ESP32 aws_iot subscribe/publish example error

raemond
Posts: 2
Joined: Wed Jul 12, 2017 6:13 pm

ESP32 aws_iot subscribe/publish example error

Postby raemond » Tue Aug 01, 2017 1:56 am

Hi

I can't seem to get the aws_iot examples to work. On my latest attempt, I am working with the subscribe publish example. I am continually getting:

Code: Select all

I (4692) subpub: Connecting to AWS...
I (11722) wifi: pm start, type:0

E (33342) subpub: Error(-28) connecting to asdf.iot.us-west-2.amazonaws.com:8883
E (60352) subpub: Error(-28) connecting to asdf.iot.us-west-2.amazonaws.com:8883
E (72222) aws_iot: failed! mbedtls_ssl_handshake returned -0x6800
Seems like the connection is timing out. Has anyone seen this and figured out a solution? I believe I have everything configured correctly on the AWS side.

Thanks.

pctj101
Posts: 23
Joined: Wed Aug 23, 2017 3:20 pm

Re: ESP32 aws_iot subscribe/publish example error

Postby pctj101 » Fri Sep 01, 2017 7:32 pm

same issue for me
D (66350) aws_iot: Loading embedded CA root certificate ...
D (66360) aws_iot: ok (0 skipped)
D (66360) aws_iot: Loading embedded client certificate...
D (66370) aws_iot: Loading embedded client private key...
D (66530) aws_iot: ok
D (66530) aws_iot: Connecting to dns.com:8883...
D (69620) aws_iot: ok
D (69620) aws_iot: Setting up the SSL/TLS structure...
D (69620) aws_iot: SSL state connect : 0
D (69620) aws_iot: ok
D (69620) aws_iot: SSL state connect : 0
D (69620) aws_iot: Performing the SSL/TLS handshake...
D (70330) aws_iot: Verify requested for (Depth 2):
D (70330) aws_iot: cert. version : 3
serial number : 18:DA:D1:9E...
issuer name : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Cert
D (70340) aws_iot: This certificate has no flags
D (70350) aws_iot: Verify requested for (Depth 1):
D (70350) aws_iot: cert. version : 3
serial number : 3F:92:87:BE...
issuer name : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Cert
D (70380) aws_iot: This certificate has no flags
D (70380) aws_iot: Verify requested for (Depth 0):
D (70390) aws_iot: cert. version : 3
serial number : 5C:70:1E:E...
issuer name : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
subject name : C=US, ST=Washington, L=
D (70410) aws_iot: This certificate has no flags
I (72190) wifi: active cnt: 14
E (78880) aws_iot: failed! mbedtls_ssl_handshake returned -0x6800
V (78880) aws_iot: FUNC_EXIT: _aws_iot_mqtt_internal_connect L#397 Return Code : -4

V (78890) aws_iot: FUNC_ENTRY: aws_iot_mqtt_set_client_state L#101

V (78890) aws_iot: FUNC_ENTRY: aws_iot_mqtt_client_lock_mutex L#64

V (78900) aws_iot: FUNC_EXIT: aws_iot_mqtt_client_lock_mutex L#82 Return Code : 0

V (78910) aws_iot: FUNC_ENTRY: aws_iot_mqtt_get_client_state L#54

V (78910) aws_iot: FUNC_EXIT: aws_iot_mqtt_get_client_state L#59 Return Code : 2

V (78920) aws_iot: FUNC_EXIT: aws_iot_mqtt_set_client_state L#126 Return Code : 0

V (78930) aws_iot: FUNC_EXIT: aws_iot_mqtt_connect L#481 Return Code : -4

E (78940) subpub: Error(-4) connecting to dns.com:8883
V (79940) aws_iot: FUNC_ENTRY: aws_iot_mqtt_connect L#455

V (79940) aws_iot: FUNC_ENTRY: aws_iot_mqtt_get_client_state L#54

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: ESP32 aws_iot subscribe/publish example error

Postby ESP_Angus » Mon Sep 04, 2017 12:54 am

raemond wrote: Seems like the connection is timing out. Has anyone seen this and figured out a solution? I believe I have everything configured correctly on the AWS side.
The current master branch works for me (using the default project config with only my endpoint hostname & WiFi credentials changed.)

