Get Time error on B-L475E-IOT01A_Iot_Node while reset

Hello

It looks like the network certificate is incorrect. Did you configure it ? (did you press the User button (blue) and copy/paste the root certificate when asked)

Which version of X-CUBE-AWS are you using ? on which board ?

In X-CUBE-AWS 1.4.1 the certificate is in Middlewares\Third_Party\AWS\certs\Amazon1_Usertrust_Baltimore.crt

Did you push the board's blue button after "Push the User button (Blue) within the next 5 seconds if you want to update the device security parameters or credentials." ?

that's where the certificate must be configured.

Also I see in the log you are using X-CUBE-AWS 1.2.1. It would be better to use latest version in 1.x series (v1.4.1). Use "select version" in https://www.st.com/en/embedded-software/x-cube-aws.html.

I have a similar problem but when using the generic HTTP client application on the STM94 discovery board.

The application example connects to httpbin.org, but it fails at this stage:

ERROR: net_sock_open_mbedtls L#165 failed

                                                      ! mbedtls_x509_crt_parse returned -0x3b00 while parsing root cert

some further debug shows that the error is thrown in x509_crt.c in the mbedtls library

 /*

         * Quit parsing on a memory error

         */

        if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )

There is no blue button to push for this generic http client application, but it defines it somewhere in RooCa.h which shows the certificate for httpbin.org.

The documentation for how to configure mbedtls in these example designs is quite poor, making it very difficult to understand what the solution to this is now..

Could you please advise?

Hello,

Yes that's correct.

So I was running X-cube GCP 2.0 on the STM32L496 board using the BG96 modem, which means I had modified to code to change the wifi connection on the bgiot475 example design to work on the stm discovery board.

But then today I downloaded GCP v1.0.0, as after digging a bit deeper, it seems to have support for the STM32L496 discovery board I am working on.

So now...same kind of problem really...

All the code runs, it first asks me for the google connection string, which I can enter successfully, press enter...then the console requests to enter the RootCA as expected...

But when I then copy/paste the CA in the format as expected, press enter, the code doesn't get past the following function

enterPemString(char * read_buffer, size_t max_len)

Is this just an incorrect RootCA format I've enteredas I can't see anything wrong with the following:?

-----BEGIN CERTIFICATE-----

MIIBxTCCAWugAwIBAgINAfD3nVndblD3QnNxUDAKBggqhkjOPQQDAjBEMQswCQYD

VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzERMA8G

A1UEAxMIR1RTIExUU1IwHhcNMTgxMTAxMDAwMDQyWhcNNDIxMTAxMDAwMDQyWjBE

MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM

QzERMA8GA1UEAxMIR1RTIExUU1IwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATN

8YyO2u+yCQoZdwAkUNv5c3dokfULfrA6QJgFV2XMuENtQZIG5HUOS6jFn8f0ySlV

eORCxqFyjDJyRn86d+Iko0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw

AwEB/zAdBgNVHQ4EFgQUPv7/zFLrvzQ+PfNA0OQlsV+4u1IwCgYIKoZIzj0EAwID

SAAwRQIhAPKuf/VtBHqGw3TUwUIq7TfaExp3bH7bjCBmVXJupT9FAiBr0SmCtsuk

miGgpajjf/gFigGM34F9021bCWs1MbL0SA==

-----END CERTIFICATE-----

The code seems to want to write this to flash, but then read from flash again in

 GcpIoT_connect( gcp_client_t *gcpClient )

So what I've done to try and get around this flashing issue or whatever it may be, is that I places the RootCa in a header file, removed the code that writes and reads from flash, but then directly read from file like so:

ret |= net_sock_setopt(socket, "tls_ca_certs", (void *)gcpRootCA, strlen(gcpRootCA)+1);

instead of

 // ret |= net_sock_setopt(socket, "tls_ca_certs",  (void *) ca_cert, strlen(ca_cert) + 1);

What happens then is that the mbedtls handshake starts, but fails at Client State 3.

If I then change the authentication mode to optional in net_tls_mbedtls.c

 mbedtls_ssl_conf_authmode(&tlsData->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);

Then the handshake makes it all the way to client state 17 (but going from stare 12 to 17)

with the following errors showing

                 C:/MY_DATA/Port_IoT_Sensor_PROJ/STM32/Cellular/en.x-cube-gcp_v1.0.0/STM32CubeExpansion_Cloud_GCP_V1.0.0/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2489: message length: 7, out_left: 7

           ERROR: net_sock_send_tcp_c2c L#330 C2C_SendData(): send ERROR: 572,operation not allowed

So to me it seems there is just something wrong with the certificate itself or are there any other settings missing?

I've been digging into this code for weeks now, porting to other boards etc.., and it always seems to end up at this state, so is it just something simple as an incorrect certificate, which would be great, but then how to solve?

Apologies, those were obviously 2 different things I'd been working on

First was the generic httpclient exampe on stm32l496 doscovery, secondlt the GCP integration.

Somehow I always seem to have the same issue during the mbedtls handshake though

Hello

Did you use PuTTY on a Windows PC to configure the Root CA certificate on the serial port ?

The problem with PuTTY is that it sends only Carriage Return characters for end of line. CR-LF or LF is needed.

Make sure the certificate has end of line CR-LF or LF, especially before and after -----END CERTIFICATE-----.

Tera term and Termite are able to send CR-LF or LF for end of line characters.

I've been using teraterm actually, then configure teraterm with Local Echo enabled for the terminal

So to get this correct, do you mean something like this?:

"-----BEGIN CERTIFICATE-----\n" \

"MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk\n" \

"MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH\n" \

"bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX\n" \

"DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD\n" \

"QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu\n" \

"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ\n" \

"FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw\n" \

"DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F\n" \

"uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX\n" \

"kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs\n" \

"ewv4n4Q=\n" \

"-----END CERTIFICATE-----\n" \

I've tried this didn't seem to work either....

Could you create a new question about your GCP problem in Q&A / STM32 MCUs ?

as we are discussing GCP it's not the same as the original poster issue.

Thank you guys

I finished the test of the 'STM32L4 discovery kit iot nano board' by connecting it to Microsoft Azure.

I will try again according to your advice to connect with AWS.

@Guillaume K​ 

Hi,

Yes, I followed the following link, it connected very well.

​

https://docs.microsoft.com/en-us/azure/iot-develop/quickstart-devkit-stm-b-l475e

​

All tests went smoothly.