 0f59 ea4c  j./O..B..)...Y.L
        0x0240:  c78e d470 2b47 9733 1984 77f0 b0b6 eec0  ...p+G.3..w.....
        0x0250:  7399 8458 aad5 2b76 c0b6 80a4 66e6 ce98  s..X..+v....f...
        0x0260:  b7a3 dc79 3801 71a3 5dda aefb 3905 671f  ...y8.q.]...9.g.
        0x0270:  cfc4 b0d2 d958 e6d4 37ef debe 2742 e109  .....X..7...'B..
        0x0280:  0f63 25f8 c3a5 bfa1 ee65 f665 e6af 4a13  .c%......e.e..J.
        0x0290:  f564 9022 438e 5153 9c86 8974 a59c ac4b  .d."C.QS...t...K
        0x02a0:  92f4 21e3 769e d00c 96f5 dc7b 0cdb 5840  ..!.v......{..X@
        0x02b0:  0c6c 138b 6b64 5da9 c1ba a575 2cef af3f  .l..kd]....u,..?
        0x02c0:  1160 1684 12b2 fb50 626b a348 b1ab 82ac  .`.....Pbk.H....
        0x02d0:  8647 8b60 a649 0d22 297c 391c 0747 7bb2  .G.`.I.")|9..G{.
        0x02e0:  16f9 7ec6 a5b2 43b9 be4a bb7e 8bd9 3b58  ..~...C..J.~..;X
        0x02f0:  91b3 9c36 4e64 f308 3a08 6464 bf8e b6ec  ...6Nd..:.dd....
        0x0300:  a7b1 642b fe4f 85c9 e873 17d3 0203 0100  ..d+.O...s......
        0x0310:  01a3 8201 4530 8201 4130 81e8 0603 551d  ....E0..A0....U.
        0x0320:  2304 81e0 3081 dd80 14ee 10c0 b72a 196e  #...0........*.n
        0x0330:  dc49 22ae d861 f96c 279d 973a 27a1 81ae  .I"..a.l'..:'...
        0x0340:  a481 ab30 81a8 310b 3009 0603 5504 0613  ...0..1.0...U...
        0x0350:  0255 5331 1830 1606 0355 040a 0c0f 416d  .US1.0...U....Am
        0x0360:  617a 6f6e 2e63 6f6d 2049 6e63 2e31 1c30  azon.com.Inc.1.0
        0x0370:  1a06 0355 040b 0c13 416d 617a 6f6e 2057  ...U....Amazon.W
        0x0380:  6562 2053 6572 7669 6365 7331 1330 1106  eb.Services1.0..
        0x0390:  0355 0408 0c0a 5761 7368 696e 6774 6f6e  .U....Washington
        0x03a0:  3110 300e 0603 5504 070c 0753 6561 7474  1.0...U....Seatt
        0x03b0:  6c65 313a 3038 0603 5504 030c 3136 3033  le1:08..U...1603
        0x03c0:  3439 3532 3932 3031 373a 3830 3436 3661  495292017:80466a
        0x03d0:  3734 2d65 6638 652d 3436 6364 2d61 3130  74-ef8e-46cd-a10
        0x03e0:  382d 3436 6635 6334 3066 3337 6334 8214  8-46f5c40f37c4..
        0x03f0:  7302 de1f 9438 6400 6f7f 1982 2832 378b  s....8d.o...(27.
        0x0400:  a5f4 c4a9 300c 0603 551d 1301 01ff 0402  ....0...U.......
        0x0410:  3000 301d 0603 551d 0e04 1604 14a9 9bfb  0.0...U.........
        0x0420:  2fed ef9f c142 f46d e202 ef01 7d98 7d5f  /....B.m....}.}_
        0x0430:  7c30 1606 0355 1d25 0101 ff04 0c30 0a06  |0...U.%.....0..
        0x0440:  082b 0601 0505 0703 0130 0f06 0355 1d11  .+.......0...U..
        0x0450:  0408 3006 8704 806f 2d76 300d 0609 2a86  ..0....o-v0...*.
        0x0460:  4886 f70d 0101 0b05 0003 8201 0100 47e3  H.............G.
        0x0470:  f1c2 22c9 354f f504 31ac df35 bbd2 2b82  ..".5O..1..5..+.
        0x0480:  99c8 8385 6ce4 6d97 8de9 50c6 4a3d 19ca  ....l.m...P.J=..
        0x0490:  dd15 b2ff 8b9d d737 f9de 12b0 6818 e5d1  .......7....h...
        0x04a0:  2a87 a8a9 ee1e 20b1 9843 d113 c034 4a01  *........C...4J.
        0x04b0:  cd7e 23c7 d2f4 f7a2 33bb 1eb0 80aa 76d0  .~#.....3.....v.
