Closed rakesh5283 closed 11 months ago
Hi @rakesh5283 Thanks for reporting this issue. Could you please let us know at which point the , function SSL_connect() gets stuck, or is it the function returens error code , and the device reboots ?
At below tlsHandshake() function when SSL_connect() get stuck, its in openssl_posix.c file. all other functions return 1 value which is SUCCESS.
Output of below code is:
16:33:59 -> **tlsHandshake will be called: *** 16:33:59 -> SSL_set1_host output is: 1. 16:33:59 -> SSL_set_fd output is: 1. 16:33:59 -> SSL_set_tlsext_host_name output is: 1. 16:33:59 -> SSL_Connect is going to call #######################
`static OpensslStatus_t tlsHandshake( const ServerInfo_t pServerInfo, OpensslParams_t pOpensslParams, const OpensslCredentials_t * pOpensslCredentials ) { OpensslStatus_t returnStatus = OPENSSL_SUCCESS; int32_t sslStatus = -1, verifyPeerCertStatus = X509_V_OK;
/* Validate the hostname against the server's certificate. */
/*vplDebugF("pServerInfo->pHostName is: %s.", pServerInfo->pHostName);
vplDebugF(" pOpensslParams->pSsl is: %d.", pOpensslParams->pSsl);*/
sslStatus = SSL_set1_host( pOpensslParams->pSsl, pServerInfo->pHostName );
vplDebugF("SSL_set1_host output is: %d.", sslStatus);
if( sslStatus != 1 )
{
LogError( ( "SSL_set1_host failed to set the hostname to validate." ) );
vplDebug(("SSL_set1_host failed to set the hostname to validate."));
returnStatus = OPENSSL_API_ERROR;
}
/* Enable SSL peer verification. */
if( returnStatus == OPENSSL_SUCCESS )
{
SSL_set_verify( pOpensslParams->pSsl, SSL_VERIFY_PEER, NULL );
/* Setup the socket to use for communication. */
sslStatus =
SSL_set_fd( pOpensslParams->pSsl, pOpensslParams->socketDescriptor );
vplDebugF("SSL_set_fd output is: %d.", sslStatus);
if( sslStatus != 1 )
{
LogError( ( "SSL_set_fd failed to set the socket fd to SSL context." ) );
vplDebug(("SSL_set_fd failed to set the socket fd to SSL context."));
returnStatus = OPENSSL_API_ERROR;
}
}
/* Perform the TLS handshake. */
if( returnStatus == OPENSSL_SUCCESS )
{
setOptionalConfigurations( pOpensslParams->pSsl, pOpensslCredentials );
vplDebug("SSL_Connect is going to call #######################");
sslStatus = SSL_connect( pOpensslParams->pSsl );
vplDebugF(("SSL_connect output is.: %d", sslStatus));
int ret = 0;
int error = SSL_get_error(pOpensslParams->pSsl,ret);
vplDebugF(("SSL_get_error Eror is.: %d", error));
if( sslStatus != 1 )
{
LogError( ( "SSL_connect failed to perform TLS handshake." ) );
vplDebugF(("SSL_connect failed to perform TLS handshake.: %d",sslStatus));
returnStatus = OPENSSL_HANDSHAKE_FAILED;
}
}
/* Verify X509 certificate from peer. */
if( returnStatus == OPENSSL_SUCCESS )
{
verifyPeerCertStatus = ( int32_t ) SSL_get_verify_result( pOpensslParams->pSsl );
if( verifyPeerCertStatus != X509_V_OK )
{
LogError( ( "SSL_get_verify_result failed to verify X509 "
"certificate from peer." ) );
vplDebug(("SSL_get_verify_result failed to verify X509 "
"certificate from peer."));
returnStatus = OPENSSL_HANDSHAKE_FAILED;
}
}
return returnStatus;
}`
@rakesh5283 Are you using a proper hostname or an ip address? Currently, only proper hostnames are supported.
@paulbartell I am using AWS Endpoint name
I tried to print the error message and it show me below:
15:23:32 -> error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (null) À á process_server_certificate:certificate verify failed
The intersting thing is by using mosquitto command it send data to AWS IoT Core, the command is as per the below.
mosquitto_pub -h
@rakesh5283 : A few more things to check if this is still a problem for you:
Hi @rakesh5283, Have you checked the suggestion from @paulbartell? We'd like to get your feedback. Please feel free to ask if you have futher question.
Thanks.
Hi,
Sorry for reply late.
The issue is resolved now.. I am now able to send data to AWS IoT Core from my device.
It was openssl library version that was creating the problem with my device.
Thanks for your all support.
@paulbartell
Hi Paul, Thanks for your message .
The below point was not set to my device, once it set now its working..
3). Is your system's time/date set? If the date is incorrect, openssl think that the server certificate is expired.
I tried with python same certificates and it worked but from my device it was not working, then i changed the device time which is set from IDE and it works now..
Rakesh
Hi,
I am trying to build the Embedded-C SDK using openssl1.1.1 library. I am able to build in our development enviornment.
But it stuck in SSL_connect() function and does not coming out of it.. and device get reboot.
Do I missing anything.
Thanks Rakesh