NuMaker-mbed-OS-6-AWS-IoT-example - NuMaker connection with AWS IoT thru MQTT/HTTPS (…

Nuvoton » Code » NuMaker-mbed-OS-6-AWS-IoT-example

Nuvoton / Mbed OS NuMaker-mbed-OS-6-AWS-IoT-example

NuMaker connection with AWS IoT thru MQTT/HTTPS (Mbed OS 6)

Dependencies: MQTT

README.md@49:ccbacce17f7a, 16 months ago (annotated)

Committer:: cyliang
Date:: Wed Mar 01 03:54:59 2023 +0000
Revision:: 49:ccbacce17f7a
Parent:: 48:ffe503ce537d

Update os v6.17.0 for M467 target

Who changed what in which revision?

User	Revision	Line number	New contents of line
ccli8	1:5ffad9f24d63	1	# Example for Connection with AWS IoT thru MQTT/HTTPS on Mbed OS
ccli8	1:5ffad9f24d63	2
ccli8	1:5ffad9f24d63	3	This is an example to demonstrate connection with [AWS IoT](https://aws.amazon.com/iot)
ccli8	1:5ffad9f24d63	4	on Nuvoton Mbed-enabled boards.
ccli8	1:5ffad9f24d63	5
ccli8	1:5ffad9f24d63	6	## Supported platforms
ccli8	1:5ffad9f24d63	7	On Mbed OS, connection with AWS IoT requires Mbed TLS. It requires more than 64 KB RAM.
ccli8	1:5ffad9f24d63	8	Currently, the following Nuvoton Mbed-enalbed boards can afford such memory footprint:
ccli8	1:5ffad9f24d63	9	- [NuMaker-PFM-NUC472](https://developer.mbed.org/platforms/Nuvoton-NUC472/)
ccli8	1:5ffad9f24d63	10	- [NuMaker-PFM-M487](https://developer.mbed.org/platforms/NUMAKER-PFM-M487/)
ccli8	27:b12add202b88	11	- [NuMaker-IoT-M487](https://os.mbed.com/platforms/NUMAKER-IOT-M487/)
ccli8	46:871e0ad86526	12	- [NuMaker-M2354](https://os.mbed.com/platforms/NUMAKER-M2354/)
cyliang	48:ffe503ce537d	13	- [NuMaker-IoT-M467](https://os.mbed.com/platforms/NUMAKER-IOT-M467/)
ccli8	1:5ffad9f24d63	14
ccli8	1:5ffad9f24d63	15	## Access and manage AWS IoT Service
ccli8	1:5ffad9f24d63	16	To run the example, you need to register one [AWS account](https://aws.amazon.com/)
ccli8	1:5ffad9f24d63	17	to access and manage AWS IoT Service for your device to connect with.
ccli8	1:5ffad9f24d63	18	This [link](https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html) gives detailed
ccli8	1:5ffad9f24d63	19	information about it.
ccli8	1:5ffad9f24d63	20
ccli8	1:5ffad9f24d63	21	1. Sign in to [AWS Management Console](https://aws.amazon.com/console/).
ccli8	1:5ffad9f24d63	22	1. Enter AWS IoT Service.
ccli8	1:5ffad9f24d63	23	1. In AWS IoT Service, create a thing.
ccli8	1:5ffad9f24d63	24	The Console may prompt you to also create a certificate and a policy. Skip for creating them later.
ccli8	1:5ffad9f24d63	25	1. In AWS IoT Service, create a policy. A workable example would be below.
ccli8	1:5ffad9f24d63	26	Note that you need to replace REGION and ACCOUNT to match your case.
ccli8	1:5ffad9f24d63	27
ccli8	1:5ffad9f24d63	28	<pre>
ccli8	1:5ffad9f24d63	29	{
ccli8	1:5ffad9f24d63	30	"Version": "2012-10-17",
ccli8	1:5ffad9f24d63	31	"Statement": [
ccli8	1:5ffad9f24d63	32	{
ccli8	1:5ffad9f24d63	33	"Effect": "Allow",
ccli8	1:5ffad9f24d63	34	"Action": "iot:Connect",
ccli8	1:5ffad9f24d63	35	"Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:client/*"
ccli8	1:5ffad9f24d63	36	},
ccli8	1:5ffad9f24d63	37	{
ccli8	1:5ffad9f24d63	38	"Effect": "Allow",
ccli8	1:5ffad9f24d63	39	"Action": "iot:Subscribe",
ccli8	1:5ffad9f24d63	40	"Resource": ["arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topicfilter/*"]
ccli8	1:5ffad9f24d63	41	},
ccli8	1:5ffad9f24d63	42	{