        0x04c0:  b0fb f91d 48b3 91a8 089c 328f 429a 74ac  ....H.....2.B.t.
        0x04d0:  a19e 73d4 163e 2c1a 0628 41b3 72ec e572  ..s..>,..(A.r..r
        0x04e0:  00f6 de86 d329 2908 2282 5372 6d64 587d  .....)).".SrmdX}
        0x04f0:  32df 5c03 ac41 01f7 c875 fcdb 1932 a3f9  2.\..A...u...2..
        0x0500:  65af 30d6 96f5 bfb9 940d a9f4 ff10 402a  e.0...........@*
        0x0510:  6dd7 a779 9944 b5df 2ae6 c704 7d98 9947  m..y.D..*...}..G
        0x0520:  6408 7c60 0ec1 176b 8f01 10d2 d416 ee96  d.|`...k........
        0x0530:  2c45 9c03 c813 4b97 86d2 228a ccfb 8b27  ,E....K..."....'
        0x0540:  41bc d711 7e51 2d6a e7d1 d556 25ec 584c  A...~Q-j...V%.XL
        0x0550:  356c f970 f1e6 0f44 79c9 158f 981e fd3e  5l.p...Dy......>
        0x0560:  1f39 8aa8 940a c563 3f95 ab1c 6c08 1603  .9.....c?...l...
        0x0570:  0300 1b0d 0000 1702 0140 0010 0401 0403  .........@......
        0x0580:  0501 0503 0601 0603 0201 0203 0000 1603  ................
        0x0590:  0300 040e 0000 00                        .......
23:55:24.757710 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [.], ack 1392, win 30660, length 0
        0x0000:  4500 0028 a0f7 0000 7d06 dd8d a9e7 096a  E..(....}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f3f1 1243 8cc2  .....>"......C..
        0x0020:  5010 77c4 f9e8 0000                      P.w.....
23:55:24.802164 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [P.], seq 119:996, ack 1392, win 33580, length 877
        0x0000:  4500 0395 a129 0000 7d06 d9ee a9e7 096a  E....)..}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f3f1 1243 8cc2  .....>"......C..
        0x0020:  5018 832c 9c69 0000 1603 0303 680b 0003  P..,.i......h...
        0x0030:  6400 0361 0003 5e30 8203 5a30 8202 42a0  d..a..^0..Z0..B.
        0x0040:  0302 0102 0215 00eb ef44 ca61 9264 0376  .........D.a.d.v
        0x0050:  2775 26a9 6cfa 0416 9d4c d730 0d06 092a  'u&.l....L.0...*
        0x0060:  8648 86f7 0d01 010b 0500 304d 314b 3049  .H........0M1K0I
        0x0070:  0603 5504 0b0c 4241 6d61 7a6f 6e20 5765  ..U...BAmazon.We
        0x0080:  6220 5365 7276 6963 6573 204f 3d41 6d61  b.Services.O=Ama
        0x0090:  7a6f 6e2e 636f 6d20 496e 632e 204c 3d53  zon.com.Inc..L=S
        0x00a0:  6561 7474 6c65 2053 543d 5761 7368 696e  eattle.ST=Washin
        0x00b0:  6774 6f6e 2043 3d55 5330 1e17 0d32 3030  gton.C=US0...200
        0x00c0:  3130 3831 3032 3334 385a 170d 3439 3132  108102348Z..4912
        0x00d0:  3331 3233 3539 3539 5a30 1e31 1c30 1a06  31235959Z0.1.0..
        0x00e0:  0355 0403 0c13 4157 5320 496f 5420 4365  .U....AWS.IoT.Ce
        0x00f0:  7274 6966 6963 6174 6530 8201 2230 0d06  rtificate0.."0..
        0x0100:  092a 8648 86f7 0d01 0101 0500 0382 010f  .*.H............
        0x0110:  0030 8201 0a02 8201 0100 c8e2 0d70 3e7d  .0...........p>}
        0x0120:  4ef9 0dbf 1aa0 ab43 dfe8 c3b2 8f7d d050  N......C.....}.P
        0x0130:  3107 f6f8 a49d ba4e 1282 8562 41fd 69c6  1......N...bA.i.
        0x0140:  43fd 71f4 ab91 a46d b5b9 d649 f285 9683  C.q....m...I....
