Paulo Sousa

Important changes to forums and questions

All forums and questions are now archived. To start a new conversation or read the latest updates go to forums.mbed.com.

4 years, 7 months ago.

TLS handshake fails for application https://os.mbed.com/users/coisme/code/Mbed-to-Azure-IoT-Hub/

Greetings,

I have been trying the code available at https://os.mbed.com/users/coisme/code/Mbed-to-Azure-IoT-Hub/ for connecting a mbed device to the Azure IoT Hub in a Disco-L475VG-IOT01A, but without success so far. I have tried the symmetric key and X509 certificates authentication, but both fail. I have also tried to use the IoTHub-Diagnostics tool (availabe at https://github.com/azure/iothub-diagnostics) to establish a connection but it also fails (before the https request is done). Am I missing something in my Azure IoT Hub? Bellow you can find the debug for both types of connection. Any suggestion to make it work?

Best regards, Paulo Sousa

SAS Auth

[...]
MQTT client is connecting to the service ...

[DBG ][TLSW]: send 209

[DBG ][TLSW]: ssl_tls.c:8927: |2| => write


[DBG ][TLSW]: ssl_tls.c:3506: |2| => write record


[DBG ][TLSW]: ssl_tls.c:1610: |2| => encrypt buf


[DBG ][TLSW]: ssl_tls.c:1946: |2| <= encrypt buf


[DATParser rBG ][TLSW]: ssl_tls.c:2920: |2| => flush output


ead: 8 data avail in SPI
[2K[DBG ][TLSW]: ssl_tls.c:2938: |2| message length: 277, out_left: 277

ATParser write: 277 BYTES

[DBG ][TLSW]: ssl_tls.c:2944: |2| ssl->f_send() returned 277 (-0xfffffeeb)


[DBG ][TLSW]: ssl_tls.c:2972: |2| <= flush output


[DBG ][TLSW]: ssl_tls.c:3639: |2| <= write record


[DBG ][TLSW]: ssl_tls.c:8955: |2| <= write


[DBG ][TLSW]: ssl_tls.c:8515: |2| => read


[DATParser rBG ][TLSW]: ssl_tls.c:4474: |2| => read record


ad: 8 data avail in SPI
2K[DBG ][TLSW]: ssl_tls.c:2701: |2| => fetch input


[DBG ][TLSW]: ssl_tls.c:2861: |2| in_left: 0, nb_want: 5

ATParser read: 8 data avail in SPI

[DBG ][TLSW]: ssl_tls.c:2885: |2| in_left: 0, nb_want: 5


[DBG ][TLSW]: ssl_tls.c:8515: |2| => read


[DBG ][TLSW]: ssl_tls.c:4474: |2| => read record


[DBG ][TLSW]: ssl_tls.c:2701: |2| => fetch input


[DBG ][TLSW]: ssl_tls.c:2861: |2| in_left: 0, nb_want: 5

ATParser read: 8 data avail in SPI

TParser r0m[DBG ][TLSW]: ssl_tls.c:2885: |2| in_left: 0, nb_want: 5ead: 8 data avail in SPI


ATParser read: 8 data avail in SPI
ATParser read: 78 data avail in SPI

[DBG ][TLSW]: ssl_tls.c:8515: |2| => read


[DBG ][TLSW]: ssl_tls.c:4474: |2| => read record


[DBG ][TLSW]: ssl_tls.c:2701: |2| => fetch input


[DBG ][TLSW]: ssl_tls.c:2861: |2| in_left: 0, nb_want: 5


[DBG ][TLSW]: ssl_tls.c:2885: |2| in_left: 0, nb_want: 5


[DBG ][TLSW]: ssl_tls.c:2887: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)


[DBG ][TLSW]: ssl_tls.c:2907: |2| <= fetch input


[DBG ][TLSW]: ssl_tls.c:2701: |2| => fetch input


[DBG ][TLSW]: ssl_tls.c:2861: |2| in_left: 5, nb_want: 69


[DBG ][TLSW]: ssl_tls.c:2885: |2| in_left: 5, nb_want: 69


[DBG ][TLSW]: ssl_tls.c:2887: |2| ssl->f_recv(_timeout)() returned 64 (-0xffffffc0)


[DBG ][TLSW]: ssl_tls.c:2907: |2| <= fetch input


[DBG ][TLSW]: ssl_tls.c:1959: |2| => decrypt buf


[DBG ][TLSW]: ssl_tls.c:2541: |2| <= decrypt buf


[DBG ][TLSW]: ssl_tls.c:4548: |2| <= read record


[DBG ][TLSW]: ssl_tls.c:8ATParser read: 8 dat803: |2| <= read


[DBG ][TLSW]: ssl_tls.ca avail in SPI
:8515: |2| => read


[DBG ][TLSW]: ssl_tls.c:8803: |2| <= read


[DBG ][TLSW]: ssl_tls.c:8515: |2| => read


[DBG ][TLSW]: ssl_tls.c:8803: |2| <= read

ERROR: rc from MQTT connect is 5

X509 Auth

[...]
[DBG ][TLSW]: ssl_cli.c:3578: |2| client state: 7


[DBG ][TLSW]: ssl_tls.c:2920: |2| => flush output


[DBG ][TLSW]: ssl_tls.c:2932: |2| <= flush output


[DBG ][TLSW]: ssl_tls.c:5492: |2| => write certificate


[DBG ][TLSW]: ssl_tls.c:3349: |2| => write handshake message


[DBG ][TLSW]: ssl_tls.c:3506: |2| => write record


[DBG ][TLSW]: ssl_tls.c:2920: |2| => flush output


ATParser re[DBG ][TLSW]: ssl_tls.c:2938: |2| message length: 41ad: 8 data avail in SPI
81, out_left: 4181

ATParser write: 1460 BYTES

[DBG ][TLSW]: ssl_tls.c:2944: |2| ssl->f_send() returned 1460 (-0xfffffa4c)


[DBG ][TLSW]: ssl_tls.c:2938: |2| message length: 4181, out_left: 2721

ATParser write: 1460 BYTES
AT(Timeout)

ATParser re[31m[ERR ][TLSW]: Socket send error -3012

d: 8 data avail in SPI
m[DBG ][TLSW]: ssl_tls.c:2944: |2| ssl->f_send() returned -3012 (-0x0bc4)


[DBG ][TLSW]: ssl_tls.c:3635: |1| mbedtls_ssl_flush_output() returned -3012 (-0x0bc4)


[DBG ][TLSW]: ssl_tls.c:3478: |1| ssl_write_record() returned -3012 (-0x0bc4)


[DBG ][TLSW]: ssl_tls.c:5592: |1| mbedtls_ssl_write_handshake_msg() returned -3012 (-0x0bc4)


[DBG ][TLSW]: ssl_tls.c:8339: |2| <= handshake


[ERR ][TLSW]: mbedtls_ssl_handshake() failed: -0x0bc4 (-3012): UNKNOWN ERROR CODE (0B80) : UNKNOWN ERROR ATParser reCODE (0044)
ERROR from MQTTNetwork connect is -3011

Edit: I was able to perform connections using SAS tokens, but with X509 certificates the error still persists.

1 Answer

Ron Eldor
4 years, 7 months ago.

Hi Paulo,

As you can see from:

"ssl->f_send() returned -3012"

you have some socket error sending the message. The error is NSAPI_ERROR_DEVICE_ERROR and is returned by your "f_send" call.

It is happening, however, when your client is trying to send your certificate. Do you have some mtu limitation? Any other buffer limitation?

In addition, is your client certificate generated by Azure toolkit, as mentioned in https://os.mbed.com/users/coisme/notebook/azure-iot-hub-from-mbed-os-device/?

Regards,

Mbed Support

Ron


Assigned to Ron Eldor 4 years, 7 months ago.

This means that the question has been accepted and is being worked on.