ccli8	1:5ffad9f24d63	43	"Effect": "Allow",
ccli8	1:5ffad9f24d63	44	"Action": ["iot:Publish", "iot:Receive"],
ccli8	1:5ffad9f24d63	45	"Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topic/*"
ccli8	1:5ffad9f24d63	46	},
ccli8	1:5ffad9f24d63	47	{
ccli8	1:5ffad9f24d63	48	"Effect": "Allow",
ccli8	1:5ffad9f24d63	49	"Action": ["iot:UpdateThingShadow", "iot:GetThingShadow", "iot:DeleteThingShadow"],
ccli8	1:5ffad9f24d63	50	"Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:thing/*"
ccli8	1:5ffad9f24d63	51	}
ccli8	1:5ffad9f24d63	52	]
ccli8	1:5ffad9f24d63	53	}
ccli8	1:5ffad9f24d63	54	</pre>
ccli8	1:5ffad9f24d63	55
ccli8	1:5ffad9f24d63	56	1. In AWS IoT Service, create a certificate. You would get 4 security credential files from it.
ccli8	1:5ffad9f24d63	57	Download them for later use.
ccli8	1:5ffad9f24d63	58	- AWS IoT's CA certificate
ccli8	1:5ffad9f24d63	59	- User certificate
ccli8	1:5ffad9f24d63	60	- User private key
ccli8	1:5ffad9f24d63	61	- User public key
ccli8	1:5ffad9f24d63	62
ccli8	1:5ffad9f24d63	63	After creating the certificate, do:
ccli8	1:5ffad9f24d63	64	1. Activate the certificate
ccli8	1:5ffad9f24d63	65	1. Attach the thing created above to the certificate
ccli8	1:5ffad9f24d63	66	1. Attach the policy created above to the certificate
ccli8	1:5ffad9f24d63	67
ccli8	1:5ffad9f24d63	68	## Configure your device with AWS IoT
ccli8	1:5ffad9f24d63	69	Before connecting your device with AWS IoT, you need to configure security credential and
ccli8	1:5ffad9f24d63	70	protocol dependent parameters into your device. These configurations are all centralized in `main.cpp`.
ccli8	1:5ffad9f24d63	71
ccli8	1:5ffad9f24d63	72	### Configure certificate into your device
ccli8	1:5ffad9f24d63	73	From above, you've got 4 security credential files: CA certificate and user certificate/private key/public key.
ccli8	1:5ffad9f24d63	74	Configure CA certificate, user certificate, and user private key into your device.
ccli8	1:5ffad9f24d63	75	User public key has been included in user certificate and is not used here.
ccli8	1:5ffad9f24d63	76	1. Replace CA certificate with downloaded from the Console.
ccli8	1:5ffad9f24d63	77	```
ccli8	1:5ffad9f24d63	78	const char SSL_CA_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n"
ccli8	46:871e0ad86526	79	"Replace Me"
ccli8	1:5ffad9f24d63	80	```
ccli8	1:5ffad9f24d63	81
ccli8	1:5ffad9f24d63	82	1. Replace user certificate with downloaded from the Console.
ccli8	1:5ffad9f24d63	83	```
ccli8	1:5ffad9f24d63	84	const char SSL_USER_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n"
ccli8	46:871e0ad86526	85	"Replace Me"
ccli8	1:5ffad9f24d63	86	```
ccli8	1:5ffad9f24d63	87
ccli8	1:5ffad9f24d63	88	1. Replace user private key with downloaded from the Console.
ccli8	1:5ffad9f24d63	89	```
ccli8	1:5ffad9f24d63	90	const char SSL_USER_PRIV_KEY_PEM[] = "-----BEGIN RSA PRIVATE KEY-----\n"
ccli8	46:871e0ad86526	91	"Replace Me"
ccli8	1:5ffad9f24d63	92	```
ccli8	1:5ffad9f24d63	93
ccli8	46:871e0ad86526	94	NOTE: The credential hard-coded in source code may get deactivated or deleted.
ccli8	4:dc23eeba885a	95	Use your own credential for connection with AWS IoT.
ccli8	4:dc23eeba885a	96
ccli8	1:5ffad9f24d63	97	### Connect through MQTT
ccli8	1:5ffad9f24d63	98	To connect your device with AWS IoT through MQTT, you need to configure the following parameters.