        0x0150:  9397 40f3 5b2b 3627 2abf bed1 fc1d fc6d  ..@.[+6'*......m
        0x0160:  620a 250a c248 8e42 a47b 0e61 b60b a213  b.%..H.B.{.a....
        0x0170:  e710 06e6 d182 4ed3 9af8 5f0d 9375 6732  ......N..._..ug2
        0x0180:  e55e 7c7a cfe4 e499 887c ac21 ecd5 fd6b  .^|z.....|.!...k
        0x0190:  92bb ce8c eab2 1cfd 3052 4809 2f1b ef4b  ........0RH./..K
        0x01a0:  5c00 5e32 1f74 9634 0c03 c4ae 1eef 5aef  \.^2.t.4......Z.
        0x01b0:  8ebe e02f 213c 3ac0 baac 302c 8eec bb2d  .../!<:...0,...-
        0x01c0:  5e4e 8a6b 97e4 9922 716f e9d7 4359 d0b3  ^N.k..."qo..CY..
        0x01d0:  ab66 3c9d 73f3 35c2 35fc 1f19 2b49 fb40  .f<.s.5.5...+I.@
        0x01e0:  d7d4 9805 402e 5393 d8a8 5d91 cba0 6654  ....@.S...]...fT
        0x01f0:  6ca3 5ebc bb68 2d3d 114c 9a86 c5b1 bb27  l.^..h-=.L.....'
        0x0200:  140b 35a3 11d0 8d6a abbc 2fc6 b5f2 6489  ..5....j../...d.
        0x0210:  2f00 5cc6 ca4c e27a 8cc1 0203 0100 01a3  /.\..L.z........
        0x0220:  6030 5e30 1f06 0355 1d23 0418 3016 8014  `0^0...U.#..0...
        0x0230:  a9dc 8971 4f9f 6c90 0d6a 87a7 ac21 818f  ...qO.l..j...!..
        0x0240:  a8d5 dc3d 301d 0603 551d 0e04 1604 14d1  ...=0...U.......
        0x0250:  ae33 96c7 5b04 9be7 593c 2f86 d06d 15c0  .3..[...Y</..m..
        0x0260:  b6aa e630 0c06 0355 1d13 0101 ff04 0230  ...0...U.......0
        0x0270:  0030 0e06 0355 1d0f 0101 ff04 0403 0207  .0...U..........
        0x0280:  8030 0d06 092a 8648 86f7 0d01 010b 0500  .0...*.H........
        0x0290:  0382 0101 005a 6f6f 39e6 442c 3cfd 47ac  .....Zoo9.D,<.G.
        0x02a0:  1931 5c3f c789 f91e 405b c7dd ae08 7100  .1\?....@[....q.
        0x02b0:  cec7 9fde 9b89 b02f 29da eef4 ea78 fc7b  ......./)....x.{
        0x02c0:  32a3 45ba 8404 d6e1 dba8 ccba cc1e f628  2.E............(
        0x02d0:  7023 0781 a328 5d7e d3e5 06de 4be0 a6e6  p#...(]~....K...
        0x02e0:  0149 e064 de7c 4e4f 384d f1ab 6360 c075  .I.d.|NO8M..c`.u
        0x02f0:  bdd4 4f70 faeb f822 5b96 e69d 5335 b6a0  ..Op..."[...S5..
        0x0300:  ba8a f83e b21d c314 c74d 6cfe 5bed 8880  ...>.....Ml.[...
        0x0310:  5e22 25bf 7b00 a919 550f 40fd 47b7 ec57  ^"%.{...U.@.G..W
        0x0320:  039e a380 906b 4b47 e0f4 8dc1 e73e 9c9e  .....kKG.....>..
        0x0330:  b3fe 9a63 7f97 1531 c6a4 d7a5 961f a10d  ...c...1........
        0x0340:  be95 e51b 1e23 4215 fb8a 74b0 a0f6 61c9  .....#B...t...a.
        0x0350:  4f4e e01b 5493 30aa 7057 7130 8282 b1b3  ON..T.0.pWq0....
        0x0360:  381e 0028 e256 51e4 c48f 3c86 f5bf 006a  8..(.VQ...<....j
        0x0370:  d11c eee6 92eb 8be0 773c c506 9031 03c9  ........w<...1..
        0x0380:  5389 681c 4b00 6a5c ff9f e981 2ce9 744f  S.h.K.j\....,.tO
        0x0390:  8541 f5a2 a6                             .A...
23:55:24.808054 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [P.], seq 996:1263, ack 1392, win 33580, length 267
        0x0000:  4500 0133 a223 0000 7d06 db56 a9e7 096a  E..3.#..}..V...j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f75e 1243 8cc2  .....>"....^.C..
