'MQTT can`t connect to backend AWS IoT core

UPDATED: I am trying to connect to a backend (AWS IoT Core) as I am using a small wp77 with a busybox image running. When using the 8883 port the connection times out, so I have changed to port 443 and I can connect to the backend, still, the socket gets closed after three attempts. This is the log readout from my app:

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttMain[2717] | DSC connected... starting MQTT connection

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttMain[2717] |

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttMain[2717] |

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttMain[2717]/mqttCliSvrComponent T=main | mqttCliSvr.c DcsStateHandler() 317 | rmnet_data0 connected! Starting MQTT session

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120]/mqttClientApiComponent T=main | mqttClientApi.c mqttClient_StartSession() 452 | StartSession called

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120]/mqttClientApiComponent T=main | mqttClientApi.c mqttClient_StartSession() 455 | mqttClientPts NOT NULL

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120] | mqtt_StartSession... connecting...

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120] | . Seeding the random number generator... ok

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120] | . Loading the CA root certificate ... load certs from certs ok (0 skipped)

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120] | . Loading the client certificate... /home/root/aws-iot/xxxxxx-certificate.pem.crt ok

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120] | . Loading the client private key... /home/root/aws-iot/xxxxxx-private.pem.key ok

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120] | . Connecting to tcp/xxxxxx-ats.iot.ap-southeast-1.amazonaws.com/443...

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120] | ok

Aug 14 03:29:13 fx30s user.info Legato: INFO | mqttClient[1120] | . Setting up the TLS structure... ok

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | . Performing the TLS handshake... ok

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | [ Protocol is TLSv1.2 ]

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | [ Ciphersuite is TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 ]

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | . Verifying peer X.509 certificate... ok

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | clientId : FX30S

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | username :

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | Attempting (1/3) to connect to tcp://xxxxxx-ats.iot.ap-southeast-1.amazonaws.com:443...

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | Check connection options.

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | MQTT serialize connection.

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | MQTT send packet.

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | bytes sent: 31

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | total bytes sent: 31 of 31

Aug 14 03:29:15 fx30s user.info Legato: INFO | mqttClient[1120] | MQTT waiting for CONNACK

Aug 14 03:29:20 fx30s user.info Legato: INFO | mqttClient[1120] | MQTT is now exiting with -1

Aug 14 03:29:20 fx30s user.info Legato: INFO | mqttClient[1120] | Failed

Aug 14 03:29:20 fx30s user.info Legato: INFO | mqttClient[1120] | tlsSocket_close 1

And this is the code, something I have taken from github and just testing on my device...

int MQTTConnect(Client* c, MQTTPacket_connectData* options)
{
    Timer connect_timer;
    int rc = FAILURE;
    MQTTPacket_connectData default_options = MQTTPacket_connectData_initializer;
    int len = 0;
    
    InitTimer(&connect_timer);
    countdown_ms(&connect_timer, c->command_timeout_ms);

    if (c->isconnected) // don't send connect packet again if we are already connected
        goto exit;

    fprintf(stdout, "Check connection options.");
    fflush(stdout);

    if (options == 0)
    {
        fprintf(stdout, "MQTTConnect Set default options...");
        fflush(stdout);
        options = &default_options; // set default options if none were supplied
    }
    
    c->keepAliveInterval = options->keepAliveInterval;
    countdown(&c->ping_timer, c->keepAliveInterval);
    fprintf(stdout, "MQTT serialize connection.");
    fflush(stdout);
    if ((len = MQTTSerialize_connect(c->buf, c->buf_size, options)) <= )
        goto exit;

    #if 0
    {
        int i;
        for (i=0; i<len; i++)
        {
            fprintf(stdout, "%.2x", c->buf[i]);
        }
        fprintf(stdout, "\n");
        fflush(stdout);

        fprintf(stdout, "\n%.*s\n", len, c->buf);
        fflush(stdout);
    }
    #endif

    fprintf(stdout, "MQTT send packet.");
    fflush(stdout);
    if ((rc = sendPacket(c, len, &connect_timer)) != SUCCESS)  // send the connect packet
        goto exit; // there was a problem
    
    // this will be a blocking call, wait for the connack
    fprintf(stdout, "MQTT waiting for CONNACK");
    fflush(stdout);
    if (waitfor(c, CONNACK, &connect_timer) == CONNACK)
    {
        unsigned char connack_rc = 255;
        char sessionPresent = 0;
        if (MQTTDeserialize_connack((unsigned char*)&sessionPresent, &connack_rc, c->readbuf, c->readbuf_size) == 1)
            rc = connack_rc;
        else
            rc = FAILURE;
    }
    else
        rc = FAILURE;
exit:
    fprintf(stdout, "MQTT is now exiting with %d", rc );
    fflush(stdout);  
    if (rc == SUCCESS)
    //if (SUCCESS == SUCCESS)
        c->isconnected = 1;
    return rc;
    //return SUCCESS;
}

For some reason the backend doesn`t confirm the connection with a CONNACK and this is the reason why this fails. AWS specify to use APLN when connecting to the backend through port 443 so I was wondering if this is the problem and how I can specify this protocol for tls on paho.mqtt.c (I know there is a solution for python!!).

Thank you for your help.

mqttiotmbedtlslegato


Solution 1:[1]

Yes, since port 443 is typically used for HTTPS you must use ALPN to indicate that you are communicating with MQTT w/ TLS on port 443 using the 'x-amzn-mqtt-ca' protocol name.

This blog post gives an example of setting ALPN for Paho-MQTT client.

Another thing that you might want to double check is that

  1. The client certificate that you are using on your client is registered with AWS IoT
  2. That the certificate you have registered has a policy attached to it that permits things like MQTT connection/publish/subscribe/receive.

It is possible that if the certificate or policy is incorrect, then TLS handshake will complete, but AWS IoT will end the connection shortly after.

Solution 2:[2]

I haven`t found or solved the problem with this code, but instead used the AWS SDK for C and everything works fine now.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 rose
Solution 2 homer69

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function