Handshake failed in the MQTT TLS_Connect function

cancel
Showing results for 
Search instead for 
Did you mean: 

Handshake failed in the MQTT TLS_Connect function

480 Views
Contributor I

I ran the lpc54018iotmodule_aws_led_wifi_qspi_xip Debug operation using the MCUXpresso IDE and obtained the following console messages:

0 112 [Tmr Svc] Write certificate...
1 228 [Tmr Svc] Write device private key...
2 653 [Tmr Svc] Starting WiFi...
3 2334 [Tmr Svc] WiFi module initialized.
4 4518 [Tmr Svc] WiFi connected to AP Jay's iPhone.
5 4518 [Tmr Svc] IP Address acquired 172.20.10.12
6 4528 [AWS-LED] [Shadow 0] MQTT: Creation of dedicated MQTT client succeeded.
7 4937 [MQTT] Looked up ao7olopx06fc3-ats.iot.us-west-2.amazonaws.com as 52.38.70.168
8 22331 [MQTT] ERROR: Handshake failed with error code -1
9 22398 [AWS-LED] [Shadow 0] MQTT: Connect failed.
10 22400 [AWS-LED] Shadow_ClientConnect unsuccessful, returned 2.
11 22402 [AWS-LED] Failed to initialize, stopping demo.

I configured the IoT device in the AWS IoT Console in obtaining the certificate and private key, as well as the endpoint and IoT_Thing_Name. These are updated in the 'aws_clientcrdential_keys.h' and 'aws_clientcredential.h' files.

The handshake error occurs inside the 'mbedtls_ssl_handshake'  within the TLS_Connect function. Any idea for what causing this handshake problem? Appreciate your valuable input!

SL

Labels (1)
0 Kudos
5 Replies

40 Views
NXP TechSupport
NXP TechSupport

Hi Stanley,

Can you please confirm what version of MCUXpresso and the version of the SDK as well please.

Also what console are using to debug the example, the semihosting or uart? I ask this because the semihosting causes strange behavior in the application. You can check to see if this is the issue by flashing the application, stop the debug session and reset the board by disconnecting and connecting it again. Wait a minute or two while it connects then open your thing's shadow in the IoT Console.

You can find it under Services >> IoT Core >> Manage >> "yourThing" >> Shadow

If it is properly connecting you see the inital status of your shadow, as shown below:

pastedImage_1.png

If you see this then you can verify its functionality by manually editing the shadow state and change the "desired" Ledstate you will see the led turn on and off by doing this.

If you dont see this and it says something like this thing doesn't have a shadow then can you please show me what your thing's policy looks like as well as the aws_clientcredential_keys.h.

Please note: for your own security you can blur out or put x's at the beginning of your endpoint xxxxxxxxxxxx-ats.iot.us-west-2.amazonaws.com. You can also blur your key credentials the actual numbers are not important to me, but I would need to see how they are defined.

Best Regards,

Sabina

0 Kudos

40 Views
Contributor I

Hello Sabrina,

MCUXpresso: version 11.0.0_2516

SDK:               version 2.6.0

The console displaying the messages is the one within the MCUXpresso IDE, not the UART

Under Services >> IoT Core >> Manage >> "yourThing" >> Shadow, it shows:

Shadow state:

   { }

I had the following Notification messages:

Mqtt connection lost. Reconnect. Error code: 8. AMQJS0008I Socket closed

Failed, please try again later.

Below is the policy document:

pastedImage_3.png

The 'aws_clientcrdential_keys.h' is also attached.

Many thanks for your help on this issue!

Best regards,

SL

0 Kudos

40 Views
NXP TechSupport
NXP TechSupport

Hi Stanley,

I've replicated the example with the same version you are using and had no problem. 

So here is a couple of things to try as its possible something was not copied to project correctly.This is assuming you have made no other changes in the example than the two files you mentioned 'aws_clientcredential_keys.h' and 'aws_clientcredential.h'.

So double check the following:

In 'aws_clientcredential.h', make sure thay these four match exactly with your thing's endpoint and name, as well as your internet credentials.

pastedImage_4.png

pastedImage_2.png

In the  'aws_clientcredential_keys.h':

Download the keys again and copy them to the file. 

First detach the current one.

pastedImage_9.png

Next click on creat certificate and download "A certificate for this thing" and "a private key" and click on activate.

pastedImage_11.png

Then "Attach a policy" & copy each key to the file again.

Last, I'd recommend to change the console to UART as I mentioned before the semihosting causes issues in the behavior. You can do this by selecting the example and in the Quickstart panel >> Quick Settings >> SDK Debug Console >> UART

pastedImage_13.png

Please try this and open your thing's shadow again, refresh the page if you still see the open brackets as you mentioned, to see if it changes. 

Let me know the results.

Best Regards,

Sabina

40 Views
Contributor I

Hello Sabina,

Wonderful! After creating a new set of certificate/key and update on the file, it works now.

Also no matter running on the semihosting or uart, it still works fine.

Really appreciate your great help!

Sincerely,

SL

0 Kudos

40 Views
NXP TechSupport
NXP TechSupport

Hi Stanley,

I'm glad it worked out, if you have any other questions down the line I'll be more than happy to help.

Have a great day!

Sabina

0 Kudos