        0x0020:  5018 832c ae0a 0000 1603 0301 0610 0001  P..,............
        0x0030:  0201 0092 b4f9 1f7f 276d 5e2f 5caa 42ce  ........'m^/\.B.
        0x0040:  2b26 eb15 40ee d340 9898 3db3 1b6d 1e31  +&..@..@..=..m.1
        0x0050:  4fb9 f585 05fe 91d3 7d24 cf8a d7b1 eaf4  O.......}$......
        0x0060:  8657 ed3d 3fb2 cdb8 0bda cc4c ff9e 51db  .W.=?......L..Q.
        0x0070:  c2d7 51af ed39 9975 2b56 0ef1 f3e0 938f  ..Q..9.u+V......
        0x0080:  84ba 0e80 780c 928c 406b a6ff cd0f de95  ....x...@k......
        0x0090:  8913 6e15 9a3d f8db d145 ac5a 8623 ed97  ..n..=...E.Z.#..
        0x00a0:  1567 7d37 bbeb a0bd e962 7c80 255d ed7e  .g}7.....b|.%].~
        0x00b0:  868f 5c05 70ba 9ba6 d92d 17f1 9a16 1f99  ..\.p....-......
        0x00c0:  ed62 8810 91ae ed9e 100a bf5b f693 80e7  .b.........[....
        0x00d0:  d594 1a78 3cf1 7750 40ec 0d1b ac36 5796  ...x<.wP@....6W.
        0x00e0:  cf6c e947 045c 48e5 0a5a 6c3c 7708 e1ae  .l.G.\H..Zl<w...
        0x00f0:  67a9 f81e eaa8 af38 7361 ff0e 8607 bfd4  g......8sa......
        0x0100:  de1e 2d5e c12c 7709 14c8 7d7f 01ce 5c06  ..-^.,w...}...\.
        0x0110:  fa8e 7957 59a5 31d3 459e ebb5 1891 ed89  ..yWY.1.E.......
        0x0120:  58b0 cfb3 a30c 0163 37c8 68a7 c092 4e10  X......c7.h...N.
        0x0130:  83a1 21                                  ..!
23:55:24.808098 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [.], ack 1263, win 32449, length 0
        0x0000:  4500 0028 9c01 4000 4006 df83 0a0b 01ef  E..(..@.@.......
        0x0010:  a9e7 096a 22b3 cc3e 1243 8cc2 fcf2 f869  ...j"..>.C.....i
        0x0020:  5010 7ec1 bf65 0000                      P.~..e..
23:55:24.919064 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [P.], seq 1263:1532, ack 1392, win 33580, length 269
        0x0000:  4500 0135 a293 0000 7d06 dae4 a9e7 096a  E..5....}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f869 1243 8cc2  .....>"....i.C..
        0x0020:  5018 832c eb8e 0000 1603 0301 080f 0001  P..,............
        0x0030:  0404 0101 002c c22c 577e 46be d4ff 7ed0  .....,.,W~F...~.
        0x0040:  6d96 219f 1a1f ec9a c934 3bdb d569 ee0d  m.!......4;..i..
        0x0050:  64c7 9b31 60db 1386 ba17 711b 0823 6012  d..1`.....q..#`.
        0x0060:  2cd8 aa66 e8a5 3abd 27e0 a2c5 f977 0708  ,..f..:.'....w..
        0x0070:  ba06 396a fa5a e5a1 376e 659f 32b8 9941  ..9j.Z..7ne.2..A
        0x0080:  4536 8498 7a8a 0a28 2bde 4ea7 c4fe 2e6c  E6..z..(+.N....l
        0x0090:  3206 cd84 95de ba06 965a 137c bdc3 324a  2........Z.|..2J
        0x00a0:  2ee3 dfaa 40e7 e068 fab7 a47e 268e 56f8  ....@..h...~&.V.
        0x00b0:  efd5 530f cf04 2889 9edf 9d49 d168 0bee  ..S...(....I.h..
        0x00c0:  691f 346e 62e1 c826 0e07 3c85 5bdd fd10  i.4nb..&..<.[...
        0x00d0:  257d 39a4 a4fa cf93 f9fd 13a2 ebec 8ce1  %}9.............
        0x00e0:  f123 8f89 88ae 188a f9b2 0c81 5c0c 5438  .#..........\.T8
        0x00f0:  ccfe 2488 94be 05e8 e8f3 7a2c 45a7 6abe  ..$.......z,E.j.
        0x0100:  a362 ed3a 959e 8b47 c751 4535 a9ea b4b9  .b.:...G.QE5....
