ESP32-S3 AWS IoT - Error parsing certificate
Posted: Mon Sep 11, 2023 4:03 pm
Hi,
I've got a demo program running which communicates with AWS IoT Core using MQTTS and certificates generated by AWS.
When the certificates are added to the firmware as binaries:
The code works without problems.
In order to go to production I am placing these certificates in the NVS, to start with, without encryption. Now when I try to do this I get a parsing error:
I could verify that the certificates are loaded correctly (by printing them out).
So what could the issue be? I read some things about nul termination, but this should be taken care of by the nvs_get_str...
The nvs.csv
Reading the files:
I also once tried to store them as a binary and read them out as a blob, but this gave the same result.
Any help is highly appreciated.
I've got a demo program running which communicates with AWS IoT Core using MQTTS and certificates generated by AWS.
When the certificates are added to the firmware as binaries:
Code: Select all
target_add_binary_data(${COMPONENT_TARGET} "certs/certificate.pem.crt" TEXT)
In order to go to production I am placing these certificates in the NVS, to start with, without encryption. Now when I try to do this I get a parsing error:
Code: Select all
I (8104) coreMQTT: Establishing a TLS session to aaaaa.amazonaws.com:8883.
E (8164) esp-tls-mbedtls: mbedtls_x509_crt_parse returned -0x2180
E (8174) esp-tls-mbedtls: Failed to set client pki context
E (8184) esp-tls-mbedtls: Failed to set client configurations, returned [0x8015] (ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED)
E (8194) esp-tls: create_ssl_handle failed
E (8194) esp-tls: Failed to open new connection
So what could the issue be? I read some things about nul termination, but this should be taken care of by the nvs_get_str...
The nvs.csv
Code: Select all
key,type,encoding,value
certs,namespace,,
certificate,file,string,main/certs/certificate.pem.crt
private_key,file,string,main/certs/private.pem.key
Code: Select all
esp_err_t get_credentials_from_nvs(char **cert, char **priv_key){
nvs_handle_t nvs_handle;
esp_err_t err = nvs_open(NVS_AWS_IOT_NAMESPACE, NVS_READONLY, &nvs_handle);
if (err != ESP_OK) {
ESP_LOGE(TAG_AWS_IOT, "Error (%s) opening NVS handle!\n", esp_err_to_name(err));
return err;
}
// Read cert from NVS
size_t required_size;
err = nvs_get_str(nvs_handle, NVS_AWS_IOT_KEY_CERT, NULL, &required_size);
if (err != ESP_OK && err != ESP_ERR_NVS_NOT_FOUND) {
ESP_LOGE(TAG_AWS_IOT, "Error (%s) reading NVS!\n", esp_err_to_name(err));
return err;
}
*cert = malloc(required_size);
// *cert = calloc(1, required_size +1); // The extra byte is for the NULL termination
err = nvs_get_str(nvs_handle, NVS_AWS_IOT_KEY_CERT, *cert, &required_size);
// Print certificate content to console
ESP_LOGI(TAG_AWS_IOT, "Certificate content: %s", *cert);
// Read private key from NVS
err = nvs_get_str(nvs_handle, NVS_AWS_IOT_KEY_PRIVATE_KEY, NULL, &required_size);
if (err != ESP_OK && err != ESP_ERR_NVS_NOT_FOUND) {
ESP_LOGE(TAG_AWS_IOT, "Error (%s) reading NVS!\n", esp_err_to_name(err));
return err;
}
*priv_key = malloc(required_size);
// *priv_key = calloc(1, required_size +1); // The extra byte is for the NULL termination
err = nvs_get_str(nvs_handle, NVS_AWS_IOT_KEY_PRIVATE_KEY, *priv_key, &required_size);
// Print private key content to console
ESP_LOGI(TAG_AWS_IOT, "Private key content: %s", *priv_key);
nvs_close(nvs_handle);
return err;
}
Any help is highly appreciated.