Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hi,
- I recently started working on mbedtls for AWS IoT SDK based applications.
- Issue: I am planning to run AWS IoT SDK sample applications on my memory constrained (6MB RAM) embedded hardware
- Usage: AWS IOT SDK(3.0.1 release version) and mbedtls (2.16.5)
- Note: This filesystem is Read-Only file system.
- I have tried on Ubuntu 18.04 setup first to make things clear. It was not working with "AmazonRootCA1.pem" and working perfectly fine with cross-signed "G2-RootCA1.pem".
- Ref: https://docs.aws.amazon.com/iot/latest/developerguide/iot-embedded-c-sdk.html
- So I have cross-compiled for my target board using ARM toolchain and copied the binary and certificates.
- I have downloaded device certificate, private key and RootCA from AWS IOT Core to my device. Nothing on
- my device except copying the above 3 files.
- On my Embedded platform, whenever run my application, mbedtls is throwing the error "mbedtls_ssl_handshake returned -0x50"
- So I have enabled the debug in mbedtls library and ran below command to dig into the problem.
- $ ./ssl_client2 server_name=a2g7twmqo7hg82-ats.iot.ap-south-1.amazonaws.com serv
- er_port=443 ca_file=/certs/G2-RootCA1.pem crt_file=/certs/4960bd2f6b-certificate
- .pem.crt key_file=/certs/4960bd2f6b-private.pem.key
- Output:
- $ ./ssl_client2 server_name=a2g7twmqo7hg82-ats.iot.ap-south-1.amazonaws.com serv
- er_port=443 ca_file=/certs/G2-RootCA1.pem crt_file=/certs/4960bd2f6b-certificate
- .pem.crt key_file=/certs/4960bd2f6b-private.pem.key
- . Seeding the random number generator... ok
- . Loading the CA root certificate ... ok (0 skipped)
- . Loading the client cert. and key... ok
- . Connecting to tcp/a2g7twmqo7hg82-ats.iot.ap-south-1.amazonaws.com/443... ok
- . Setting up the SSL/TLS structure...ssl_tls.c:0081: |3| set_timer to 0 ms
- ok
- . Performing the SSL/TLS handshake...ssl_tls.c:8084: |2| => handshake
- ssl_cli.c:3510: |2| client state: 0
- ssl_tls.c:2755: |2| => flush output
- ssl_tls.c:2767: |2| <= flush output
- ssl_cli.c:3510: |2| client state: 1
- ssl_tls.c:2755: |2| => flush output
- ssl_tls.c:2767: |2| <= flush output
- ssl_cli.c:0774: |2| => write client hello
- ssl_cli.c:0811: |3| client hello, max version: [3:3]
- ssl_cli.c:0703: |3| client hello, current time: 1540981791
- ssl_cli.c:0821: |3| dumping 'client hello, random bytes' (32 bytes)
- ssl_cli.c:0821: |3| 0000: 5b d9 84 1f 2f 33 35 54 ea 0b 5d e1 dc 42 0c 99 [.../35T..]..B..
- ssl_cli.c:0821: |3| 0010: d4 a1 25 72 6f 0f cf 8e 56 0d ab f5 10 e4 47 46 ..%ro...V.....GF
- ssl_cli.c:0874: |3| client hello, session id len.: 0
- ssl_cli.c:0875: |3| dumping 'client hello, session id' (0 bytes)
- ssl_cli.c:0921: |3| client hello, add ciphersuite: cca8
- ssl_cli.c:0921: |3| client hello, add ciphersuite: cca9
- ssl_cli.c:0921: |3| client hello, add ciphersuite: ccaa
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c02c
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c030
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 009f
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0ad
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c09f
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c024
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c028
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 006b
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c00a
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c014
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0039
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0af
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a3
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c087
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c08b
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c07d
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c073
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c077
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00c4
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0088
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c02b
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c02f
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 009e
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0ac
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c09e
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c023
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c027
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0067
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c009
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c013
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0033
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0ae
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a2
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c086
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c08a
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c07c
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c072
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c076
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00be
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0045
- ssl_cli.c:0921: |3| client hello, add ciphersuite: ccac
- ssl_cli.c:0921: |3| client hello, add ciphersuite: ccad
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00ab
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a7
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c038
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00b3
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c036
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0091
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c091
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c09b
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c097
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0ab
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00aa
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a6
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c037
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00b2
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c035
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0090
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c090
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c096
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c09a
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0aa
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 009d
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c09d
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 003d
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0035
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c032
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c02a
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c00f
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c02e
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c026
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c005
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a1
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c07b
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00c0
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0084
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c08d
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c079
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c089
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c075
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 009c
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c09c
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 003c
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 002f
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c031
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c029
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c00e
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c02d
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c025
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c004
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a0
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c07a
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00ba
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0041
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c08c
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c078
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c088
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c074
- ssl_cli.c:0921: |3| client hello, add ciphersuite: ccae
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00ad
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00b7
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0095
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c093
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c099
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00ac
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00b6
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 0094
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c092
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c098
- ssl_cli.c:0921: |3| client hello, add ciphersuite: ccab
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00a9
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a5
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00af
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 008d
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c08f
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c095
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a9
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00a8
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a4
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 00ae
- ssl_cli.c:0921: |3| client hello, add ciphersuite: 008c
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c08e
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c094
- ssl_cli.c:0921: |3| client hello, add ciphersuite: c0a8
- ssl_cli.c:0934: |3| client hello, got 127 ciphersuites (excluding SCSVs)
- ssl_cli.c:0943: |3| adding EMPTY_RENEGOTIATION_INFO_SCSV
- ssl_cli.c:0992: |3| client hello, compress len.: 1
- ssl_cli.c:0993: |3| client hello, compress alg.: 0
- ssl_cli.c:0068: |3| client hello, adding server name extension: a2g7twmqo7hg82-ats.iot.ap-south-1.amazonaws.com
- ssl_cli.c:0186: |3| client hello, adding signature_algorithms extension
- ssl_cli.c:0271: |3| client hello, adding supported_elliptic_curves extension
- ssl_cli.c:0336: |3| client hello, adding supported_point_formats extension
- ssl_cli.c:0517: |3| client hello, adding encrypt_then_mac extension
- ssl_cli.c:0551: |3| client hello, adding extended_master_secret extension
- ssl_cli.c:0585: |3| client hello, adding session ticket extension
- ssl_cli.c:1070: |3| client hello, total extension length: 128
- ssl_tls.c:3184: |2| => write handshake message
- ssl_tls.c:3343: |2| => write record
- ssl_tls.c:3420: |3| output record: msgtype = 22, version = [3:1], msglen = 429
- ssl_tls.c:3425: |4| dumping 'output record sent to network' (434 bytes)
- ssl_tls.c:3425: |4| 0000: 16 03 01 01 ad 01 00 01 a9 03 03 5b d9 84 1f 2f ...........[.../
- ssl_tls.c:3425: |4| 0010: 33 35 54 ea 0b 5d e1 dc 42 0c 99 d4 a1 25 72 6f 35T..]..B....%ro
- ssl_tls.c:3425: |4| 0020: 0f cf 8e 56 0d ab f5 10 e4 47 46 00 01 00 cc a8 ...V.....GF.....
- ssl_tls.c:3425: |4| 0030: cc a9 cc aa c0 2c c0 30 00 9f c0 ad c0 9f c0 24 .....,.0.......$
- ssl_tls.c:3425: |4| 0040: c0 28 00 6b c0 0a c0 14 00 39 c0 af c0 a3 c0 87 .(.k.....9......
- ssl_tls.c:3425: |4| 0050: c0 8b c0 7d c0 73 c0 77 00 c4 00 88 c0 2b c0 2f ...}.s.w.....+./
- ssl_tls.c:3425: |4| 0060: 00 9e c0 ac c0 9e c0 23 c0 27 00 67 c0 09 c0 13 .......#.'.g....
- ssl_tls.c:3425: |4| 0070: 00 33 c0 ae c0 a2 c0 86 c0 8a c0 7c c0 72 c0 76 .3.........|.r.v
- ssl_tls.c:3425: |4| 0080: 00 be 00 45 cc ac cc ad 00 ab c0 a7 c0 38 00 b3 ...E.........8..
- ssl_tls.c:3425: |4| 0090: c0 36 00 91 c0 91 c0 9b c0 97 c0 ab 00 aa c0 a6 .6..............
- ssl_tls.c:3425: |4| 00a0: c0 37 00 b2 c0 35 00 90 c0 90 c0 96 c0 9a c0 aa .7...5..........
- ssl_tls.c:3425: |4| 00b0: 00 9d c0 9d 00 3d 00 35 c0 32 c0 2a c0 0f c0 2e .....=.5.2.*....
- ssl_tls.c:3425: |4| 00c0: c0 26 c0 05 c0 a1 c0 7b 00 c0 00 84 c0 8d c0 79 .&.....{.......y
- ssl_tls.c:3425: |4| 00d0: c0 89 c0 75 00 9c c0 9c 00 3c 00 2f c0 31 c0 29 ...u.....<./.1.)
- ssl_tls.c:3425: |4| 00e0: c0 0e c0 2d c0 25 c0 04 c0 a0 c0 7a 00 ba 00 41 ...-.%.....z...A
- ssl_tls.c:3425: |4| 00f0: c0 8c c0 78 c0 88 c0 74 cc ae 00 ad 00 b7 00 95 ...x...t........
- ssl_tls.c:3425: |4| 0100: c0 93 c0 99 00 ac 00 b6 00 94 c0 92 c0 98 cc ab ................
- ssl_tls.c:3425: |4| 0110: 00 a9 c0 a5 00 af 00 8d c0 8f c0 95 c0 a9 00 a8 ................
- ssl_tls.c:3425: |4| 0120: c0 a4 00 ae 00 8c c0 8e c0 94 c0 a8 00 ff 01 00 ................
- ssl_tls.c:3425: |4| 0130: 00 80 00 00 00 34 00 32 00 00 2f 61 32 67 37 74 .....4.2../a2g7t
- ssl_tls.c:3425: |4| 0140: 77 6d 71 6f 37 68 67 38 32 2d 61 74 73 2e 69 6f wmqo7hg82-ats.io
- ssl_tls.c:3425: |4| 0150: 74 2e 61 70 2d 73 6f 75 74 68 2d 31 2e 61 6d 61 t.ap-south-1.ama
- ssl_tls.c:3425: |4| 0160: 7a 6f 6e 61 77 73 2e 63 6f 6d 00 0d 00 16 00 14 zonaws.com......
- ssl_tls.c:3425: |4| 0170: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................
- ssl_tls.c:3425: |4| 0180: 02 03 02 01 00 0a 00 18 00 16 00 19 00 1c 00 18 ................
- ssl_tls.c:3425: |4| 0190: 00 1b 00 17 00 16 00 1a 00 15 00 14 00 13 00 12 ................
- ssl_tls.c:3425: |4| 01a0: 00 0b 00 02 01 00 00 16 00 00 00 17 00 00 00 23 ...............#
- ssl_tls.c:3425: |4| 01b0: 00 00 ..
- ssl_tls.c:2755: |2| => flush output
- ssl_tls.c:2773: |2| message length: 434, out_left: 434
- ssl_tls.c:2779: |2| ssl->f_send() returned 434 (-0xfffffe4e)
- ssl_tls.c:2807: |2| <= flush output
- ssl_tls.c:3476: |2| <= write record
- ssl_tls.c:3320: |2| <= write handshake message
- ssl_cli.c:1106: |2| <= write client hello
- ssl_cli.c:3510: |2| client state: 2
- ssl_tls.c:2755: |2| => flush output
- ssl_tls.c:2767: |2| <= flush output
- ssl_cli.c:1499: |2| => parse server hello
- ssl_tls.c:4311: |2| => read record
- ssl_tls.c:2536: |2| => fetch input
- ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
- ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
- ssl_tls.c:2722: |2| ssl->f_recv(_timeout)() returned -80 (-0x0050)
- ssl_tls.c:4973: |1| mbedtls_ssl_fetch_input() returned -80 (-0x0050)
- ssl_tls.c:4344: |1| ssl_get_next_record() returned -80 (-0x0050)
- ssl_cli.c:1506: |1| mbedtls_ssl_read_record() returned -80 (-0x0050)
- ssl_tls.c:8094: |2| <= handshake
- failed
- ! mbedtls_ssl_handshake returned -0x50
- Last error was: -0x50 - NET - Connection was reset by peer
- ssl_tls.c:8934: |2| => free
- ssl_tls.c:8999: |2| <= free
- I request you to help me in resolving this issue.
- Thanks in advance,
- Srinivas.
Add Comment
Please, Sign In to add comment