        0x0110:  dac6 2d81 b9ba 7a45 0dee de45 8ce9 f4fc  ..-...zE...E....
        0x0120:  c871 f52d 7e70 78d5 1b42 bdc1 145a af03  .q.-~px..B...Z..
        0x0130:  5424 b75a 12                             T$.Z.
23:55:24.919118 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [P.], seq 1532:1538, ack 1392, win 33580, length 6
        0x0000:  4500 002e a2f1 0000 7d06 db8d a9e7 096a  E.......}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f976 1243 8cc2  .....>"....v.C..
        0x0020:  5018 832c d0e9 0000 1403 0300 0101       P..,..........
23:55:24.919124 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [P.], seq 1538:1583, ack 1392, win 33580, length 45
        0x0000:  4500 0055 a3e2 0000 7d06 da75 a9e7 096a  E..U....}..u...j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f97c 1243 8cc2  .....>"....|.C..
        0x0020:  5018 832c 556f 0000 1603 0300 2800 0000  P..,Uo......(...
        0x0030:  0000 0000 0081 1897 ed60 474d 4dd0 a82b  .........`GMM..+
        0x0040:  e50e cc43 9821 2154 3208 cce3 5960 8a93  ...C.!!T2...Y`..
        0x0050:  55bf 6e23 fd                             U.n#.
23:55:24.919200 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [.], ack 1583, win 34203, length 0
        0x0000:  4500 0028 9c02 4000 4006 df82 0a0b 01ef  E..(..@.@.......
        0x0010:  a9e7 096a 22b3 cc3e 1243 8cc2 fcf2 f9a9  ...j"..>.C......
        0x0020:  5010 859b bf65 0000                      P....e..
23:55:24.920426 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [P.], seq 1392:1443, ack 1583, win 34203, length 51
        0x0000:  4500 005b 9c03 4000 4006 df4e 0a0b 01ef  E..[..@.@..N....
        0x0010:  a9e7 096a 22b3 cc3e 1243 8cc2 fcf2 f9a9  ...j"..>.C......
        0x0020:  5018 859b bf98 0000 1403 0300 0101 1603  P...............
        0x0030:  0300 2800 0000 0000 0000 004e 4090 62fa  ..(........N@.b.
        0x0040:  04ab ac2b 0b43 1ee2 300b ca47 8085 1a67  ...+.C..0..G...g
        0x0050:  9b84 994b 5683 186c 9d0f 04              ...KV..l...
23:55:24.936354 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [P.], seq 1583:1686, ack 1443, win 33580, length 103
        0x0000:  4500 008f a440 0000 7d06 d9dd a9e7 096a  E....@..}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 f9a9 1243 8cf5  .....>"......C..
        0x0020:  5018 832c d970 0000 1703 0300 6200 0000  P..,.p......b...
        0x0030:  0000 0000 0110 0752 d868 be52 f892 9ea8  .......R.h.R....
        0x0040:  c322 cce5 4282 60e9 1bbc fa13 9667 bd82  ."..B.`......g..
        0x0050:  a934 27f2 4088 b908 7f11 1225 73a3 a290  .4'.@......%s...
        0x0060:  782a 5bae 47fa fd11 3cd8 e763 44e9 679f  x*[.G...<..cD.g.
        0x0070:  a5b3 6efa 1064 1ad7 5f38 c59e 44d1 4d6e  ..n..d.._8..D.Mn
        0x0080:  bebb 3fdd ffe9 cbf1 53b5 a63b 39f8 6e    ..?.....S..;9.n
23:55:24.937106 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [P.], seq 1443:1476, ack 1686, win 34203, length 33
        0x0000:  4500 0049 9c04 4000 4006 df5f 0a0b 01ef  E..I..@.@.._....
