NuMaker-mbed-AWS-IoT-example - NuMaker connection with AWS IoT thru MQTT/HTTPS

Users » doudoutang » Code » NuMaker-mbed-AWS-IoT-example

yh Tang / Mbed OS NuMaker-mbed-AWS-IoT-example

NuMaker connection with AWS IoT thru MQTT/HTTPS

README.md@26:e5cfc2628e84, 2019-04-15 (annotated)

Committer:: ccli8
Date:: Mon Apr 15 17:31:56 2019 +0800
Revision:: 26:e5cfc2628e84
Parent:: 19:b8191f21eeaf
Child:: 27:b12add202b88

Reduce memory footprint according to RFC 6066 TLS extension



1. Enable RFC 6066 max_fragment_length extension.

2. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB.



But this approach is risky because:

1. AWS IoT doesn't support RFC 6066 TLS extension yet.

2. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB. 4KiB/4KiB is minimum

   to pass TLS handshake per test.

Who changed what in which revision?

User	Revision	Line number	New contents of line
ccli8	1:5ffad9f24d63	1	# Example for Connection with AWS IoT thru MQTT/HTTPS on Mbed OS
ccli8	1:5ffad9f24d63	2
ccli8	1:5ffad9f24d63	3	This is an example to demonstrate connection with [AWS IoT](https://aws.amazon.com/iot)
ccli8	1:5ffad9f24d63	4	on Nuvoton Mbed-enabled boards.
ccli8	1:5ffad9f24d63	5
ccli8	1:5ffad9f24d63	6	## Supported platforms
ccli8	1:5ffad9f24d63	7	On Mbed OS, connection with AWS IoT requires Mbed TLS. It requires more than 64 KB RAM.
ccli8	1:5ffad9f24d63	8	Currently, the following Nuvoton Mbed-enalbed boards can afford such memory footprint:
ccli8	1:5ffad9f24d63	9	- [NuMaker-PFM-NUC472](https://developer.mbed.org/platforms/Nuvoton-NUC472/)
ccli8	1:5ffad9f24d63	10	- [NuMaker-PFM-M487](https://developer.mbed.org/platforms/NUMAKER-PFM-M487/)
ccli8	1:5ffad9f24d63	11
ccli8	1:5ffad9f24d63	12	## Access and manage AWS IoT Service
ccli8	1:5ffad9f24d63	13	To run the example, you need to register one [AWS account](https://aws.amazon.com/)
ccli8	1:5ffad9f24d63	14	to access and manage AWS IoT Service for your device to connect with.
ccli8	1:5ffad9f24d63	15	This [link](https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html) gives detailed
ccli8	1:5ffad9f24d63	16	information about it.
ccli8	1:5ffad9f24d63	17
ccli8	1:5ffad9f24d63	18	1. Sign in to [AWS Management Console](https://aws.amazon.com/console/).
ccli8	1:5ffad9f24d63	19	1. Enter AWS IoT Service.
ccli8	1:5ffad9f24d63	20	1. In AWS IoT Service, create a thing.
ccli8	1:5ffad9f24d63	21	The Console may prompt you to also create a certificate and a policy. Skip for creating them later.
ccli8	1:5ffad9f24d63	22	1. In AWS IoT Service, create a policy. A workable example would be below.
ccli8	1:5ffad9f24d63	23	Note that you need to replace REGION and ACCOUNT to match your case.
ccli8	1:5ffad9f24d63	24
ccli8	1:5ffad9f24d63	25	<pre>
ccli8	1:5ffad9f24d63	26	{
ccli8	1:5ffad9f24d63	27	"Version": "2012-10-17",
ccli8	1:5ffad9f24d63	28	"Statement": [
ccli8	1:5ffad9f24d63	29	{
ccli8	1:5ffad9f24d63	30	"Effect": "Allow",
ccli8	1:5ffad9f24d63	31	"Action": "iot:Connect",
ccli8	1:5ffad9f24d63	32	"Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:client/*"
ccli8	1:5ffad9f24d63	33	},
ccli8	1:5ffad9f24d63	34	{
ccli8	1:5ffad9f24d63	35	"Effect": "Allow",
ccli8	1:5ffad9f24d63	36	"Action": "iot:Subscribe",
ccli8	1:5ffad9f24d63	37	"Resource": ["arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topicfilter/*"]
ccli8	1:5ffad9f24d63	38	},
ccli8	1:5ffad9f24d63	39	{
ccli8	1:5ffad9f24d63	40	"Effect": "Allow",
ccli8	1:5ffad9f24d63	41	"Action": ["iot:Publish", "iot:Receive"],
ccli8	1:5ffad9f24d63	42	"Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topic/*"
ccli8	1:5ffad9f24d63	43	},
ccli8	1:5ffad9f24d63	44	{
ccli8	1:5ffad9f24d63	45	"Effect": "Allow",
ccli8	1:5ffad9f24d63	46	"Action": ["iot:UpdateThingShadow", "iot:GetThingShadow", "iot:DeleteThingShadow"],
ccli8	1:5ffad9f24d63	47	"Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:thing/*"
ccli8	1:5ffad9f24d63	48	}
ccli8	1:5ffad9f24d63	49	]
ccli8	1:5ffad9f24d63	50	}
ccli8	1:5ffad9f24d63	51	</pre>
ccli8	1:5ffad9f24d63	52
ccli8	1:5ffad9f24d63	53	1. In AWS IoT Service, create a certificate. You would get 4 security credential files from it.
ccli8	1:5ffad9f24d63	54	Download them for later use.
ccli8	1:5ffad9f24d63	55	- AWS IoT's CA certificate
ccli8	1:5ffad9f24d63	56	- User certificate
ccli8	1:5ffad9f24d63	57	- User private key
ccli8	1:5ffad9f24d63	58	- User public key
ccli8	1:5ffad9f24d63	59
ccli8	1:5ffad9f24d63	60	After creating the certificate, do:
ccli8	1:5ffad9f24d63	61	1. Activate the certificate
ccli8	1:5ffad9f24d63	62	1. Attach the thing created above to the certificate
ccli8	1:5ffad9f24d63	63	1. Attach the policy created above to the certificate
ccli8	1:5ffad9f24d63	64
ccli8	1:5ffad9f24d63	65	## Configure your device with AWS IoT
ccli8	1:5ffad9f24d63	66	Before connecting your device with AWS IoT, you need to configure security credential and
ccli8	1:5ffad9f24d63	67	protocol dependent parameters into your device. These configurations are all centralized in `main.cpp`.
ccli8	1:5ffad9f24d63	68
ccli8	1:5ffad9f24d63	69	### Configure certificate into your device
ccli8	1:5ffad9f24d63	70	From above, you've got 4 security credential files: CA certificate and user certificate/private key/public key.
ccli8	1:5ffad9f24d63	71	Configure CA certificate, user certificate, and user private key into your device.
ccli8	1:5ffad9f24d63	72	User public key has been included in user certificate and is not used here.
ccli8	1:5ffad9f24d63	73	1. Replace CA certificate with downloaded from the Console.
ccli8	1:5ffad9f24d63	74	```
ccli8	1:5ffad9f24d63	75	const char SSL_CA_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n"
ccli8	1:5ffad9f24d63	76	"MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\n"
ccli8	1:5ffad9f24d63	77	"yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
ccli8	1:5ffad9f24d63	78	```
ccli8	1:5ffad9f24d63	79
ccli8	1:5ffad9f24d63	80	1. Replace user certificate with downloaded from the Console.
ccli8	1:5ffad9f24d63	81	```
ccli8	1:5ffad9f24d63	82	const char SSL_USER_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n"
ccli8	1:5ffad9f24d63	83	"MIIDWjCCAkKgAwIBAgIVALN/H7tr8cgpl2zwg0JjEE106XilMA0GCSqGSIb3DQEB\n"
ccli8	1:5ffad9f24d63	84	"CwUAME0xSzBJBgNVBAsMQkFtYXpvbiBXZWIgU2VydmljZXMgTz1BbWF6b24uY29t\n"
ccli8	1:5ffad9f24d63	85	```
ccli8	1:5ffad9f24d63	86
ccli8	1:5ffad9f24d63	87	1. Replace user private key with downloaded from the Console.
ccli8	1:5ffad9f24d63	88	```
ccli8	1:5ffad9f24d63	89	const char SSL_USER_PRIV_KEY_PEM[] = "-----BEGIN RSA PRIVATE KEY-----\n"
ccli8	1:5ffad9f24d63	90	```
ccli8	1:5ffad9f24d63	91
ccli8	4:dc23eeba885a	92	NOTE: The credential hard-coded in source code is deactivated or deleted.
ccli8	4:dc23eeba885a	93	Use your own credential for connection with AWS IoT.
ccli8	4:dc23eeba885a	94
ccli8	1:5ffad9f24d63	95	### Connect through MQTT
ccli8	1:5ffad9f24d63	96	To connect your device with AWS IoT through MQTT, you need to configure the following parameters.
ccli8	1:5ffad9f24d63	97
ccli8	1:5ffad9f24d63	98	1. Enable connection through MQTT.
ccli8	1:5ffad9f24d63	99	```
ccli8	1:5ffad9f24d63	100	#define AWS_IOT_MQTT_TEST 1
ccli8	1:5ffad9f24d63	101	```
ccli8	1:5ffad9f24d63	102
ccli8	1:5ffad9f24d63	103	1. Replace server name (endpoint). Endpoint has the following format and you just
ccli8	1:5ffad9f24d63	104	need to modify IDENTIFIER and REGION to match your case.
ccli8	1:5ffad9f24d63	105	<pre>
ccli8	1:5ffad9f24d63	106	#define AWS_IOT_MQTT_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com"
ccli8	1:5ffad9f24d63	107	</pre>
ccli8	1:5ffad9f24d63	108
ccli8	1:5ffad9f24d63	109	1. Server port number is fixed. Don't change it.
ccli8	1:5ffad9f24d63	110	```
ccli8	1:5ffad9f24d63	111	#define AWS_IOT_MQTT_SERVER_PORT 8883
ccli8	1:5ffad9f24d63	112	```
ccli8	1:5ffad9f24d63	113
ccli8	1:5ffad9f24d63	114	1. Replace THINGNAME to match your case. The THINGNAME is just the name of the thing you've created above.
ccli8	1:5ffad9f24d63	115	<pre>
ccli8	1:5ffad9f24d63	116	#define AWS_IOT_MQTT_THINGNAME "<b>THINGNAME</b>"
ccli8	1:5ffad9f24d63	117	</pre>
ccli8	1:5ffad9f24d63	118
ccli8	1:5ffad9f24d63	119	1. Replace CLIENTNAME to match your case. If you adopt the example policy above,
ccli8	1:5ffad9f24d63	120	you can modify it arbitrarily because the policy permits any client name bound to your account.
ccli8	1:5ffad9f24d63	121	<pre>
ccli8	1:5ffad9f24d63	122	#define AWS_IOT_MQTT_CLIENTNAME "<b>CLIENTNAME</b>"
ccli8	1:5ffad9f24d63	123	</pre>
ccli8	1:5ffad9f24d63	124
ccli8	1:5ffad9f24d63	125	AWS IoT MQTT protocol supports topic subscribe/publish. The example demonstrates:
ccli8	1:5ffad9f24d63	126	- Subscribe/publish with user topic
ccli8	1:5ffad9f24d63	127	- Subscribe/publish with reserved topic (starting with $) to:
ccli8	1:5ffad9f24d63	128	- Update thing shadow
ccli8	1:5ffad9f24d63	129	- Get thing shadow
ccli8	1:5ffad9f24d63	130	- Delete thing shadow
ccli8	1:5ffad9f24d63	131
ccli8	1:5ffad9f24d63	132	### Connect through HTTPS
ccli8	1:5ffad9f24d63	133	To connect your device with AWS IoT through HTTPS, you need to configure the following parameters.
ccli8	1:5ffad9f24d63	134
ccli8	1:5ffad9f24d63	135	1. Enable connection through HTTPS.
ccli8	1:5ffad9f24d63	136	```
ccli8	1:5ffad9f24d63	137	#define AWS_IOT_HTTPS_TEST 1
ccli8	1:5ffad9f24d63	138	```
ccli8	1:5ffad9f24d63	139
ccli8	1:5ffad9f24d63	140	1. Replace server name (endpoint). Endpoint has the following format and you just
