cancel
Showing results for 
Search instead for 
Did you mean: 

WICED Studio Wi-Fi Combo

Anonymous
Not applicable

Hello to all Cypress' ninjas!

Can you please help me establish a secure connection to Azure's IoT Hub?

I am using the secure_mqtt example application from the latest WICED 5.2 SDK.

With some fiddling around I managed to get the mbedTLS' debug messages.

I am attaching the TLS handshake.

The debug level threshold is set to 3.

As you will see, the handshake breaks at state 7.

At that point, there is a precise data bus error, with the offending instruction being at ssl.tls.c:4278 ( n = crt->raw.len; )

Message was edited by: Konstantinos Sotiropoulos

0 Likes
Reply
1 Solution
Moderator
Moderator

The issue has been taken care in WICED SDK 6.1. The device is able to establish connection without providing client certificate also.

I hope this helps. Sorry for the inconvinience caused.

View solution in original post

3 Replies
Moderator
Moderator

Hello,

There are two reasons because of which your application is not working. First, the certificates in the resources/azure_iot_hub which are accessed by the application expired on 30th sept 2017. The certificates are renewed in 6.0 and so you shouldn't see the problem now. In the log you have provided, the certificate doesn't seem to be the issue as they are valid until December.

Secondly, you are getting an error in state 7:  Write MBEDTLS_SSL_CLIENT_CERTIFICATE. You need to add the code to access client certificate and privkey certificate.

resource_get_readonly_buffer( &resources_apps_DIR_secure_mqtt_DIR_client_cer, 0, MQTT_MAX_RESOURCE_SIZE, &size_out, (const void **) &security.cert );

resource_get_readonly_buffer( &resources_apps_DIR_secure_mqtt_DIR_privkey_cer, 0, MQTT_MAX_RESOURCE_SIZE, &size_out, (const void **) &security.key );

Also I will recommend you to go through MQTT with Microsoft Azure​. This has an application pub_sub_azure which communicates with Azure using MQTT.

Anonymous
Not applicable

But I am not using a client certificate. From a standards perspective, the server can request it but a client doesn't have to provide it.

This is a relevant issue: ssl_handshake_client_async freeze at state SSL_CLIENT_CERTIFICATE

However, the workaround is not applicable anymore.

Moderator
Moderator

The issue has been taken care in WICED SDK 6.1. The device is able to establish connection without providing client certificate also.

I hope this helps. Sorry for the inconvinience caused.

View solution in original post