        0x0010:  a9e7 096a 22b3 cc3e 1243 8cf5 fcf2 fa10  ...j"..>.C......
        0x0020:  5018 859b bf86 0000 1703 0300 1c00 0000  P...............
        0x0030:  0000 0000 0144 f1e4 23b4 0cdd 522f a3d1  .....D..#...R/..
        0x0040:  808e 995c d806 0c5b ab                   ...\...[.
23:55:24.940341 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [.], ack 1476, win 32120, length 0
        0x0000:  4500 0028 a51a 0000 7d06 d96a a9e7 096a  E..(....}..j...j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 fa10 1243 8d16  .....>"......C..
        0x0020:  5010 7d78 edc1 0000                      P.}x....
23:55:24.958923 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [P.], seq 1686:1750, ack 1476, win 33580, length 64
        0x0000:  4500 0068 a52f 0000 7d06 d915 a9e7 096a  E..h./..}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 fa10 1243 8d16  .....>"......C..
        0x0020:  5018 832c 361a 0000 1703 0300 3b00 0000  P..,6.......;...
        0x0030:  0000 0000 0276 b43f eaea 7040 1d1e 9912  .....v.?..p@....
        0x0040:  7538 d820 5161 7773 990d 1e03 f4f6 a97f  u8..Qaws........
        0x0050:  056f 0f5f 4024 d49c f968 7ba8 ae1a e869  .o._@$...h{....i
        0x0060:  9b80 25a1 c224 7075                      ..%..$pu
23:55:24.959526 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [P.], seq 1476:1507, ack 1750, win 34203, length 31
        0x0000:  4500 0047 9c05 4000 4006 df60 0a0b 01ef  E..G..@.@..`....
        0x0010:  a9e7 096a 22b3 cc3e 1243 8d16 fcf2 fa50  ...j"..>.C.....P
        0x0020:  5018 859b bf84 0000 1503 0300 1a00 0000  P...............
        0x0030:  0000 0000 0209 d0cc 3c63 a29f 8a46 5d37  ........<c...F]7
        0x0040:  c6d4 7503 76ba 22                        ..u.v."
23:55:24.959600 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [F.], seq 1507, ack 1750, win 34203, length 0
        0x0000:  4500 0028 9c06 4000 4006 df7e 0a0b 01ef  E..(..@.@..~....
        0x0010:  a9e7 096a 22b3 cc3e 1243 8d35 fcf2 fa50  ...j"..>.C.5...P
        0x0020:  5011 859b bf65 0000                      P....e..
23:55:24.966583 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [.], ack 1508, win 30660, length 0
        0x0000:  4500 0028 a54f 0000 7d06 d935 a9e7 096a  E..(.O..}..5...j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 fa50 1243 8d36  .....>"....P.C.6
        0x0020:  5010 77c4 f315 0000                      P.w.....
23:55:30.012430 IP DEVICE_IP.52286 > 10.11.1.239.8883: Flags [F.], seq 1750, ack 1508, win 33580, length 0
        0x0000:  4500 0028 a6f9 0000 7d06 d78b a9e7 096a  E..(....}......j
        0x0010:  0a0b 01ef cc3e 22b3 fcf2 fa50 1243 8d36  .....>"....P.C.6
        0x0020:  5011 832c e7ac 0000                      P..,....
23:55:30.012468 IP 10.11.1.239.8883 > DEVICE_IP.52286: Flags [.], ack 1751, win 34203, length 0
        0x0000:  4500 0028 dc1c 4000 4006 9f68 0a0b 01ef  E..(..@.@..h....
        0x0010:  a9e7 096a 22b3 cc3e 1243 8d36 fcf2 fa51  ...j"..>.C.6...Q
        0x0020:  5010 859b e53d 0000                      P....=..

