archigup
commented
2 years ago Hi, we're looking into this issue and will get back to you, thanks!
Open jitendrazala opened 2 years ago
archigup
commented
2 years ago Hi, we're looking into this issue and will get back to you, thanks!
jitendrazala
commented
2 years ago That would be really helpful. Thanks.
archigup
commented
2 years ago Hi, did you enable cloud discovery for the Greengrass core? If not, see Connect V1 Greengrass Devices and Interact with local IoT devices.
Let me know if this does not solve your issue.
jitendrazala
commented
2 years ago Hi,
I already enabled cloud discovery for the greengrass core. Though I did some debugging and came to know that device getting greengrass core information but somehow it was not able to connect to that. It always failed in _GGD_SecureConnectConnect function in _aws_helper_secureconnect.c file specifically in _SOCKETSConnect in GGD_SecureConnect_Connect function.
`BaseType_t GGD_SecureConnect_Connect( const GGD_HostAddressData_t * pxHostAddressData,
Socket_t * pxSocket,
uint32_t ulReceiveTimeOut,
uint32_t ulSendTimeOut )
{
const TickType_t xReceiveTimeOut = pdMS_TO_TICKS( ulReceiveTimeOut );
const TickType_t xSendTimeOut = pdMS_TO_TICKS( ulSendTimeOut );
SocketsSockaddr_t xServerAddress;
size_t xURLLength;
BaseType_t xIsIPAddress;
BaseType_t xStatus;
int32_t returnCode;
configASSERT( pxHostAddressData != NULL );
configASSERT( pxSocket != NULL );
/* Calculate the length of the supplied URL. */
xURLLength = strlen( pxHostAddressData->pcHostAddress );
/* Ensure that the length of the specified URL is
* within the permitted limits. */
if( xURLLength <= ( size_t ) securesocketsMAX_DNS_NAME_LENGTH )
{
printf("1111");
/* Create the socket. */
*pxSocket = SOCKETS_Socket( SOCKETS_AF_INET,
SOCKETS_SOCK_STREAM,
SOCKETS_IPPROTO_TCP );
if( *pxSocket == SOCKETS_INVALID_SOCKET )
{
xStatus = pdFAIL;
printf("2222");
}
else
{
xStatus = pdPASS;
printf("3333");
}
if( xStatus == pdPASS )
{
printf("4444");
if( prvIsIPaddress( pxHostAddressData->pcHostAddress ) == ( uint32_t ) 0 )
{
xIsIPAddress = pdFALSE;
printf("5555");
}
else
{
xIsIPAddress = pdTRUE;
printf("6666");
}
xServerAddress.ucLength = sizeof( SocketsSockaddr_t );
xServerAddress.usPort = SOCKETS_htons( pxHostAddressData->usPort );
xServerAddress.ulAddress =
SOCKETS_GetHostByName( pxHostAddressData->pcHostAddress );
if( xServerAddress.ulAddress == 0u )
{
ggdconfigPRINT( "ERROR! Failed to resolve host address: ServerHost=%.*s",
xURLLength, pxHostAddressData->pcHostAddress );
}
xServerAddress.ucSocketDomain = SOCKETS_AF_INET;
/* Set send timeout for the socket. */
( void ) SOCKETS_SetSockOpt( *pxSocket,
0,
SOCKETS_SO_SNDTIMEO,
&xSendTimeOut,
sizeof( xSendTimeOut ) );
/* Set receive timeout for the socket. */
( void ) SOCKETS_SetSockOpt( *pxSocket,
0,
SOCKETS_SO_RCVTIMEO,
&xReceiveTimeOut,
sizeof( xReceiveTimeOut ) );
/* Set secure connection. */
( void ) SOCKETS_SetSockOpt( *pxSocket,
0,
SOCKETS_SO_REQUIRE_TLS,
NULL,
( size_t ) 0 );
if( pxHostAddressData->pcCertificate != NULL )
{
/* Override TLS trust store with server certificate. */
returnCode = SOCKETS_SetSockOpt( *pxSocket,
0,
SOCKETS_SO_TRUSTED_SERVER_CERTIFICATE,
pxHostAddressData->pcCertificate,
( size_t ) pxHostAddressData->ulCertificateSize );
if( returnCode != SOCKETS_ERROR_NONE )
{
ggdconfigPRINT( "ERROR! Failure in SOCKET_SetSockOpt call for overriding TLS trust store: "
"ReturnCode=%d\r\n", returnCode );
xStatus = pdFAIL;
printf("7777");
}
}
if( xIsIPAddress == pdFALSE )
{
printf("8888");
/* Enable use of SNI in TLS. */
returnCode = SOCKETS_SetSockOpt( *pxSocket,
0,
SOCKETS_SO_SERVER_NAME_INDICATION,
pxHostAddressData->pcHostAddress,
( size_t ) 1 + xURLLength );
if( returnCode != SOCKETS_ERROR_NONE )
{
ggdconfigPRINT( "ERROR! Failure in SOCKET_SetSockOpt call for enabling TLS SNI: "
"ServerHost=%.*s, ReturnCode=%d\r\n",
xURLLength, pxHostAddressData->pcHostAddress, returnCode );
xStatus = pdFAIL;
printf("9999");
}
}
/* Establish the TCP connection. */
if( pdPASS == xStatus )
{
printf("1010");
returnCode = SOCKETS_Connect( *pxSocket,
&xServerAddress,
( uint32_t ) sizeof( xServerAddress ) );
/***It always failed here***/
if( returnCode != SOCKETS_ERROR_NONE )
{
ggdconfigPRINT( "ERROR! SOCKETS_Connect call failed: ServerAddress=%lu, Port=%u, ReturnCode=%d\r\n",
xServerAddress.ulAddress, xServerAddress.usPort, returnCode );
GGD_SecureConnect_Disconnect( pxSocket );
xStatus = pdFAIL;
}
}
}
}
else
{
ggdconfigPRINT( "Malformed URL\r\n" );
xStatus = pdFAIL;
}
return xStatus;
}`Hmm, from the logs posted in the initial post, it looks like its getting past that and failing in GGD_GetIPandCertificateFromJSON after not finding the certificate key in prvGGDGetCertificate. Is that still the case? Would you be able to provide the JSON file retrieved by the application if so?
jitendrazala
commented
2 years ago Yes. Sure.
Please find attachment.
archigup
commented
2 years ago Looking at that screenshot, the SOCKETS_Connect call is getting the correct ip/port from the json document, so the issue is likely with the Greengrass certificate. What is the error if the section with the /* Override TLS trust store with server certificate. */ comment is commented out? If that is done and the SOCKETS_Connect return code is one of the TLS ones then we can narrow the issue down to the certificate.
aggarg
commented
2 years ago Are you still facing this issue?
Hello Folks,
I have been trying to get green grass discovery demo working on ESP32-WROVER hardware but couldn't not get any resource of green grass device v2.
Hardwares Used:
Steps I followed to setup GGC on RPi:
IAMFullAccess AmazonS3FullAccess AWSGreengrassFullAccess AWSIoTFullAccess
Steps I followed to setup GGC Discovery Demo on ESP32:
But not getting green grass device information 😕 Don't know what was the mistake ! Attaching logs of ESP32 monitoring.
Can anyone point me about the possible issue/s and probably solution !?
Thanks. Jitendra