I haven't seen this particular behaviour (TLS timeout) before, but maybe AWS has reconfigured the way that it will "hang up" on a bad connection. It will unceremoniously stop responding if there's any mismatch with your client cert & hostname, or if the Policy is set wrong. You can find some troubleshooting tips and a list of things to check, here: https://github.com/espressif/esp-idf/tr ... leshooting

cadrjr1
Posts: 17
Joined: Thu Mar 15, 2018 6:50 pm

Re: ESP32 aws_iot subscribe/publish example error

Postby cadrjr1 » Tue May 29, 2018 2:50 pm

I've got a similar problem to raemond ..... I've spent days working on the AWS subscribe_publish example without getting it working.
I've gone over certificates and policies, etc. and I'm pretty sure I've got them correctly configured.
Any help much appreciated .........

I get:

--- idf_monitor on COM12 115200 ---
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---
:31ets Jun 8 2016 00:22:57

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
ets Jun 8 2016 00:22:57

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:5664
ho 0 tail 12 room 4
load:0x40078000,len:0
load:0x40078000,len:14008
entry 0x4007860c
I (31) boot: ESP-IDF v3.1-dev-841-gedcaa5f3 2nd stage bootloader
I (31) boot: compile time 17:06:08
I (31) boot: Enabling RNG early entropy source...
I (37) boot: SPI Speed : 40MHz
I (41) boot: SPI Mode : DIO
I (45) boot: SPI Flash Size : 4MB
I (49) boot: Partition Table:
I (53) boot: ## Label Usage Type ST Offset Length
I (60) boot: 0 nvs WiFi data 01 02 00009000 00006000
I (67) boot: 1 phy_init RF data 01 01 0000f000 00001000
I (75) boot: 2 factory factory app 00 00 00010000 00100000
I (82) boot: End of partition table
I (86) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x19cb8 (105
656) map
I (132) esp_image: segment 1: paddr=0x00029ce0 vaddr=0x3ffb0000 size=0x038a4 ( 1
4500) load
I (138) esp_image: segment 2: paddr=0x0002d58c vaddr=0x40080000 size=0x00400 (
1024) load
0x40080000: _iram_start at D:/esp32_software_dev/esp-idf/components/freertos/xte
nsa_vectors.S:1685

I (140) esp_image: segment 3: paddr=0x0002d994 vaddr=0x40080400 size=0x0267c (
9852) load
I (152) esp_image: segment 4: paddr=0x00030018 vaddr=0x400d0018 size=0x7ce38 (51
1544) map
0x400d0018: _stext at ??:?

I (336) esp_image: segment 5: paddr=0x000ace58 vaddr=0x40082a7c size=0x0ce74 ( 5
2852) load
0x40082a7c: heap_caps_calloc_prefer at D:/esp32_software_dev/esp-idf/components/
heap/heap_caps.c:123

I (358) esp_image: segment 6: paddr=0x000b9cd4 vaddr=0x400c0000 size=0x00000 (
0) load
I (368) boot: Loaded app from partition at offset 0x10000
I (368) boot: Disabling RNG early entropy source...
I (370) cpu_start: Pro cpu up.
I (374) cpu_start: Starting app cpu, entry point is 0x40080f80
0x40080f80: call_start_cpu1 at D:/esp32_software_dev/esp-idf/components/esp32/cp
u_start.c:224

I (0) cpu_start: App cpu up.
I (384) heap_init: Initializing. RAM available for dynamic allocation:
I (391) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (397) heap_init: At 3FFB94A0 len 00026B60 (154 KiB): DRAM
I (403) heap_init: At 3FFE0440 len 00003BC0 (14 KiB): D/IRAM
I (410) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (416) heap_init: At 4008F8F0 len 00010710 (65 KiB): IRAM
I (422) cpu_start: Pro cpu start user code
I (105) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
I (189) wifi: wifi firmware version: d17e64c
I (189) wifi: config NVS flash: enabled
I (189) wifi: config nano formating: disabled
I (189) system_api: Base MAC address is not set, read default base MAC address f
rom BLK0 of EFUSE
I (199) system_api: Base MAC address is not set, read default base MAC address f
rom BLK0 of EFUSE
I (229) wifi: Init dynamic tx buffer num: 32
I (229) wifi: Init data frame dynamic rx buffer num: 32
I (229) wifi: Init management frame dynamic rx buffer num: 32
I (229) wifi: wifi driver task: 3ffc0a90, prio:23, stack:4096
I (239) wifi: Init static rx buffer num: 10
I (239) wifi: Init dynamic rx buffer num: 32
I (249) subpub: Setting WiFi configuration SSID xxxxxx
I (309) phy: phy_version: 386.0, 67c798f, Mar 14 2018, 16:34:06, 0, 0
I (319) wifi: mode : sta (18:fe:34:6a:93:1a)
I (319) subpub: AWS IoT SDK Version 2.2.1-
I (439) wifi: n:1 0, o:1 0, ap:255 255, sta:1 0, prof:1
I (1419) wifi: state: init -> auth (b0)
I (1419) wifi: state: auth -> assoc (0)
I (1429) wifi: state: assoc -> run (10)
I (1499) wifi: connected with xxxxxx, channel 1
I (1499) wifi: pm start, type: 1