Hello bakir,

Unfortunately that trace is encrypted, as the connection will be using TLS. Since you were able to use mosquitto to connect to the Greengrass Core I would imagine this is a firewall / network issue. Have you tried to connect both devices to a network with more permissive firewall settings, eg. a mobile hotspot vs using a corporate network.

Could you advise me on what operating system you are using, what version of Greengrass you are using, and what version of FreeRTOS you are using?

Another issue could be the credentials being misformatted when transferred to the header file, it may be worth double checking that they are formatted correctly.

Since the TI networking stack is offloaded to a separate chip, it could be difficult to get logs from the device (I have not personally attempted to get logs in this configuration).

Some suggestions that could help you are:

  1. Try connecting directly to AWS IoT Core. This would cut out any issues related to the Greengrass Core device.
  2. Setup a TLS echo server and see if you can connect your device to it. Here is a link to the documentation of the one distributed with Amazon FreeRTOS https://docs.aws.amazon.com/freertos/latest/portingguide/tls-echo-server.html. This gives you control over both ends of the connection as well as the certificates in use.

Also, a good first step could be to try and set up an unencrypted TCP echo test between your device and another device on your network to see if you are running into any network issues on your TI device.

So, I already tried with the IoT Core and everything is fine there. However, after your suggestion, I just randomly changed a couple bytes in the certificate and the logs still says the connection is successful, so yes, I think the certificate I put is having no effect.

Could this be related to the certificate store on the cc3220sf not getting updated somehow?

The changes I have are as follows (from what I see in the git changes):

  1. aws_clientcredential.h: thing endpoint(an IP address in this case), name, wifi ssid and password
  2. aws_clientcredential_keys.h: private key and certificate of the device. Confirmed these work since I can access IoT Core.
  3. aws_iot_network_manager.c:670: set disableSni = true and pRootCa to the group certificate.
  4. iot_default_root_certificates.h: replaced the STARFIELD_ROOT_CERTIFICATE_PEM with my group certificate.

