2017-02-09 01:32 AM
Hello,
we are making MQTT client application that should connect to Amazon AWS server. But after my application sends:
AT+S.SOCKON=XXXXXXXXXXXXXX.iot.eu-west-1.amazonaws.com,8883,s,ind<CR>
I got an error:
ERROR: Failed to resolve name<CR><LF>
Temporary solution was to find real IP of server using whois in my console and put is instead of server address. Now i can connect but i want to use real server address in application if possible.
Moreover, I'm sure that DNS address is correct because we are using time-d.nist.gov service to get current time/date without a problem.
Maybe the address string is too long for module? (We are using latest firmware for SPWF01 that is available for download v3.5)
73HelloHan MQTTa2emqd0m2h8v13
2017-02-10 05:34 AM
Ciao,
FW3.5 allows resolution for names up to 100 bytes (and accept reply from DNS server up to 300 bytes). Which size are you using (and which size is the reply from server)?
Best regards
jerry
2017-02-10 05:44 AM
Hi Gerardo,
address is 42 bytes long, it should fit.
How i can get replay from DNS?
130
2017-02-10 11:28 AM
Install Wireshark on a PC and sniff frames over the air
2017-03-07 07:36 AM
Hi,
i tried today. Replay from DNS is 542 bytes long. Now, what we can do to overcome this problem?
25Hi, sorrz
2017-03-07 11:28 AM
There are newer versions than FW3.5 (minor, not on st.com website), which use 512 in length. I can share. Send me your email by private message.
If 512 is not enough (542 bytes is 'clean' DNS payload? I don't think so. It's huge!), we can try increasing this size again.
2017-03-07 03:32 PM
Thanks, we can try with new firmware!
257
2017-03-08 12:31 AM
We also have another problem related to AWS. AWS is using TLS1.2 secure socket, we have to send CA, client certificate and client key to establish connection. However, there are limitations for this (as in SPWF01 documentation): 3kB overall and 1.3kB per certificate. ECC certificates fits into this limits even if CA is bigger than 1.3kB.
CA certificate: 1707bytes
Client certificate: 887bytes
Client key: 300 bytes
---------------------------------------------
Total: 2894bytes
But AWS supports one very good feature: auto registration of certificate. This is done by sending client certificate combined with another certificate which is 1348bytes long.
1. Is this supported at all with SPWF01?
2. Does by any chance we can manage to use larger space for certificates storage? For example to issue some custom firmware without some features that we don't need at all or something else?
Thanks,
Nebojsa58
2017-03-08 05:15 AM
Yep, that is the right one. That CA certificate should be send combined with device certificate rootCA + device_cert&deviceCA + device_key. AWS then register client certificate and kills connection. Next connection we can send only client certificate alone as usual. That means that we would need:
CA certificate: 1707bytes
Client certificate: 887+1348bytes
Client key: 300 bytes
---------------------------------------------
Total: 4242bytes
I'm not sure about this. Maybe we can consider that new SPWF04SA module? I got news about it's existance... Is it pin compatible with SPWF01 and can we use same AT commands for it? And most important, are there samples available?
Thanks,
Nebojsa127
2017-03-08 05:53 AM
Hi,
I'm not familiar with auto-registration procedure provided by AWS but, looking at AWS blog (
https://aws.amazon.com/it/blogs/iot/just-in-time-registration-of-device-certificates-on-aws-iot/
I hope this is the feature you mentioned...) it seems that it is a feature provided by AWS-CLI program, which is not included into SPWF01.Consider also that this feature doesn't reduce the size of the certificates you need to store into the SPWF01, but it could increase it! The CA that you want to send to the AWS server is the one that signs your certificate while, inside SPWF01, you need to load the CA which signs AWS server.
Unfortunately the Flash available into SPWF01 is not enough to handle more than 1 CA certificate.
Regards