I (7399) event: sta ip: 136.206.223.68, mask: 255.255.255.0, gw: 136.206.223.254

I (7399) subpub: Connecting to AWS...
I (7619) mbedtls: ssl_tls.c:6557 => handshake

I (7629) mbedtls: ssl_cli.c:3363 client state: 0

I (7629) mbedtls: ssl_tls.c:2416 => flush output

I (7629) mbedtls: ssl_tls.c:2428 <= flush output

I (7639) mbedtls: ssl_cli.c:3363 client state: 1

I (7639) mbedtls: ssl_tls.c:2416 => flush output

I (7649) mbedtls: ssl_tls.c:2428 <= flush output

I (7649) mbedtls: ssl_cli.c:719 => write client hello

I (7659) mbedtls: ssl_tls.c:2701 => write record

I (7669) mbedtls: ssl_tls.c:2416 => flush output

I (7669) mbedtls: ssl_tls.c:2435 message length: 271, out_left: 271

I (7679) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 271 (-0xfffffef1)

I (7679) mbedtls: ssl_tls.c:2460 <= flush output

I (7689) mbedtls: ssl_tls.c:2850 <= write record

I (7689) mbedtls: ssl_cli.c:1051 <= write client hello

I (7699) mbedtls: ssl_cli.c:3363 client state: 2

I (7709) mbedtls: ssl_tls.c:2416 => flush output

I (7709) mbedtls: ssl_tls.c:2428 <= flush output

I (7719) mbedtls: ssl_cli.c:1447 => parse server hello

I (7719) mbedtls: ssl_tls.c:3721 => read record

I (7729) mbedtls: ssl_tls.c:2208 => fetch input

I (7729) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (7739) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (7749) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb
)

I (7749) mbedtls: ssl_tls.c:2403 <= fetch input

I (7759) mbedtls: ssl_tls.c:2208 => fetch input

I (7769) mbedtls: ssl_tls.c:2366 in_left: 5, nb_want: 2663

I (7769) mbedtls: ssl_tls.c:2390 in_left: 5, nb_want: 2663

I (7779) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 2658 (-0xfffff
59e)

I (7789) mbedtls: ssl_tls.c:2403 <= fetch input

I (7809) mbedtls: ssl_tls.c:3754 <= read record

I (7819) mbedtls: ssl_cli.c:1733 server hello, total extension length: 5

I (7819) mbedtls: ssl_cli.c:1922 <= parse server hello

I (7819) mbedtls: ssl_cli.c:3363 client state: 3

I (7829) mbedtls: ssl_tls.c:2416 => flush output

I (7829) mbedtls: ssl_tls.c:2428 <= flush output

I (7839) mbedtls: ssl_tls.c:4320 => parse certificate

I (7839) mbedtls: ssl_tls.c:3721 => read record

I (7869) mbedtls: ssl_tls.c:3754 <= read record

I (8509) mbedtls: ssl_tls.c:4684 <= parse certificate

I (8509) mbedtls: ssl_cli.c:3363 client state: 4

I (8509) mbedtls: ssl_tls.c:2416 => flush output

I (8519) mbedtls: ssl_tls.c:2428 <= flush output

I (8519) mbedtls: ssl_cli.c:2263 => parse server key exchange

I (8529) mbedtls: ssl_tls.c:3721 => read record

I (8539) mbedtls: ssl_tls.c:3754 <= read record

I (8539) mbedtls: ssl_cli.c:1982 ECDH curve: secp521r1

I (8549) mbedtls: ssl_cli.c:2205 Server used SignatureAlgorithm 3

I (8549) mbedtls: ssl_cli.c:2206 Server used HashAlgorithm 6

I (9159) mbedtls: ssl_cli.c:2607 <= parse server key exchange

I (9159) mbedtls: ssl_cli.c:3363 client state: 5

I (9159) mbedtls: ssl_tls.c:2416 => flush output

I (9169) mbedtls: ssl_tls.c:2428 <= flush output

I (9169) mbedtls: ssl_cli.c:2640 => parse certificate request

I (9179) mbedtls: ssl_tls.c:3721 => read record

I (9189) mbedtls: ssl_tls.c:3754 <= read record

I (9189) mbedtls: ssl_cli.c:2757 <= parse certificate request

I (9199) mbedtls: ssl_cli.c:3363 client state: 6

I (9199) mbedtls: ssl_tls.c:2416 => flush output

I (9209) mbedtls: ssl_tls.c:2428 <= flush output

I (9209) mbedtls: ssl_cli.c:2767 => parse server hello done

I (9219) mbedtls: ssl_tls.c:3721 => read record

I (9229) mbedtls: ssl_tls.c:3754 <= read record

I (9229) mbedtls: ssl_cli.c:2797 <= parse server hello done

I (9239) mbedtls: ssl_cli.c:3363 client state: 7

I (9239) mbedtls: ssl_tls.c:2416 => flush output

I (9249) mbedtls: ssl_tls.c:2428 <= flush output

I (9249) mbedtls: ssl_tls.c:4203 => write certificate

I (9259) mbedtls: ssl_tls.c:2701 => write record

I (9269) mbedtls: ssl_tls.c:2416 => flush output

I (9279) mbedtls: ssl_tls.c:2435 message length: 876, out_left: 876

I (9279) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 876 (-0xfffffc94)

I (9289) mbedtls: ssl_tls.c:2460 <= flush output

I (9289) mbedtls: ssl_tls.c:2850 <= write record

I (9299) mbedtls: ssl_tls.c:4307 <= write certificate

I (9299) mbedtls: ssl_cli.c:3363 client state: 8

I (9309) mbedtls: ssl_tls.c:2416 => flush output

I (9309) mbedtls: ssl_tls.c:2428 <= flush output

I (9319) mbedtls: ssl_cli.c:2809 => write client key exchange

I (10839) mbedtls: ssl_tls.c:2701 => write record

I (10839) mbedtls: ssl_tls.c:2416 => flush output

I (10839) mbedtls: ssl_tls.c:2435 message length: 143, out_left: 143

I (10849) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 143 (-0xffffff71)

I (10849) mbedtls: ssl_tls.c:2460 <= flush output

I (10859) mbedtls: ssl_tls.c:2850 <= write record

I (10859) mbedtls: ssl_cli.c:3051 <= write client key exchange

I (10869) mbedtls: ssl_cli.c:3363 client state: 9

I (10879) mbedtls: ssl_tls.c:2416 => flush output

I (10879) mbedtls: ssl_tls.c:2428 <= flush output

I (10889) mbedtls: ssl_cli.c:3102 => write certificate verify

I (10889) mbedtls: ssl_tls.c:501 => derive keys

I (10909) mbedtls: ssl_tls.c:957 <= derive keys

I (10919) mbedtls: ssl_tls.c:1067 => calc verify sha384

I (10919) mbedtls: ssl_tls.c:1073 <= calc verify

I (12409) mbedtls: ssl_tls.c:2701 => write record

I (12409) mbedtls: ssl_tls.c:2416 => flush output

I (12409) mbedtls: ssl_tls.c:2435 message length: 269, out_left: 269

I (12419) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 269 (-0xfffffef3)

I (12429) mbedtls: ssl_tls.c:2460 <= flush output

I (12429) mbedtls: ssl_tls.c:2850 <= write record

I (12439) mbedtls: ssl_cli.c:3236 <= write certificate verify

I (12439) mbedtls: ssl_cli.c:3363 client state: 10

I (12449) mbedtls: ssl_tls.c:2416 => flush output

I (12449) mbedtls: ssl_tls.c:2428 <= flush output

I (12459) mbedtls: ssl_tls.c:4700 => write change cipher spec

I (12469) mbedtls: ssl_tls.c:2701 => write record

I (12469) mbedtls: ssl_tls.c:2416 => flush output

I (12479) mbedtls: ssl_tls.c:2435 message length: 6, out_left: 6

I (12489) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 6 (-0xfffffffa)

I (12489) mbedtls: ssl_tls.c:2460 <= flush output

I (12499) mbedtls: ssl_tls.c:2850 <= write record

I (12499) mbedtls: ssl_tls.c:4714 <= write change cipher spec

I (12509) mbedtls: ssl_cli.c:3363 client state: 11

I (12509) mbedtls: ssl_tls.c:2416 => flush output

I (12519) mbedtls: ssl_tls.c:2428 <= flush output

I (12529) mbedtls: ssl_tls.c:5233 => write finished

I (12529) mbedtls: ssl_tls.c:5107 => calc finished tls sha384

I (12539) mbedtls: ssl_tls.c:5137 <= calc finished

I (12539) mbedtls: ssl_tls.c:2701 => write record

I (12549) mbedtls: ssl_tls.c:1258 => encrypt buf

I (12559) mbedtls: ssl_tls.c:1560 <= encrypt buf

I (12559) mbedtls: ssl_tls.c:2416 => flush output

I (12569) mbedtls: ssl_tls.c:2435 message length: 45, out_left: 45

I (12569) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 45 (-0xffffffd3)

I (12579) mbedtls: ssl_tls.c:2460 <= flush output

I (12589) mbedtls: ssl_tls.c:2850 <= write record

I (12589) mbedtls: ssl_tls.c:5342 <= write finished

I (12599) mbedtls: ssl_cli.c:3363 client state: 12

I (12599) mbedtls: ssl_tls.c:2416 => flush output

I (12609) mbedtls: ssl_tls.c:2428 <= flush output

I (12609) mbedtls: ssl_tls.c:4723 =>Task watchdog got triggered. The following t
asks did not reset the watchdog in time:
- IDLE (CPU 1)
Tasks currently running:
CPU 0: IDLE
CPU 1: aws_iot_task
parse change cipher spec

I (12639) mbedtls: ssl_tls.c:3721 => read record

I (12639) mbedtls: ssl_tls.c:2208 => fetch input

I (12649) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (12649) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (12659) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 5 (-0xfffffff
b)

I (12669) mbedtls: ssl_tls.c:2403 <= fetch input

I (12669) mbedtls: ssl_tls.c:2208 => fetch input

I (12679) mbedtls: ssl_tls.c:2366 in_left: 5, nb_want: 6

I (12679) mbedtls: ssl_tls.c:2390 in_left: 5, nb_want: 6

I (12689) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 1 (-0xfffffff
f)

I (12699) mbedtls: ssl_tls.c:2403 <= fetch input

I (12699) mbedtls: ssl_tls.c:3754 <= read record

I (12709) mbedtls: ssl_tls.c:4801 <= parse change cipher spec

I (12719) mbedtls: ssl_cli.c:3363 client state: 13

I (12719) mbedtls: ssl_tls.c:2416 => flush output

I (12729) mbedtls: ssl_tls.c:2428 <= flush output

I (12729) mbedtls: ssl_tls.c:5359 => parse finished

I (12739) mbedtls: ssl_tls.c:5107 => calc finished tls sha384

I (12749) mbedtls: ssl_tls.c:5137 <= calc finished

I (12749) mbedtls: ssl_tls.c:3721 => read record

I (12759) mbedtls: ssl_tls.c:2208 => fetch input

I (12759) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (12769) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (12769) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 5 (-0xfffffff
b)

I (12779) mbedtls: ssl_tls.c:2403 <= fetch input

I (12789) mbedtls: ssl_tls.c:2208 => fetch input

I (12789) mbedtls: ssl_tls.c:2366 in_left: 5, nb_want: 45

I (12799) mbedtls: ssl_tls.c:2390 in_left: 5, nb_want: 45

I (12809) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 40 (-0xffffff
d8)

I (12809) mbedtls: ssl_tls.c:2403 <= fetch input

I (12819) mbedtls: ssl_tls.c:1576 => decrypt buf

I (12829) mbedtls: ssl_tls.c:2051 <= decrypt buf

I (12829) mbedtls: ssl_tls.c:3754 <= read record

I (12839) mbedtls: ssl_tls.c:5427 <= parse finished

I (12839) mbedtls: ssl_cli.c:3363 client state: 14

I (12849) mbedtls: ssl_tls.c:2416 => flush output

I (12849) mbedtls: ssl_tls.c:2428 <= flush output

I (12859) mbedtls: ssl_cli.c:3474 handshake: done

I (12859) mbedtls: ssl_cli.c:3363 client state: 15

I (12869) mbedtls: ssl_tls.c:2416 => flush output

I (12879) mbedtls: ssl_tls.c:2428 <= flush output

I (12879) mbedtls: ssl_tls.c:6567 <= handshake

I (12899) mbedtls: ssl_tls.c:7143 => write

I (12899) mbedtls: ssl_tls.c:2701 => write record

I (12899) mbedtls: ssl_tls.c:1258 => encrypt buf

I (12899) mbedtls: ssl_tls.c:1560 <= encrypt buf

I (12909) mbedtls: ssl_tls.c:2416 => flush output

I (12909) mbedtls: ssl_tls.c:2435 message length: 72, out_left: 72

I (12919) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 72 (-0xffffffb8)

I (12929) mbedtls: ssl_tls.c:2460 <= flush output

I (12929) mbedtls: ssl_tls.c:2850 <= write record

I (12939) mbedtls: ssl_tls.c:7171 <= write

I (12949) mbedtls: ssl_tls.c:6743 => read

I (12949) mbedtls: ssl_tls.c:3721 => read record

I (12949) mbedtls: ssl_tls.c:2208 => fetch input

I (12959) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (12969) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (12969) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 5 (-0xfffffff
b)

I (12979) mbedtls: ssl_tls.c:2403 <= fetch input

I (12989) mbedtls: ssl_tls.c:2208 => fetch input

I (12989) mbedtls: ssl_tls.c:2366 in_left: 5, nb_want: 31

I (12999) mbedtls: ssl_tls.c:2390 in_left: 5, nb_want: 31

I (12999) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 26 (-0xffffff
e6)

I (13009) mbedtls: ssl_tls.c:2403 <= fetch input

I (13019) mbedtls: ssl_tls.c:1576 => decrypt buf

I (13019) mbedtls: ssl_tls.c:2051 <= decrypt buf

I (13029) mbedtls: ssl_tls.c:4053 got an alert message, type: [1:0]

I (13039) mbedtls: ssl_tls.c:4068 is a close notify message

W (13039) mbedtls: ssl_tls.c:3739 mbedtls_ssl_read_record_layer() returned -3084
8 (-0x7880)

W (13049) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -30848 (-0x
7880)

I (13059) mbedtls: ssl_tls.c:6743 => read

I (13069) mbedtls: ssl_tls.c:3721 => read record

I (13069) mbedtls: ssl_tls.c:2208 => fetch input

I (13079) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (13079) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (13089) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned 0 (-0x0000)

W (13099) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -29312 (-0x
7280)

W (13109) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2931
2 (-0x7280)

I (13109) mbedtls: ssl_tls.c:6743 => read

I (13119) mbedtls: ssl_tls.c:3721 => read record

I (13129) mbedtls: ssl_tls.c:2208 => fetch input

I (13129) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (18139) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (18139) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned -26624 (-0x68
00)

W (18139) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -26624 (-0x
6800)

W (18149) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2662
4 (-0x6800)

W (18159) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -26624 (-0x
6800)

I (18169) mbedtls: ssl_tls.c:6743 => read

I (18169) mbedtls: ssl_tls.c:3721 => read record

I (18179) mbedtls: ssl_tls.c:2208 => fetch input

I (18179) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (23189) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (23189) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned -26624 (-0x68
00)

W (23189) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -26624 (-0x
6800)

W (23199) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2662
4 (-0x6800)

W (23209) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -26624 (-0x
6800)

I (23219) mbedtls: ssl_tls.c:6743 => read

I (23219) mbedtls: ssl_tls.c:3721 => read record

I (23229) mbedtls: ssl_tls.c:2208 => fetch input

I (23229) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (28239) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (28239) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned -26624 (-0x68
00)

W (28239) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -26624 (-0x
6800)

W (28249) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2662
4 (-0x6800)

W (28259) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -26624 (-0x
6800)

I (28269) mbedtls: ssl_tls.c:6743 => read

I (28269) mbedtls: ssl_tls.c:3721 => read record

I (28279) mbedtls: ssl_tls.c:2208 => fetch input

I (28279) mbedtls: ssl_tls.c:2366 in_left: 0, nb_want: 5

I (32909) mbedtls: ssl_tls.c:2390 in_left: 0, nb_want: 5

I (32909) mbedtls: ssl_tls.c:2391 ssl->f_recv(_timeout)() returned -26624 (-0x68
00)

W (32909) mbedtls: ssl_tls.c:3875 mbedtls_ssl_fetch_input() returned -26624 (-0x
6800)

W (32919) mbedtls: ssl_tls.c:3729 mbedtls_ssl_read_record_layer() returned -2662
4 (-0x6800)

W (32929) mbedtls: ssl_tls.c:6842 mbedtls_ssl_read_record() returned -26624 (-0x
6800)

I (32939) mbedtls: ssl_tls.c:7186 => write close notify

I (32939) mbedtls: ssl_tls.c:4124 => send alert message

I (32949) mbedtls: ssl_tls.c:2701 => write record

I (32949) mbedtls: ssl_tls.c:1258 => encrypt buf

I (32959) mbedtls: ssl_tls.c:1560 <= encrypt buf

I (32969) mbedtls: ssl_tls.c:2416 => flush output

I (32969) mbedtls: ssl_tls.c:2435 message length: 31, out_left: 31

I (32979) mbedtls: ssl_tls.c:2441 ssl->f_send() returned 31 (-0xffffffe1)

I (32989) mbedtls: ssl_tls.c:2460 <= flush output

I (32989) mbedtls: ssl_tls.c:2850 <= write record

I (32999) mbedtls: ssl_tls.c:4137 <= send alert message

I (32999) mbedtls: ssl_tls.c:7202 <= write close notify

I (33009) mbedtls: ssl_tls.c:7344 => free

I (33019) mbedtls: ssl_tls.c:7409 <= free

E (33019) subpub: Error(-28) connecting to a1mnryxxxxxx.iot.eu-west-1.amazonaw
s.com:8883

This repeats .......
..................


I checked connection by doing:

$ openssl s_client -connect a1mnry3c7llm0e.iot.eu-west-1.amazonaws.com:8883 -CAfile aws-root-ca.pem -cert certificate.pem.crt -key private.pem.key
CONNECTED(00000264)
---
Certificate chain
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.iot.eu-west-1.amazonaws.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGFjCCBP6gAwIBAgIQUdXgOgfSmqLRc8etqDAnajANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MTEyNzAwMDAwMFoX
DTE4MTEyODIzNTk1OVowdzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0
b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x
JjAkBgNVBAMMHSouaW90LmV1LXdlc3QtMS5hbWF6b25hd3MuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYHg9FYJADrs+5hZ3jEAlfu+U/fKpNNG
................
rhCGUgOWXU4usddFbcoEOiUuKmMCdIF24fBEJLMQBDFm8ubz7cRYsv1G5lILg1Ke
Am0QwYtO76FPNr0hDCcMuGov/vZCR3GyKsm6G3Kz12M0Q6xKYny6a11pLmUZRr3j
EWcvjDAxrleK1XzkqLXu9XRg4aU/aVnicZg=
-----END CERTIFICATE-----
subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.iot.eu-west-1.amazonaws.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3427 bytes and written 1579 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 5B0D67DD790DA9764F96C6F004B21C894F2251F5F7C9C09352077D088609AAEC
Session-ID-ctx:
Master-Key: 3B69962F4A6439AC4DB7441FAD008F550C7A93A189B215F700075E9E55140D1B7C869B001704B7DE630D366EA7FEE779
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1527605212
Timeout : 300 (sec)
Verify return code: 0 (ok)
---



Any help much appreciated .........

cadrjr1
Posts: 17
Joined: Thu Mar 15, 2018 6:50 pm

Re: ESP32 aws_iot subscribe/publish example error

Postby cadrjr1 » Fri Jun 01, 2018 12:02 pm

The problem was solved by changing the policy.
Thanks to grant.rolls
viewtopic.php?t=5324#p23121

See policy below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Connect",
"iot:Receive",
"iot:Subscribe",
"iot:GetThingShadow",
"iot:DeleteThingShadow",
"iot:UpdateThingShadow"
],
"Resource": [
"*"
]
}
]
}

Who is online

Users browsing this forum: No registered users and 110 guests