• State Verified Answer
  • Replies 18 replies
  • Subscribers 74 subscribers
  • Views 3841 views
  • Users 0 members are here
Attachments (6) Download All
Nordic Case Info
  • Case ID: 267878
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

mqtts reported an error when creating a socket: Operation not supported on socket.

xinjiang

I want nRF9160 to do mqtts connection without certificate.

Modem FW:1.2.3

Here is my mqtt client_init:

static int client_init(struct mqtt_client *client)
{
	int err;

	mqtt_client_init(client);

	err = broker_init();
	if (err) {
		LOG_ERR("Failed to initialize broker connection");
		return err;
	}

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (uint8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = NULL;
	client->user_name = NULL;
	client->protocol_version = MQTT_VERSION_3_1_1;

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */
	struct mqtt_sec_config *tls_cfg = &(client->transport).tls.config;
	static sec_tag_t sec_tag_list[] = { CONFIG_MQTT_TLS_SEC_TAG };

	LOG_INF("TLS enabled");
	client->transport.type = MQTT_TRANSPORT_SECURE;

	tls_cfg->peer_verify = TLS_PEER_VERIFY_NONE;
	tls_cfg->cipher_count = 0;
	tls_cfg->cipher_list = NULL;
	tls_cfg->sec_tag_count = 0;
	tls_cfg->sec_tag_list = NULL;
	tls_cfg->hostname = CONFIG_MQTT_BROKER_HOSTNAME;

	tls_cfg->session_cache = IS_ENABLED(CONFIG_MQTT_TLS_SESSION_CACHING) ?
					    TLS_SESSION_CACHE_ENABLED :
					    TLS_SESSION_CACHE_DISABLED;

	return err;
}

When I use 9160DK, mqtts is connected normally. But when using the 9160 chip, there is an error in the connection. Here is my log:

[00:00:00.243,316] <inf> main: Connecting to LTE network.
[00:00:00.243,316] <inf> main: This may take several minutes.
[00:00:00.243,377] <inf> flash_control: No apn found, use default apn
[00:00:00.249,908] <inf> main: Set to the default APN CMNBIOT2.
[00:00:00.258,087] <inf> lte_lc: Using legacy LTE PCO mode...
[00:00:02.258,117] <inf> main: CSCON : 1
[18:48:50.833]收←◆[00:00:04.283,386] <inf> main: Connected to LTE network.

[00:00:04.286,163] <inf> mqtt_engine: IPv4 Address found 47.106.164.80
[00:00:04.286,193] <inf> mqtt_engine: TLS enabled
[00:00:04.286,468] <dbg> net_mqtt_sock_tls.mqtt_client_tls_connect: (0x20015220): Created socket 1
[00:00:04.660,552] <err> mqtt_engine: mqtt_connect -45
[00:00:04.660,583] <err> mqtt_engine: ERROR: mqtt_disconnect -57

-45 is EOPNOTSUPP, and typically indicates that you have written wrong certificates to the device. But I had peer_verify set to 0. Why is there a -45 error?

  • 0 in reply to Heidi

    All certificates present in the DK board:

    [15:16:11.422]收←◆*** Booting Zephyr OS build v2.4.99-ncs1  ***
The AT host sample started

[15:16:17.557]发→◇AT%CMNG=1
□
[15:16:17.572]收←◆%CMNG: 0,3,"0303030303030303030303030303030303030303030303030303030303030303"
%CMNG: 0,4,"0404040404040404040404040404040404040404040404040404040404040404"
%CMNG: 24,0,"0000000000000000000000000000000000000000000000000000000000000000"
%CMNG: 6123,4,"0404040404040404040404040404040404040404040404040404040404040404"
%CMNG: 123456,3,"0303030303030303030303030303030303030303030303030303030303030303"
%CMNG: 123456,4,"0404040404040404040404040404040404040404040404040404040404040404"
%CMNG: 16842753,0,"0000000000000000000000000000000000000000000000000000000000000000"
%CMNG: 16842753,1,"0101010101010101010101010101010101010101010101010101010101010101"
%CMNG: 16842753,2,"0202020202020202020202020202020202020202020202020202020202020202"
%CMNG: 35724861,3,"0303030303030303030303030303030303030303030303030303030303030303"
%CMNG: 35724861,4,"0404040404040404040404040404040404040404040404040404040404040404"
OK

    Demo is in the attachment. mqtt_simple_test.rar

  • 0 in reply to xinjiang

    I found through a breakpoint test that the return value of nrf_connect() on the eleventh line is -1.

    static int nrf91_socket_offload_connect(void *obj, const struct sockaddr *addr,
					socklen_t addrlen)
{
	int sd = OBJ_TO_SD(obj);
	int retval;

	if (addr->sa_family == AF_INET) {
		struct nrf_sockaddr_in ipv4;

		z_to_nrf_ipv4(addr, &ipv4);
		retval = nrf_connect(sd, (const struct nrf_sockaddr_in *)&ipv4,
				     sizeof(struct nrf_sockaddr_in));
	} else if (addr->sa_family == AF_INET6) {
		struct nrf_sockaddr_in6 ipv6;

		z_to_nrf_ipv6(addr, &ipv6);
		retval = nrf_connect(sd, (const struct nrf_sockaddr *)&ipv6,
				  sizeof(struct nrf_sockaddr_in6));
	} else {
		/* Pass in raw to library as it is non-IP address. */
		retval = nrf_connect(sd, (void *)addr, addrlen);
		if (retval < 0) {
			/* Not supported by library. */
			goto error;
		}
	}

	return retval;

error:
	retval = -1;
	errno = ENOTSUP;
	return retval;
}

  • 0 in reply to xinjiang

    Hi! 

    I'm unfortunately not able to reproduce the issue you're seeing, so I'm not sure where to go from here.

    The application you attached works fine on my DK. The only changes I made were changing the configurations to connect with LTE-M instead of NB-IoT because that's what I have available. 

    Your modem trace was possibly missing some information. Perhaps you can try to generate a new one?

  • 0 in reply to Heidi

    This is the modem information I re-crawled. Can you analyze what went wrong?1348.trace-2021-04-28T02-21-08.402Z.bin

  • +1 in reply to xinjiang

    Hi!

    From the modem trace and the return of %CMNG it looks like there is a Root CA stored in sec_tag 24 and sec_tag 16842753 but the TLS connection is trying to be establishing using sec_tag 1, where there is no root certificate. 

    Try using the correct sec_tag in your application, and the modem should be able to find the root certificate.

    Best regards,

    Heidi

Related
Terms of service