I believe I'm having a similar issue to this ticket nRF7002DK and TLS Sockets -7100 error
[00:00:23.640,411] <err> net_sock_tls: TLS handshake error: -0x2700 [00:00:23.649,475] <err> mqtt_helper: mqtt_connect, error: -113 [00:00:23.649,475] <err> aws_iot: mqtt_helper_connect, error: -113 [00:00:23.649,475] <err> beacon_v3: aws_iot_connect, error: -113
I'm trying to connect to AWS IoT Core with an nRF7002DK by basing my work on the AWS IoT sample. I'm building the project for the nrf7002dk/nrf5340/cpuapp/ns target with NCS version 2.7.0. I'm adding the AWS Root CA 1 like this
err = tls_credential_add(CONFIG_MQTT_HELPER_SEC_TAG, TLS_CREDENTIAL_CA_CERTIFICATE,
ca_certificate, sizeof(ca_certificate));
if (err < 0) {
LOG_ERR("Failed to register public certificate: %d", err);
return err;
}
and the certificate is defined in a header file like this:
static const unsigned char ca_certificate[] = { \
"-----BEGIN CERTIFICATE-----\n"\
"MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\n" \
"ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" \
"b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\n" \
"MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\n" \
"b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\n" \
"ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n" \
"9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\n" \
"IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\n" \
"VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n" \
"93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\n" \
"jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" \
"AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\n" \
"A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\n" \
"U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\n" \
"N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\n" \
"o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n" \
"5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\n" \
"rqXRfboQnoZsG4q5WTP468SQvvG5\n" \
"-----END CERTIFICATE-----"
};
so I'm pretty sure it's not an issue of the certificate being wrong. I'm also adding the private key and device certificate.
My prj.conf file is
# CONFIG_HEAP_MEM_POOL_SIZE=120000 CONFIG_WIFI=y CONFIG_WIFI_NRF700X=y # CONFIG_WIFI_MGMT_EXT=y CONFIG_WIFI_CREDENTIALS=y CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y CONFIG_PSA_CRYPTO_DRIVER_OBERON=n # WPA supplicant CONFIG_WPA_SUPP=y # Networking CONFIG_NETWORKING=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_SOCKOPT_TLS=y CONFIG_MBEDTLS_RSA_C=y CONFIG_BASE64=y CONFIG_MQTT_LIB_TLS=y CONFIG_AWS_IOT=y CONFIG_AWS_IOT_CLIENT_ID_STATIC="test-bcn3" CONFIG_AWS_IOT_BROKER_HOST_NAME="sample.com" # CONFIG_AWS_IOT_SEC_TAG=1 CONFIG_MQTT_HELPER_SEC_TAG=200 CONFIG_MQTT_HELPER_PROVISION_CERTIFICATES=n CONFIG_NET_LOG=n CONFIG_NET_IPV4=y CONFIG_NET_UDP=y CONFIG_NET_TCP=y CONFIG_NET_DHCPV4=y # Networking CONFIG_NETWORKING=y CONFIG_NET_NATIVE=y CONFIG_NET_L2_PPP=y CONFIG_NET_IPV4=y CONFIG_NET_UDP=y CONFIG_NET_SOCKETS=y CONFIG_NET_CONTEXT_RCVTIMEO=y CONFIG_NET_INTERFACE_NAME=y # DNS CONFIG_DNS_RESOLVER=y CONFIG_NET_L2_PPP_OPTION_DNS_USE=y # Network management CONFIG_NET_MGMT=y CONFIG_NET_MGMT_EVENT=y CONFIG_NET_CONNECTION_MANAGER=y CONFIG_NET_IF_UNICAST_IPV4_ADDR_COUNT=2 CONFIG_NET_MAX_CONTEXTS=8 CONFIG_NET_CONTEXT_SYNC_RECV=y CONFIG_INIT_STACKS=y CONFIG_NET_L2_ETHERNET=y CONFIG_NET_CONFIG_SETTINGS=y CONFIG_NET_CONFIG_INIT_TIMEOUT=0 CONFIG_NET_SOCKETS_POLL_MAX=10 # Memories CONFIG_MAIN_STACK_SIZE=4096 CONFIG_NET_TX_STACK_SIZE=4096 CONFIG_NET_RX_STACK_SIZE=4096 # Kernel options CONFIG_ENTROPY_GENERATOR=y # Benchmarking CONFIG_POSIX_MAX_FDS=16 CONFIG_BT=y CONFIG_BT_SMP=y CONFIG_BT_PERIPHERAL=y CONFIG_BT_CENTRAL=y CONFIG_BT_MAX_CONN=2 CONFIG_BT_SCAN=y CONFIG_BT_SCAN_FILTER_ENABLE=y CONFIG_BT_SCAN_UUID_CNT=1 CONFIG_BT_GATT_CLIENT=y CONFIG_BT_GATT_DM=y CONFIG_BT_THROUGHPUT=y CONFIG_BT_USER_DATA_LEN_UPDATE=y CONFIG_BT_USER_PHY_UPDATE=y CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS=n CONFIG_BT_BUF_ACL_RX_SIZE=502 CONFIG_BT_ATT_PREPARE_COUNT=2 CONFIG_BT_CONN_TX_MAX=10 CONFIG_BT_L2CAP_TX_BUF_COUNT=10 CONFIG_BT_L2CAP_TX_MTU=498 CONFIG_BT_BUF_ACL_TX_SIZE=502 CONFIG_BT_L2CAP_DYNAMIC_CHANNEL=y CONFIG_NRF700X_MAX_TX_PENDING_QLEN=12 CONFIG_NRF700X_QSPI_LOW_POWER=n #Added to fix BLE crash in coex enable cases. CONFIG_NRF_RPC=n CONFIG_NRF_RPC_CBOR=n # CONFIG_POSIX_API=y CONFIG_NET_SOCKETS_POSIX_NAMES=y # Logging CONFIG_LOG=y CONFIG_NET_LOG=y CONFIG_WIFI_LOG_LEVEL_DBG=y CONFIG_LOG_DEFAULT_LEVEL=3 CONFIG_BEACON_V3_LOG_LEVEL_INF=y
and my nrf7002dk_nrf5340_cpuapp_ns.conf file is
# # Copyright (c) 2024 Nordic Semiconductor ASA # # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # CONFIG_TFM_PROFILE_TYPE_NOT_SET=y # Using hardware crypto accelerator CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y CONFIG_PSA_CRYPTO_DRIVER_OBERON=n CONFIG_MBEDTLS_HEAP_SIZE=81920 CONFIG_MBEDTLS_PSA_CRYPTO_C=y # TLS credentials CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE=y # Native network stack CONFIG_NRF_SECURITY=y CONFIG_MBEDTLS=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=81920 CONFIG_MBEDTLS_RSA_C=y # NET Sockets CONFIG_NET_SOCKETS_SOCKOPT_TLS=y CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=2
If I try to implement the workaround in the ticket I referenced above, my project doesn't build due to some config dependency errors. Is this still a known issue? Or was it fixed sometime between 2.4.0 and 2.7.0?