ccli8	1:5ffad9f24d63	141	need to modify IDENTIFIER and REGION to match your case.
ccli8	1:5ffad9f24d63	142	<pre>
ccli8	1:5ffad9f24d63	143	#define AWS_IOT_HTTPS_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com"
ccli8	1:5ffad9f24d63	144	</pre>
ccli8	1:5ffad9f24d63	145
ccli8	1:5ffad9f24d63	146	1. Server port number is fixed. Don't change it.
ccli8	1:5ffad9f24d63	147	```
ccli8	1:5ffad9f24d63	148	#define AWS_IOT_HTTPS_SERVER_PORT 8443
ccli8	1:5ffad9f24d63	149	```
ccli8	1:5ffad9f24d63	150
ccli8	1:5ffad9f24d63	151	1. Replace THINGNAME to match your case. The THINGNAME is just the name of the thing you've created above.
ccli8	1:5ffad9f24d63	152	<pre>
ccli8	1:5ffad9f24d63	153	#define AWS_IOT_HTTPS_THINGNAME "<b>THINGNAME</b>"
ccli8	1:5ffad9f24d63	154	</pre>
ccli8	1:5ffad9f24d63	155
ccli8	1:5ffad9f24d63	156	AWS IoT HTTPS protocol supports topic publish-only and RESTful API. The example demonstrates:
ccli8	1:5ffad9f24d63	157	- Publish to user topic
ccli8	1:5ffad9f24d63	158	- Publish to reserved topic (starting with $) to:
ccli8	1:5ffad9f24d63	159	- Update thing shadow
ccli8	1:5ffad9f24d63	160	- Get thing shadow
ccli8	1:5ffad9f24d63	161	- Delete thing shadow
ccli8	1:5ffad9f24d63	162	- RESTful API to:
ccli8	1:5ffad9f24d63	163	- Update thing shadow RESTfully through HTTPS/POST method
ccli8	1:5ffad9f24d63	164	- Get thing shadow RESTfully through HTTPS/GET method
ccli8	1:5ffad9f24d63	165	- Delete thing shadow RESTfully through HTTPS/DELETE method
ccli8	1:5ffad9f24d63	166
ccli8	1:5ffad9f24d63	167	## Monitor the application
ccli8	1:5ffad9f24d63	168	If you configure your terminal program with 9600/8-N-1, you would see output similar to:
ccli8	1:5ffad9f24d63	169
ccli8	1:5ffad9f24d63	170	NOTE: Make sure that the network is functional before running the application.
ccli8	1:5ffad9f24d63	171
ccli8	1:5ffad9f24d63	172	<pre>
ccli8	1:5ffad9f24d63	173	Starting AWS IoT test
ccli8	1:5ffad9f24d63	174	Using Mbed OS 5.7.1
ccli8	1:5ffad9f24d63	175	[EasyConnect] IPv4 mode
ccli8	1:5ffad9f24d63	176	Connecting with a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883
ccli8	1:5ffad9f24d63	177	Connecting to a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883
ccli8	1:5ffad9f24d63	178	</pre>
ccli8	1:5ffad9f24d63	179
ccli8	1:5ffad9f24d63	180	If you get here successfully, it means configurations with security credential are correct.
ccli8	1:5ffad9f24d63	181	<pre>
ccli8	1:5ffad9f24d63	182	Starting the TLS handshake...
ccli8	1:5ffad9f24d63	183	TLS connection to a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883 established
ccli8	1:5ffad9f24d63	184	Server certificate:
ccli8	1:5ffad9f24d63	185	cert. version : 3
ccli8	1:5ffad9f24d63	186	serial number : 3C:AC:B3:D3:3E:D8:6A:C9:2B:EF:D2:C5:B1:DC:BF:66
ccli8	1:5ffad9f24d63	187	issuer name : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
ccli8	1:5ffad9f24d63	188	subject name : C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.iot.us-east-1.amazonaws.com
ccli8	1:5ffad9f24d63	189	issued on : 2017-03-07 00:00:00
ccli8	1:5ffad9f24d63	190	expires on : 2018-03-08 23:59:59
ccli8	1:5ffad9f24d63	191	signed using : ECDSA with SHA256
ccli8	1:5ffad9f24d63	192	EC key size : 256 bits
ccli8	1:5ffad9f24d63	193	basic constraints : CA=false
ccli8	1:5ffad9f24d63	194	subject alt name : iot.us-east-1.amazonaws.com, *.iot.us-east-1.amazonaws.com
ccli8	1:5ffad9f24d63	195	key usage : Digital Signature
ccli8	1:5ffad9f24d63	196	ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
ccli8	1:5ffad9f24d63	197	Certificate verification passed
ccli8	1:5ffad9f24d63	198
ccli8	1:5ffad9f24d63	199	Connects with a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883 OK
ccli8	1:5ffad9f24d63	200	</pre>
ccli8	1:5ffad9f24d63	201
ccli8	1:5ffad9f24d63	202	MQTT handshake goes:
ccli8	1:5ffad9f24d63	203	<pre>
ccli8	1:5ffad9f24d63	204	MQTT connects OK
ccli8	1:5ffad9f24d63	205
ccli8	1:5ffad9f24d63	206	Subscribing/publishing user topic
ccli8	1:5ffad9f24d63	207	MQTT subscribes to Nuvoton/Mbed/+ OK
ccli8	1:5ffad9f24d63	208	Message to publish:
ccli8	1:5ffad9f24d63	209	{ "message": "Hello from Nuvoton Mbed device" }
ccli8	1:5ffad9f24d63	210	MQTT publishes message to Nuvoton/Mbed/D001 OK
ccli8	1:5ffad9f24d63	211	Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8	1:5ffad9f24d63	212	Payload:
ccli8	1:5ffad9f24d63	213	{ "message": "Hello from Nuvoton Mbed device" }
ccli8	1:5ffad9f24d63	214
ccli8	1:5ffad9f24d63	215	MQTT unsubscribes from Nuvoton/Mbed/+ OK
ccli8	1:5ffad9f24d63	216	Subscribes/publishes user topic OK
ccli8	1:5ffad9f24d63	217
ccli8	1:5ffad9f24d63	218	Subscribing/publishing UpdateThingShadow topic
ccli8	1:5ffad9f24d63	219	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK
ccli8	1:5ffad9f24d63	220	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK
ccli8	1:5ffad9f24d63	221	Message to publish:
ccli8	1:5ffad9f24d63	222	{ "state": { "reported": { "attribute1": 3, "attribute2": "1" } } }
ccli8	1:5ffad9f24d63	223	MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/update OK
ccli8	1:5ffad9f24d63	224	Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8	1:5ffad9f24d63	225	Payload:
ccli8	1:5ffad9f24d63	226	{"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1514962195},"attribute2":{"timestamp":1514962195}}},"version":77,"timestamp":1514962195}
ccli8	1:5ffad9f24d63	227
ccli8	1:5ffad9f24d63	228	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK
ccli8	1:5ffad9f24d63	229	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK
ccli8	1:5ffad9f24d63	230	Subscribes/publishes UpdateThingShadow topic OK
ccli8	1:5ffad9f24d63	231
ccli8	1:5ffad9f24d63	232	Subscribing/publishing GetThingShadow topic
ccli8	1:5ffad9f24d63	233	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK
ccli8	1:5ffad9f24d63	234	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK
ccli8	1:5ffad9f24d63	235	Message to publish:
ccli8	1:5ffad9f24d63	236
ccli8	1:5ffad9f24d63	237	MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/get OK
ccli8	1:5ffad9f24d63	238	Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8	1:5ffad9f24d63	239	Payload:
ccli8	1:5ffad9f24d63	240	{"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1514962195},"attribute2":{"timestamp":1514962195}}},"version":77,"timestamp":1514962198}
ccli8	1:5ffad9f24d63	241
ccli8	1:5ffad9f24d63	242	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK
ccli8	1:5ffad9f24d63	243	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK
ccli8	1:5ffad9f24d63	244	Subscribes/publishes GetThingShadow topic OK
ccli8	1:5ffad9f24d63	245
ccli8	1:5ffad9f24d63	246	Subscribing/publishing DeleteThingShadow topic
ccli8	1:5ffad9f24d63	247	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK
ccli8	1:5ffad9f24d63	248	MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK
ccli8	1:5ffad9f24d63	249	Message to publish:
ccli8	1:5ffad9f24d63	250
ccli8	1:5ffad9f24d63	251	MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/delete OK
ccli8	1:5ffad9f24d63	252	Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8	1:5ffad9f24d63	253	Payload:
ccli8	1:5ffad9f24d63	254	{"version":77,"timestamp":1514962202}
ccli8	1:5ffad9f24d63	255
ccli8	1:5ffad9f24d63	256	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK
ccli8	1:5ffad9f24d63	257	MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK
ccli8	1:5ffad9f24d63	258	Subscribes/publishes DeleteThingShadow topic OK
ccli8	1:5ffad9f24d63	259
ccli8	1:5ffad9f24d63	260	MQTT disconnects OK
ccli8	1:5ffad9f24d63	261	</pre>
ccli8	1:5ffad9f24d63	262
ccli8	1:5ffad9f24d63	263	Dynamic memory footprint (heap) is output below.
ccli8	1:5ffad9f24d63	264	Static memory footprint (global/stack) could be obtained by inspecting MAP file.
ccli8	1:5ffad9f24d63	265	You could get total memory footprint by adding these two together.
ccli8	1:5ffad9f24d63	266	<pre>
ccli8	1:5ffad9f24d63	267	Current heap size: 1351
ccli8	1:5ffad9f24d63	268	Max heap size: 63022
ccli8	1:5ffad9f24d63	269	</pre>
ccli8	5:2a70e217325f	270
ccli8	5:2a70e217325f	271	## Trouble-shooting
ccli8	5:2a70e217325f	272	- Over ESP8266 WiFi,
ccli8	5:2a70e217325f	273	if you make a loop test like below (`main.cpp`), you may always meet errors in the following loops
ccli8	5:2a70e217325f	274	after some network error has happened in the previous one.
ccli8	5:2a70e217325f	275	<pre>
ccli8	5:2a70e217325f	276	<b>while (true) {</b>
ccli8	5:2a70e217325f	277	#if AWS_IOT_MQTT_TEST
ccli8	5:2a70e217325f	278	AWS_IoT_MQTT_Test *mqtt_test = new AWS_IoT_MQTT_Test(AWS_IOT_MQTT_SERVER_NAME, AWS_IOT_MQTT_SERVER_PORT, network);
ccli8	5:2a70e217325f	279	mqtt_test->start_test();
ccli8	5:2a70e217325f	280	delete mqtt_test;
ccli8	5:2a70e217325f	281	#endif // End of AWS_IOT_MQTT_TEST
ccli8	5:2a70e217325f	282
ccli8	5:2a70e217325f	283	#if AWS_IOT_HTTPS_TEST
ccli8	5:2a70e217325f	284	AWS_IoT_HTTPS_Test *https_test = new AWS_IoT_HTTPS_Test(AWS_IOT_HTTPS_SERVER_NAME, AWS_IOT_HTTPS_SERVER_PORT, network);
ccli8	5:2a70e217325f	285	https_test->start_test();
ccli8	5:2a70e217325f	286	delete https_test;
ccli8	5:2a70e217325f	287	#endif // End of AWS_IOT_HTTPS_TEST
ccli8	5:2a70e217325f	288	<b>}</b>
ccli8	5:2a70e217325f	289	</pre>
ccli8	5:2a70e217325f	290	This issue would be caused by failure of ESP8266 AT commands CLOSE/DISCONNECT
ccli8	5:2a70e217325f	291	because ESP8266 F/W is still busy in handling previous unfinished network transfer
ccli8	5:2a70e217325f	292	due to bad network status and fails these commands.
ccli8	5:2a70e217325f	293	These commands must be OK for ESP8266 F/W to reset connection state correctly.
ccli8	5:2a70e217325f	294	If that happens, try enlarging [ESP8266 driver's](https://github.com/ARMmbed/esp8266-driver) timeout configuration.
ccli8	6:7ef096085ca7	295	For example, enlarge `ESP8266_SEND_TIMEOUT`/`ESP8266_RECV_TIMEOUT`/`ESP8266_MISC_TIMEOUT` (defined in
ccli8	6:7ef096085ca7	296	[ESP8266Interface.cpp](https://github.com/ARMmbed/esp8266-driver/blob/master/ESP8266Interface.cpp))
ccli8	6:7ef096085ca7	297	to 5000/5000/5000 ms respectively (through `mbed_app.json`).
ccli8	5:2a70e217325f	298	<pre>
ccli8	5:2a70e217325f	299	{
ccli8	5:2a70e217325f	300	"macros": [
ccli8	5:2a70e217325f	301	"MBED_CONF_APP_MAIN_STACK_SIZE=4096",
ccli8	5:2a70e217325f	302	"MBEDTLS_USER_CONFIG_FILE=\"mbedtls_user_config.h\"",
ccli8	5:2a70e217325f	303	"MBED_HEAP_STATS_ENABLED=1",
ccli8	5:2a70e217325f	304	"MBED_MEM_TRACING_ENABLED=1",
ccli8	6:7ef096085ca7	305	<b>"ESP8266_SEND_TIMEOUT=5000",</b>
ccli8	6:7ef096085ca7	306	<b>"ESP8266_RECV_TIMEOUT=5000",</b>
ccli8	5:2a70e217325f	307	<b>"ESP8266_MISC_TIMEOUT=5000"</b>
ccli8	5:2a70e217325f	308	],
ccli8	5:2a70e217325f	309	"config": {
ccli8	26:e5cfc2628e84	310	</pre>
ccli8	26:e5cfc2628e84	311
ccli8	26:e5cfc2628e84	312	- Reduce memory footprint according to RFC 6066 TLS extension
ccli8	26:e5cfc2628e84	313	`MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` determine the sizes of incoming/outgoing TLS I/O buffers.
ccli8	26:e5cfc2628e84	314	We reduce the sizes by default according to RFC 6066:
ccli8	26:e5cfc2628e84	315	1. Enable RFC 6066 max_fragment_length extension.
ccli8	26:e5cfc2628e84	316	1. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB.
ccli8	26:e5cfc2628e84	317
ccli8	26:e5cfc2628e84	318	But this approach is risky because:
ccli8	26:e5cfc2628e84	319	1. AWS IoT doesn't support RFC 6066 TLS extension yet.
ccli8	26:e5cfc2628e84	320	1. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB.
ccli8	26:e5cfc2628e84	321
ccli8	26:e5cfc2628e84	322	If you doubt your trouble is caused by this configuration, disable it by:
ccli8	26:e5cfc2628e84	323	1. Remove the line `my-tlssocket.tls-max-frag-len` in `mbed_app.json`.
ccli8	26:e5cfc2628e84	324	```json
ccli8	26:e5cfc2628e84	325	"NUMAKER_PFM_NUC472": {
ccli8	26:e5cfc2628e84	326	"target.network-default-interface-type" : "ETHERNET",
ccli8	26:e5cfc2628e84	327	"target.macros_add": [
ccli8	26:e5cfc2628e84	328	"ESP8266_AT_SEL=ESP8266_AT_EXTERN"
ccli8	26:e5cfc2628e84	329	]
ccli8	26:e5cfc2628e84	330	},
ccli8	26:e5cfc2628e84	331	```
ccli8	26:e5cfc2628e84	332	1. Comment out `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` in `mbedtls_user_config.h`.
ccli8	26:e5cfc2628e84	333	This will change back to 16KiB/16KiB.

Repository toolbox

Export to desktop IDE

Build repository

Repository details

Type:	Program
Mbed OS support:	Mbed OS
Created:	01 Dec 2020
Imports:	5
Forks:	0
Commits:	41
Dependents:	0
Dependencies:	1
Followers:	1

README.md@26:e5cfc2628e84, 2019-04-15 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning