• State Verified Answer
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 1002 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 291324
Options

download_client: Unable to connect, errno 111

Praveen Deshmane

Hi 

I am trying to FOTA download with AWS S3 bucket. 

https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.9.1/nrf/libraries/networking/fota_download.html

I am using HTTPS protocol to download the FOTA image

https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.9.1/nrf/libraries/networking/download_client.html#download-client-https

NOTE: HTTPS is working for other REST API

My AWS S3 Bucket Policy is below

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Statement1",
			"Principal": "*",
			"Effect": "Allow",
			"Action": "s3:GetObject",
			"Resource": "arn:aws:s3:::mybucket/*"
		}
	]
}


Nordick SDK Version : 1.9.1

prj.conf file 

CONFIG_DOWNLOAD_HOST="https://mybucket.s3.us-west-2.amazonaws.com"
CONFIG_DOWNLOAD_FILE="app_update.bin"



I am getting below error, when i used to HTTPS bucket link to download firmware image

 
<err> download_client: Unable to connect, errno 111


NOTE: 
With HTTP bucket link it works pretty well. 

CONFIG_DOWNLOAD_HOST="http://mybucket.s3.us-west-2.amazonaws.com"
CONFIG_DOWNLOAD_FILE="app_update.bin"


May I know why download _client could not connect to aws s3 bucket???


Any help, or suggestion will be appreciated.

Parents
  • 0

    Hello!

    Could you please provide a modem trace of your application when it fails?

    This could help shed some light on precisely what goes wrong.

    Best regards,

    Einar

  • 0 in reply to Einarh

    Also please note this point in the docs:

    • Use the <bucket-name>.s3.<region>.amazonaws.com part of the URL as the hostname of the server hosting the images, without including https://.

    And could you explain the difference in your bucket policy and the one in the NCS docs?:

    {    "Version": "2012-10-17",
     "Statement": [
         {
             "Effect": "Allow",
             "Principal": "*",
             "Action": "s3:GetObject",
             "Resource": "arn:aws:s3:::bucket_name/*"
         }
      ]
 }

  • 0 in reply to Einarh

    Hello Einarh,

    solved the fota download with HTTPS issue

     

    CONFIG_DOWNLOAD_HOST="mybucket.s3.us-west-2.amazonaws.com"
CONFIG_DOWNLOAD_FILE="app_update.bin"


    by changing HOST = <bucket-name>.s3.<region>.amazonaws.com

    and 

    using aws certificate provision for https in modem

    https://www.amazontrust.com/repository/AmazonRootCA1.pem


    my_lte.c

     #include "aws.h"
 
 ret = modem_key_mgmt_write(TLS_SEC_TAG,
                               MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN,
                               AWS_ROOT_CA_CERTIFICATE, sizeof(AWS_ROOT_CA_CERTIFICATE) - 1);


    aws.h

    #define AWS_ROOT_CA_CERTIFICATE                                          \
    "-----BEGIN CERTIFICATE-----\n"                                      \
    "MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\n" \
    "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" \
    "b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\n" \
    "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\n" \
    "b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\n" \
    "ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n" \
    "9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\n" \
    "IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\n" \
    "VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n" \
    "93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\n" \
    "jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" \
    "AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\n" \
    "A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\n" \
    "U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\n" \
    "N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\n" \
    "o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n" \
    "5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\n" \
    "rqXRfboQnoZsG4q5WTP468SQvvG5\n" \
    "-----END CERTIFICATE-----\n"



    Thank you.



    Best Reagrds

    Praveen Deshmane

Reply
  • 0 in reply to Einarh

    Hello Einarh,

    solved the fota download with HTTPS issue

     

    CONFIG_DOWNLOAD_HOST="mybucket.s3.us-west-2.amazonaws.com"
CONFIG_DOWNLOAD_FILE="app_update.bin"


    by changing HOST = <bucket-name>.s3.<region>.amazonaws.com

    and 

    using aws certificate provision for https in modem

    https://www.amazontrust.com/repository/AmazonRootCA1.pem


    my_lte.c

     #include "aws.h"
 
 ret = modem_key_mgmt_write(TLS_SEC_TAG,
                               MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN,
                               AWS_ROOT_CA_CERTIFICATE, sizeof(AWS_ROOT_CA_CERTIFICATE) - 1);


    aws.h

    #define AWS_ROOT_CA_CERTIFICATE                                          \
    "-----BEGIN CERTIFICATE-----\n"                                      \
    "MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\n" \
    "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" \
    "b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\n" \
    "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\n" \
    "b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\n" \
    "ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n" \
    "9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\n" \
    "IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\n" \
    "VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n" \
    "93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\n" \
    "jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" \
    "AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\n" \
    "A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\n" \
    "U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\n" \
    "N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\n" \
    "o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n" \
    "5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\n" \
    "rqXRfboQnoZsG4q5WTP468SQvvG5\n" \
    "-----END CERTIFICATE-----\n"



    Thank you.



    Best Reagrds

    Praveen Deshmane

Children
No Data
Related
Terms of service