Handshake failed in the MQTT TLS_Connect function

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Handshake failed in the MQTT TLS_Connect function

9,000 Views
stanley1
Contributor I

I ran the lpc54018iotmodule_aws_led_wifi_qspi_xip Debug operation using the MCUXpresso IDE and obtained the following console messages:

0 112 [Tmr Svc] Write certificate...
1 228 [Tmr Svc] Write device private key...
2 653 [Tmr Svc] Starting WiFi...
3 2334 [Tmr Svc] WiFi module initialized.
4 4518 [Tmr Svc] WiFi connected to AP Jay's iPhone.
5 4518 [Tmr Svc] IP Address acquired 172.20.10.12
6 4528 [AWS-LED] [Shadow 0] MQTT: Creation of dedicated MQTT client succeeded.
7 4937 [MQTT] Looked up ao7olopx06fc3-ats.iot.us-west-2.amazonaws.com as 52.38.70.168
8 22331 [MQTT] ERROR: Handshake failed with error code -1
9 22398 [AWS-LED] [Shadow 0] MQTT: Connect failed.
10 22400 [AWS-LED] Shadow_ClientConnect unsuccessful, returned 2.
11 22402 [AWS-LED] Failed to initialize, stopping demo.

I configured the IoT device in the AWS IoT Console in obtaining the certificate and private key, as well as the endpoint and IoT_Thing_Name. These are updated in the 'aws_clientcrdential_keys.h' and 'aws_clientcredential.h' files.

The handshake error occurs inside the 'mbedtls_ssl_handshake'  within the TLS_Connect function. Any idea for what causing this handshake problem? Appreciate your valuable input!

SL

Labels (1)
0 Kudos
Reply
6 Replies

8,561 Views
Sabina_Bruce
NXP Employee
NXP Employee

Hi Stanley,

Can you please confirm what version of MCUXpresso and the version of the SDK as well please.

Also what console are using to debug the example, the semihosting or uart? I ask this because the semihosting causes strange behavior in the application. You can check to see if this is the issue by flashing the application, stop the debug session and reset the board by disconnecting and connecting it again. Wait a minute or two while it connects then open your thing's shadow in the IoT Console.

You can find it under Services >> IoT Core >> Manage >> "yourThing" >> Shadow

If it is properly connecting you see the inital status of your shadow, as shown below:

pastedImage_1.png

If you see this then you can verify its functionality by manually editing the shadow state and change the "desired" Ledstate you will see the led turn on and off by doing this.

If you dont see this and it says something like this thing doesn't have a shadow then can you please show me what your thing's policy looks like as well as the aws_clientcredential_keys.h.

Please note: for your own security you can blur out or put x's at the beginning of your endpoint xxxxxxxxxxxx-ats.iot.us-west-2.amazonaws.com. You can also blur your key credentials the actual numbers are not important to me, but I would need to see how they are defined.

Best Regards,

Sabina

0 Kudos
Reply

8,561 Views
stanley1
Contributor I

Hello Sabrina,

MCUXpresso: version 11.0.0_2516

SDK:               version 2.6.0

The console displaying the messages is the one within the MCUXpresso IDE, not the UART

Under Services >> IoT Core >> Manage >> "yourThing" >> Shadow, it shows:

Shadow state:

   { }

I had the following Notification messages:

Mqtt connection lost. Reconnect. Error code: 8. AMQJS0008I Socket closed

Failed, please try again later.

Below is the policy document:

pastedImage_3.png

The 'aws_clientcrdential_keys.h' is also attached.

Many thanks for your help on this issue!

Best regards,

SL

0 Kudos
Reply

8,561 Views
Sabina_Bruce
NXP Employee
NXP Employee

Hi Stanley,

I've replicated the example with the same version you are using and had no problem. 

So here is a couple of things to try as its possible something was not copied to project correctly.This is assuming you have made no other changes in the example than the two files you mentioned 'aws_clientcredential_keys.h' and 'aws_clientcredential.h'.

So double check the following:

In 'aws_clientcredential.h', make sure thay these four match exactly with your thing's endpoint and name, as well as your internet credentials.

pastedImage_4.png

pastedImage_2.png

In the  'aws_clientcredential_keys.h':

Download the keys again and copy them to the file. 

First detach the current one.

pastedImage_9.png

Next click on creat certificate and download "A certificate for this thing" and "a private key" and click on activate.

pastedImage_11.png

Then "Attach a policy" & copy each key to the file again.

Last, I'd recommend to change the console to UART as I mentioned before the semihosting causes issues in the behavior. You can do this by selecting the example and in the Quickstart panel >> Quick Settings >> SDK Debug Console >> UART

pastedImage_13.png

Please try this and open your thing's shadow again, refresh the page if you still see the open brackets as you mentioned, to see if it changes. 

Let me know the results.

Best Regards,

Sabina

8,561 Views
stanley1
Contributor I

Hello Sabina,

Wonderful! After creating a new set of certificate/key and update on the file, it works now.

Also no matter running on the semihosting or uart, it still works fine.

Really appreciate your great help!

Sincerely,

SL

0 Kudos
Reply

8,561 Views
Sabina_Bruce
NXP Employee
NXP Employee

Hi Stanley,

I'm glad it worked out, if you have any other questions down the line I'll be more than happy to help.

Have a great day!

Sabina

0 Kudos
Reply

7,572 Views
Ritesht007
Contributor I

Hi ,

facing some issues related to shadow ENET example on IMXRT1170.

1) credentials intialise properly and it works.

2) packet publish and subscribe also works .

but if i want to send a data in loop( 1 to 360) over aws cloud .then the program gets stuck and failed .

means terminal not display any error or log message.

In attached file you can find that in line no  258 its got stuck...

please let us know what could be the reason for failure or stuck.

Tags (1)
0 Kudos
Reply