I’ve reinstalled everything from the latest versions yesterday again to make sure, so everything is up to date: CCS 10.0.0, simplelink sdk 3.40, commit 2790317da8f28071fc048998290c478aa2ab292b for amazon-freertos.

Have you tried to use the Greengrass discovery demo? Running the out of the box demo could help us narrow down any configuration issues.

Yes, that didn’t work either. The logs look like the following:

[17:38:12:804] ␍8 13058 [iot_thread] [INFO ][DEMO][13057] Successfully initialized the demo. Network type for the demo: 1␍␊
[17:38:12:812] 9 13058 [iot_thread] [INFO ][MQTT][13058] MQTT library successfully initialized.␍␊
[17:38:12:819] 10 13058 [iot_thread] [INFO ][DEMO][13058] Attempting automated selection of Greengrass device␍␊
[17:38:12:828] ␍␊
[17:38:12:851] 11 13101 [iot_thread] ERROR: -111 Socket failed to connect.␍␊
[17:38:12:856] Device disconnected from the AP on application's request ␊
[17:38:12:864] ␍12 13101 [iot_thread] About to close socket.␍␊
[17:38:12:870] 13 13102 [iot_thread] Socket closed.␍␊
[17:38:12:872] 14 13103 [iot_thread] Stack high watermark for discovery helper task: 968.␍␊
[17:38:12:880] 15 13103 [iot_thread] JSON request could not connect to end point␍␊
[17:38:12:886] 16 13104 [iot_thread] [ERROR][DEMO][13104] Auto-connect: Failed to retrieve Greengrass address and certificate.␍␊
[17:38:12:894] 17 13104 [iot_thread] [INFO ][MQTT][13104] MQTT library cleanup done.␍␊
[17:38:12:901] 18 13104 [iot_thread] [INFO ][DEMO][13104] Cleaned up MQTT library.␍␊
[17:38:12:910] 19 13105 [iot_thread] [INFO ][DEMO][13105] memory_metrics::freertos_heap::before::bytes::74040␍␊
[17:38:12:918] 20 13105 [iot_thread] [INFO ][DEMO][13105] memory_metrics::freertos_heap::after::bytes::59192␍␊
[17:38:12:923] 21 13106 [iot_thread] [INFO ][DEMO][13106] memory_metrics::demo_task_stack::before::bytes::4896␍␊
[17:38:12:935] 22 13107 [iot_thread] [INFO ][DEMO][13107] memory_metrics::demo_task_stack::after::bytes::3872␍␊
[17:38:12:943] 23 13107 [iot_thread] [ERROR][DEMO][13107] Error running demo.␍␊
[17:38:12:950] 24 13118 [iot_thread] Wi-Fi Disconnected.␍␊
[17:38:12:953] 25 13120 [iot_thread] [INFO ][INIT][13120] SDK cleanup done.␍␊
[17:38:12:957] 26 13120 [iot_thread] [INFO ][DEMO][13120] -------DEMO FINISHED-------␊

I’ve also confirmed that ports 8883 and 8443 are open in the firewall.

I’m defining clientcredentialMQTT_BROKER_ENDPOINT to be the IP address of the greengrass host, I’m guessing that’s OK, but does it have to be a DNS name?

Hello again,

I decided to try this with a TLS stack I have control over so I quickly ported bearssl to my environment since I have used it with greengrass on an ESP8266 last year.

To my surprise, it has the same behavior with CC3220SF FreeRTOS version: works fine with IoT Core, fails with greengrass.

The error I got with BearSSL is “unknown critical extension” and I debugged it a bit further, and the extension it fails is “Extended Key Usage”, which is critically present in my greengrass certificate, but is not critical on the IoT Core certificate. Therefore, certificate validation works on IoT Core but not on Greengrass.

I cannot find the list of supported extensions on the CC3220SF, is it possible that it is also not supporting this extension?


Related lines from openssl x509 -noout -text:

IoT Core certificate:

            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication

Greengrass certificate:

            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication