• State Verified Answer
  • Replies 18 replies
  • Subscribers 74 subscribers
  • Views 3848 views
  • Users 0 members are here
Attachments (6) Download All
Nordic Case Info
  • Case ID: 267878
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

mqtts reported an error when creating a socket: Operation not supported on socket.

xinjiang

I want nRF9160 to do mqtts connection without certificate.

Modem FW:1.2.3

Here is my mqtt client_init:

static int client_init(struct mqtt_client *client)
{
	int err;

	mqtt_client_init(client);

	err = broker_init();
	if (err) {
		LOG_ERR("Failed to initialize broker connection");
		return err;
	}

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (uint8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = NULL;
	client->user_name = NULL;
	client->protocol_version = MQTT_VERSION_3_1_1;

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */
	struct mqtt_sec_config *tls_cfg = &(client->transport).tls.config;
	static sec_tag_t sec_tag_list[] = { CONFIG_MQTT_TLS_SEC_TAG };

	LOG_INF("TLS enabled");
	client->transport.type = MQTT_TRANSPORT_SECURE;

	tls_cfg->peer_verify = TLS_PEER_VERIFY_NONE;
	tls_cfg->cipher_count = 0;
	tls_cfg->cipher_list = NULL;
	tls_cfg->sec_tag_count = 0;
	tls_cfg->sec_tag_list = NULL;
	tls_cfg->hostname = CONFIG_MQTT_BROKER_HOSTNAME;

	tls_cfg->session_cache = IS_ENABLED(CONFIG_MQTT_TLS_SESSION_CACHING) ?
					    TLS_SESSION_CACHE_ENABLED :
					    TLS_SESSION_CACHE_DISABLED;

	return err;
}

When I use 9160DK, mqtts is connected normally. But when using the 9160 chip, there is an error in the connection. Here is my log:

[00:00:00.243,316] <inf> main: Connecting to LTE network.
[00:00:00.243,316] <inf> main: This may take several minutes.
[00:00:00.243,377] <inf> flash_control: No apn found, use default apn
[00:00:00.249,908] <inf> main: Set to the default APN CMNBIOT2.
[00:00:00.258,087] <inf> lte_lc: Using legacy LTE PCO mode...
[00:00:02.258,117] <inf> main: CSCON : 1
[18:48:50.833]收←◆[00:00:04.283,386] <inf> main: Connected to LTE network.

[00:00:04.286,163] <inf> mqtt_engine: IPv4 Address found 47.106.164.80
[00:00:04.286,193] <inf> mqtt_engine: TLS enabled
[00:00:04.286,468] <dbg> net_mqtt_sock_tls.mqtt_client_tls_connect: (0x20015220): Created socket 1
[00:00:04.660,552] <err> mqtt_engine: mqtt_connect -45
[00:00:04.660,583] <err> mqtt_engine: ERROR: mqtt_disconnect -57

-45 is EOPNOTSUPP, and typically indicates that you have written wrong certificates to the device. But I had peer_verify set to 0. Why is there a -45 error?

Parents
  • 0

    Hi!

    So when running the application on the nRF9160 DK it is able to establish a connection, but when using your custom board it is not? In this case, could you provide the schematics from the board so your HW engineers can take a look?

    You are correct, when Peer Verification is disabled the error -45 most likely does not mean there is something wrong with the certificates. -45 just means EOPNOTSUPP 45 /**< Operation not supported */ so it can come from other issues as well.

    I would also like a modem trace from when the connection fails. To take a modem trace, enable "CONFIG_NRF_MODEM_LIB_TRACE_ENABLED" in your application and flash it to the board. Then open the Trace Collector application in nRF Connect for Desktop and "Start Capture" while the application is running. The trace file size should increase if everything is working properly.

    Best regards,

    Heidi

Reply
  • 0

    Hi!

    So when running the application on the nRF9160 DK it is able to establish a connection, but when using your custom board it is not? In this case, could you provide the schematics from the board so your HW engineers can take a look?

    You are correct, when Peer Verification is disabled the error -45 most likely does not mean there is something wrong with the certificates. -45 just means EOPNOTSUPP 45 /**< Operation not supported */ so it can come from other issues as well.

    I would also like a modem trace from when the connection fails. To take a modem trace, enable "CONFIG_NRF_MODEM_LIB_TRACE_ENABLED" in your application and flash it to the board. Then open the Trace Collector application in nRF Connect for Desktop and "Start Capture" while the application is running. The trace file size should increase if everything is working properly.

    Best regards,

    Heidi

Children
  • 0 in reply to Heidi

    I reproduced this phenomenon on another DK board. Attached is the captured modem info.0535.trace-2021-04-13T01-58-55.612Z.bin

  • 0 in reply to xinjiang

    Thank you.

    Unfortunately, the modem trace isn't telling us much at this point. There are only two DNS queries received in the modem. The data socket is not opened and neither is the TLS connection establishment tried. This is either an issue in the modem trace generation or the problem lies on the SDK side and the TLS connection is not established at all.

    I'll have someone from the MQTT-team take a look as well, but perhaps you could take a few more traces to rule out that cause. When taking the new trace, please run AT%CMNG to list all existing certificates.

    Generally speaking there needs to be a valid Root CA for a successful TLS connection. But even with an invalid Root CA, there should be events in the modem trace showing that the TLS connection establishment is attempted by the application.

  • 0 in reply to Heidi 

    int mqtt_client_tls_connect(struct mqtt_client *client)
{
	const struct sockaddr *broker = client->broker;
	struct mqtt_sec_config *tls_config = &client->transport.tls.config;
	int ret;

	client->transport.tls.sock = zsock_socket(broker->sa_family,
						  SOCK_STREAM, IPPROTO_TLS_1_2);
	if (client->transport.tls.sock < 0) {
		return -errno;
	}

	MQTT_TRC("Created socket %d", client->transport.tls.sock);

#if defined(CONFIG_SOCKS)
	if (client->transport.proxy.addrlen != 0) {
		ret = setsockopt(client->transport.tls.sock,
				 SOL_SOCKET, SO_SOCKS5,
				 &client->transport.proxy.addr,
				 client->transport.proxy.addrlen);
		if (ret < 0) {
			return -errno;
		}
	}
#endif
	/* Set secure socket options. */
	ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS, TLS_PEER_VERIFY,
			       &tls_config->peer_verify,
			       sizeof(tls_config->peer_verify));
	if (ret < 0) {
		goto error;
	}

	if (tls_config->cipher_list != NULL && tls_config->cipher_count > 0) {
		ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS,
				       TLS_CIPHERSUITE_LIST, tls_config->cipher_list,
				       sizeof(int) * tls_config->cipher_count);
		if (ret < 0) {
			goto error;
		}
	}

	if (tls_config->sec_tag_list != NULL && tls_config->sec_tag_count > 0) {
		ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS,
				       TLS_SEC_TAG_LIST, tls_config->sec_tag_list,
				       sizeof(sec_tag_t) * tls_config->sec_tag_count);
		if (ret < 0) {
			goto error;
		}
	}

	if (tls_config->hostname) {
		ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS,
				       TLS_HOSTNAME, tls_config->hostname,
				       strlen(tls_config->hostname));
		if (ret < 0) {
			goto error;
		}
	}

	if (tls_config->session_cache == TLS_SESSION_CACHE_ENABLED) {
		ret = zsock_setsockopt(client->transport.tls.sock, SOL_TLS,
				       TLS_SESSION_CACHE,
				       &tls_config->session_cache,
				       sizeof(tls_config->session_cache));
		if (ret < 0) {
			goto error;
		}
	}

	size_t peer_addr_size = sizeof(struct sockaddr_in6);

	if (broker->sa_family == AF_INET) {
		peer_addr_size = sizeof(struct sockaddr_in);
	}

	ret = zsock_connect(client->transport.tls.sock, client->broker,
			    peer_addr_size);
	if (ret < 0) {
		goto error;
	}

	MQTT_TRC("Connect completed");
	return 0;

error:
	(void) zsock_close(client->transport.tls.sock);
	return -errno;
}

    The problem lies in the zsock_connect() function on line 77.

    Finally, through breakpoint debugging, it is found that the nrf_modem_os_errno_set() function in the nrf_modem_os.c file will set errno = EOPNOTSUPP

    What is the reason for errno = -45?

  • 0 in reply to xinjiang

    Could you zip your whole application so we can reproduce the issue at our end?

  • 0 in reply to Heidi

    All certificates present in the DK board:

    [15:16:11.422]收←◆*** Booting Zephyr OS build v2.4.99-ncs1  ***
The AT host sample started

[15:16:17.557]发→◇AT%CMNG=1
□
[15:16:17.572]收←◆%CMNG: 0,3,"0303030303030303030303030303030303030303030303030303030303030303"
%CMNG: 0,4,"0404040404040404040404040404040404040404040404040404040404040404"
%CMNG: 24,0,"0000000000000000000000000000000000000000000000000000000000000000"
%CMNG: 6123,4,"0404040404040404040404040404040404040404040404040404040404040404"
%CMNG: 123456,3,"0303030303030303030303030303030303030303030303030303030303030303"
%CMNG: 123456,4,"0404040404040404040404040404040404040404040404040404040404040404"
%CMNG: 16842753,0,"0000000000000000000000000000000000000000000000000000000000000000"
%CMNG: 16842753,1,"0101010101010101010101010101010101010101010101010101010101010101"
%CMNG: 16842753,2,"0202020202020202020202020202020202020202020202020202020202020202"
%CMNG: 35724861,3,"0303030303030303030303030303030303030303030303030303030303030303"
%CMNG: 35724861,4,"0404040404040404040404040404040404040404040404040404040404040404"
OK

    Demo is in the attachment. mqtt_simple_test.rar

Related
Terms of service