ccli8	1:5ffad9f24d63	99
ccli8	1:5ffad9f24d63	100	1. Enable connection through MQTT.
ccli8	1:5ffad9f24d63	101	```
ccli8	1:5ffad9f24d63	102	#define AWS_IOT_MQTT_TEST 1
ccli8	1:5ffad9f24d63	103	```
ccli8	1:5ffad9f24d63	104
ccli8	1:5ffad9f24d63	105	1. Replace server name (endpoint). Endpoint has the following format and you just
ccli8	1:5ffad9f24d63	106	need to modify IDENTIFIER and REGION to match your case.
ccli8	1:5ffad9f24d63	107	<pre>
ccli8	1:5ffad9f24d63	108	#define AWS_IOT_MQTT_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com"
ccli8	1:5ffad9f24d63	109	</pre>
ccli8	1:5ffad9f24d63	110
ccli8	1:5ffad9f24d63	111	1. Server port number is fixed. Don't change it.
ccli8	1:5ffad9f24d63	112	```
ccli8	1:5ffad9f24d63	113	#define AWS_IOT_MQTT_SERVER_PORT 8883
ccli8	1:5ffad9f24d63	114	```
ccli8	1:5ffad9f24d63	115
ccli8	1:5ffad9f24d63	116	1. Replace THINGNAME to match your case. The THINGNAME is just the name of the thing you've created above.
ccli8	1:5ffad9f24d63	117	<pre>
ccli8	1:5ffad9f24d63	118	#define AWS_IOT_MQTT_THINGNAME "<b>THINGNAME</b>"
ccli8	1:5ffad9f24d63	119	</pre>
ccli8	1:5ffad9f24d63	120
ccli8	1:5ffad9f24d63	121	1. Replace CLIENTNAME to match your case. If you adopt the example policy above,
ccli8	1:5ffad9f24d63	122	you can modify it arbitrarily because the policy permits any client name bound to your account.
ccli8	1:5ffad9f24d63	123	<pre>
ccli8	1:5ffad9f24d63	124	#define AWS_IOT_MQTT_CLIENTNAME "<b>CLIENTNAME</b>"
ccli8	1:5ffad9f24d63	125	</pre>
ccli8	1:5ffad9f24d63	126
ccli8	1:5ffad9f24d63	127	AWS IoT MQTT protocol supports topic subscribe/publish. The example demonstrates:
ccli8	1:5ffad9f24d63	128	- Subscribe/publish with user topic
ccli8	1:5ffad9f24d63	129	- Subscribe/publish with reserved topic (starting with $) to:
ccli8	1:5ffad9f24d63	130	- Update thing shadow
ccli8	1:5ffad9f24d63	131	- Get thing shadow
ccli8	1:5ffad9f24d63	132	- Delete thing shadow
ccli8	1:5ffad9f24d63	133
ccli8	1:5ffad9f24d63	134	### Connect through HTTPS
ccli8	1:5ffad9f24d63	135	To connect your device with AWS IoT through HTTPS, you need to configure the following parameters.
ccli8	1:5ffad9f24d63	136
ccli8	1:5ffad9f24d63	137	1. Enable connection through HTTPS.
ccli8	1:5ffad9f24d63	138	```
ccli8	1:5ffad9f24d63	139	#define AWS_IOT_HTTPS_TEST 1
ccli8	1:5ffad9f24d63	140	```
ccli8	1:5ffad9f24d63	141
ccli8	1:5ffad9f24d63	142	1. Replace server name (endpoint). Endpoint has the following format and you just
ccli8	1:5ffad9f24d63	143	need to modify IDENTIFIER and REGION to match your case.
ccli8	1:5ffad9f24d63	144	<pre>
ccli8	1:5ffad9f24d63	145	#define AWS_IOT_HTTPS_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com"
ccli8	1:5ffad9f24d63	146	</pre>
ccli8	1:5ffad9f24d63	147
ccli8	1:5ffad9f24d63	148	1. Server port number is fixed. Don't change it.
ccli8	1:5ffad9f24d63	149	```
ccli8	1:5ffad9f24d63	150	#define AWS_IOT_HTTPS_SERVER_PORT 8443
ccli8	1:5ffad9f24d63	151	```
ccli8	1:5ffad9f24d63	152
ccli8	1:5ffad9f24d63	153	1. Replace THINGNAME to match your case. The THINGNAME is just the name of the thing you've created above.
ccli8	1:5ffad9f24d63	154	<pre>
ccli8	1:5ffad9f24d63	155	#define AWS_IOT_HTTPS_THINGNAME "<b>THINGNAME</b>"
ccli8	1:5ffad9f24d63	156	</pre>
ccli8	1:5ffad9f24d63	157
ccli8	1:5ffad9f24d63	158	AWS IoT HTTPS protocol supports topic publish-only and RESTful API. The example demonstrates:
ccli8	1:5ffad9f24d63	159	- Publish to user topic
ccli8	1:5ffad9f24d63	160	- Publish to reserved topic (starting with $) to:
ccli8	1:5ffad9f24d63	161	- Update thing shadow
ccli8	1:5ffad9f24d63	162	- Get thing shadow
ccli8	1:5ffad9f24d63	163	- Delete thing shadow
ccli8	1:5ffad9f24d63	164	- RESTful API to:
ccli8	1:5ffad9f24d63	165	- Update thing shadow RESTfully through HTTPS/POST method
ccli8	1:5ffad9f24d63	166	- Get thing shadow RESTfully through HTTPS/GET method
ccli8	1:5ffad9f24d63	167	- Delete thing shadow RESTfully through HTTPS/DELETE method
ccli8	1:5ffad9f24d63	168
ccli8	1:5ffad9f24d63	169	## Monitor the application
ccli8	46:871e0ad86526	170	If you configure your terminal program with 115200/8-N-1, you would see output similar to:
ccli8	1:5ffad9f24d63	171
ccli8	1:5ffad9f24d63	172	NOTE: Make sure that the network is functional before running the application.
ccli8	1:5ffad9f24d63	173
ccli8	1:5ffad9f24d63	174	<pre>
ccli8	1:5ffad9f24d63	175	Starting AWS IoT test
ccli8	46:871e0ad86526	176	Using Mbed OS 6.14.0
ccli8	46:871e0ad86526	177	Connected to the network successfully. IP address: 192.168.8.105
ccli8	46:871e0ad86526	178	Opening network socket on network stack
ccli8	46:871e0ad86526	179	Opens network socket on network stack OK
ccli8	46:871e0ad86526	180	DNS resolution for a1fljoeglhtf61-ats.iot.us-east-2.amazonaws.com...
ccli8	46:871e0ad86526	181	DNS resolution for a1fljoeglhtf61-ats.iot.us-east-2.amazonaws.com: 3.129.252.104:8883
ccli8	1:5ffad9f24d63	182	</pre>
ccli8	1:5ffad9f24d63	183
ccli8	1:5ffad9f24d63	184	If you get here successfully, it means configurations with security credential are correct.
ccli8	1:5ffad9f24d63	185	<pre>
ccli8	46:871e0ad86526	186	Connecting with a1fljoeglhtf61-ats.iot.us-east-2.amazonaws.com:8883
ccli8	46:871e0ad86526	187	Connects with a1fljoeglhtf61-ats.iot.us-east-2.amazonaws.com:8883 OK
ccli8	46:871e0ad86526	188	Resolved MQTT client ID: 002E0051-013B87F3-00000021
ccli8	46:871e0ad86526	189	MQTT connects OK
ccli8	1:5ffad9f24d63	190	</pre>
ccli8	1:5ffad9f24d63	191
ccli8	1:5ffad9f24d63	192	MQTT handshake goes:
ccli8	1:5ffad9f24d63	193	<pre>
ccli8	1:5ffad9f24d63	194	MQTT connects OK
ccli8	1:5ffad9f24d63	195
ccli8	1:5ffad9f24d63	196	Subscribing/publishing user topic
ccli8	1:5ffad9f24d63	197	MQTT subscribes to Nuvoton/Mbed/+ OK
ccli8	1:5ffad9f24d63	198	Message to publish:
ccli8	1:5ffad9f24d63	199	{ "message": "Hello from Nuvoton Mbed device" }
ccli8	1:5ffad9f24d63	200	MQTT publishes message to Nuvoton/Mbed/D001 OK
ccli8	46:871e0ad86526	201	MQTT receives message with subscribed Nuvoton/Mbed/D001...
ccli8	1:5ffad9f24d63	202	Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8	1:5ffad9f24d63	203	Payload:
ccli8	1:5ffad9f24d63	204	{ "message": "Hello from Nuvoton Mbed device" }
ccli8	46:871e0ad86526	205	MQTT receives message with subscribed Nuvoton/Mbed/D001 OK
ccli8	1:5ffad9f24d63	206
ccli8	1:5ffad9f24d63	207	MQTT unsubscribes from Nuvoton/Mbed/+ OK
ccli8	1:5ffad9f24d63	208	Subscribes/publishes user topic OK
ccli8	1:5ffad9f24d63	209
ccli8	1:5ffad9f24d63	210	Subscribing/publishing UpdateThingShadow topic
ccli8	1:5ffad9f24d63	211	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK
ccli8	1:5ffad9f24d63	212	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK
ccli8	1:5ffad9f24d63	213	Message to publish:
ccli8	1:5ffad9f24d63	214	{ "state": { "reported": { "attribute1": 3, "attribute2": "1" } } }
ccli8	1:5ffad9f24d63	215	MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/update OK
ccli8	46:871e0ad86526	216	MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/update...
ccli8	1:5ffad9f24d63	217	Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8	1:5ffad9f24d63	218	Payload:
ccli8	46:871e0ad86526	219	{"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1630637720},"attribute2":{"timestamp":1630637720}}},"version":229,"timestamp":1630637720}
ccli8	46:871e0ad86526	220	MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/update OK
ccli8	1:5ffad9f24d63	221
ccli8	1:5ffad9f24d63	222	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK
ccli8	1:5ffad9f24d63	223	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK
ccli8	1:5ffad9f24d63	224	Subscribes/publishes UpdateThingShadow topic OK
ccli8	1:5ffad9f24d63	225
ccli8	1:5ffad9f24d63	226	Subscribing/publishing GetThingShadow topic
ccli8	1:5ffad9f24d63	227	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK
ccli8	1:5ffad9f24d63	228	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK
ccli8	1:5ffad9f24d63	229	Message to publish:
ccli8	1:5ffad9f24d63	230
ccli8	1:5ffad9f24d63	231	MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/get OK
ccli8	46:871e0ad86526	232	MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/get...
ccli8	1:5ffad9f24d63	233	Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8	1:5ffad9f24d63	234	Payload:
ccli8	46:871e0ad86526	235	{"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1630637720},"attribute2":{"timestamp":1630637720}}},"version":229,"timestamp":1630637722}
ccli8	46:871e0ad86526	236	MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/get OK
ccli8	1:5ffad9f24d63	237
ccli8	1:5ffad9f24d63	238	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK
ccli8	1:5ffad9f24d63	239	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK
ccli8	1:5ffad9f24d63	240	Subscribes/publishes GetThingShadow topic OK
ccli8	1:5ffad9f24d63	241
ccli8	1:5ffad9f24d63	242	Subscribing/publishing DeleteThingShadow topic
ccli8	1:5ffad9f24d63	243	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK
ccli8	1:5ffad9f24d63	244	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK
ccli8	1:5ffad9f24d63	245	Message to publish:
ccli8	1:5ffad9f24d63	246
ccli8	1:5ffad9f24d63	247	MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/delete OK
ccli8	46:871e0ad86526	248	MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/delete...
ccli8	1:5ffad9f24d63	249	Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8	1:5ffad9f24d63	250	Payload:
ccli8	46:871e0ad86526	251	{"version":229,"timestamp":1630637724}
ccli8	46:871e0ad86526	252	MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/delete OK
ccli8	1:5ffad9f24d63	253
ccli8	1:5ffad9f24d63	254	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK
ccli8	1:5ffad9f24d63	255	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK
ccli8	1:5ffad9f24d63	256	Subscribes/publishes DeleteThingShadow topic OK
ccli8	1:5ffad9f24d63	257
ccli8	1:5ffad9f24d63	258	MQTT disconnects OK
ccli8	1:5ffad9f24d63	259	</pre>
ccli8	1:5ffad9f24d63	260
ccli8	46:871e0ad86526	261	## Trouble-shooting
ccli8	46:871e0ad86526	262	- Reduce memory footprint according to RFC 6066 TLS extension.
ccli8	46:871e0ad86526	263	We reduce memory footprint by:
ccli8	46:871e0ad86526	264	1. Enabling RFC 6066 max_fragment_length extension by configuing `my-tlssocket.tls-max-frag-len` to 4.
ccli8	46:871e0ad86526	265
ccli8	46:871e0ad86526	266	`my-tlssocket/mbed_lib.json`:
ccli8	46:871e0ad86526	267	```json
ccli8	46:871e0ad86526	268	{
ccli8	46:871e0ad86526	269	"name": "my-tlssocket",
ccli8	46:871e0ad86526	270	"config": {
ccli8	46:871e0ad86526	271	"tls-max-frag-len": {
ccli8	46:871e0ad86526	272	"help": "Maximum fragment length value for the payload in one packet, doesn't include TLS header and encryption overhead. Is needed for constrained devices having low MTU sizes, Value 0 = disabled, 1 = MBEDTLS_SSL_MAX_FRAG_LEN_512, 2= MBEDTLS_SSL_MAX_FRAG_LEN_1024, 3 = MBEDTLS_SSL_MAX_FRAG_LEN_2048, 4 = MBEDTLS_SSL_MAX_FRAG_LEN_4096",
ccli8	46:871e0ad86526	273	"value": 0
ccli8	46:871e0ad86526	274	},
ccli8	46:871e0ad86526	275	}
ccli8	46:871e0ad86526	276	}
ccli8	46:871e0ad86526	277	```
ccli8	5:2a70e217325f	278
ccli8	46:871e0ad86526	279	`mbed_app.json`:
ccli8	46:871e0ad86526	280	```json
ccli8	46:871e0ad86526	281	"SOME_TARGET": {
ccli8	46:871e0ad86526	282	"my-tlssocket.tls-max-frag-len" : 4,
ccli8	46:871e0ad86526	283	},
ccli8	46:871e0ad86526	284	```
ccli8	46:871e0ad86526	285
ccli8	46:871e0ad86526	286	1. Consistent with above, allocating these buffers with `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` being larger than 4KiB/4KiB.
ccli8	46:871e0ad86526	287
ccli8	46:871e0ad86526	288	`mbedtls_user_config.h`:
ccli8	46:871e0ad86526	289	```C++
ccli8	46:871e0ad86526	290	/* Maximum length (in bytes) of incoming plaintext fragments */
ccli8	46:871e0ad86526	291	#define MBEDTLS_SSL_IN_CONTENT_LEN 8192
ccli8	46:871e0ad86526	292
ccli8	46:871e0ad86526	293	/* Maximum length (in bytes) of outgoing plaintext fragments */
ccli8	46:871e0ad86526	294	#define MBEDTLS_SSL_OUT_CONTENT_LEN 8192
ccli8	46:871e0ad86526	295	```
ccli8	46:871e0ad86526	296
ccli8	46:871e0ad86526	297	NOTE:: With `my-tlssocket.tls-max-frag-len` being 4, `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` must be larger than 4KiB/4KiB.
ccli8	46:871e0ad86526	298	We enlarge them to 8KiB/8KiB because TLS handshake also uses these buffers and may require larger.
ccli8	26:e5cfc2628e84	299
ccli8	26:e5cfc2628e84	300	But this approach is risky because:
ccli8	26:e5cfc2628e84	301	1. AWS IoT doesn't support RFC 6066 TLS extension yet.
ccli8	46:871e0ad86526	302	1. TLS handshake may need larger I/O buffers than configured.
ccli8	26:e5cfc2628e84	303
ccli8	26:e5cfc2628e84	304	If you doubt your trouble is caused by this configuration, disable it by:
ccli8	46:871e0ad86526	305	1. Removing the line `my-tlssocket.tls-max-frag-len` in `mbed_app.json`.
ccli8	46:871e0ad86526	306	1. Commenting out `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` in `mbedtls_user_config.h`.
ccli8	26:e5cfc2628e84	307	This will change back to 16KiB/16KiB.

Repository toolbox

Export to desktop IDE

Build repository

Repository details

Type:	Program
Mbed OS support:	Mbed OS
Created:	03 Sep 2021
Imports:	8
Forks:	0
Commits:	50
Dependents:	0
Dependencies:	1
Followers:	28

README.md@49:ccbacce17f7a, 16 months ago (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning