Get Time error on B-L475E-IOT01A_Iot_Node while reset

BSalt.1 · ‎2021-12-07

Hi,

After installing the x-cube-aws demo software, when I turn on the board, the following error occurs.

>>>

.........................

Module initialized successfully: Inventek eS-WiFi ISM43362-M3G-L44-SPI C3.5.2.5.STM

Retrieving the WiFi module MAC address: c4:xx:xx:xx:xx:1f

Connecting to AP: e4ds_studio Attempt 1/3 ...

Connected to AP e4ds_studio

Mac address: c4:xx:xx:xx:xx:xx

Retrieving the IP address.

IP address: 172.xx.x.xx

Push the User button (Blue) within the next 5 seconds if you want to update the device security parameters or credentials.

Setting the RTC from the network time.

ERROR: net_sock_open_mbedtls L#165 failed

! mbedtls_x509_crt_parse returned -0x2180 while parsing root cert

ERROR: setRTCTimeDateFromNetwork L#134 Could not open the socket.

Error initializing the RTC from the network time!

Guillaume K · ‎2021-12-08

Hello

It looks like the network certificate is incorrect. Did you configure it ? (did you press the User button (blue) and copy/paste the root certificate when asked)

Which version of X-CUBE-AWS are you using ? on which board ?

In X-CUBE-AWS 1.4.1 the certificate is in Middlewares\Third_Party\AWS\certs\Amazon1_Usertrust_Baltimore.crt

BSalt.1 · ‎2021-12-08

Thanks for your help,

That error message is after setting the ssid and password,

It is a message that comes out immediately after connecting to wifi.

I haven't moved on to the next step yet.

The board I am using is the Discovery kit B-L475E-IOT01A1 board.

The X-Cube-AWS version is 1.2.1, as in the message below.

*************************************************************

*** STM32 IoT Discovery kit for

*** STM32L475/STM32F413/STM32F769 MCU

*** X-CUBE-AWS Cloud Connectivity Demonstration

*** FW version 1.2.1 - 06-February-2019 05:12:27 PM

*************************************************************

*** Board personalization ***

*** WIFI connection ***

Push the User button (Blue) within the next 5 seconds if you want to update the WiFi network configuration.

Initializing the WiFi module

Module initialized successfully: Inventek eS-WiFi ISM43362-M3G-L44-SPI C3.5.2.5.STM

Retrieving the WiFi module MAC address: c4:7f:51:94:bc:1f

Connecting to AP: e4ds_mesh Attempt 1/3 ...

Connected to AP e4ds_mesh

Mac address: c4:7f:51:94:bc:1f

Retrieving the IP address.

IP address: 192.168.0.121

Push the User button (Blue) within the next 5 seconds if you want to update the device security parameters or credentials.

Setting the RTC from the network time.

ERROR: net_sock_open_mbedtls L#165 failed

! mbedtls_x509_crt_parse returned -0x2180 while parsing root cert

ERROR: setRTCTimeDateFromNetwork L#134 Could not open the socket.

Error initializing the RTC from the network time!

Guillaume K · ‎2021-12-09

Did you push the board's blue button after "Push the User button (Blue) within the next 5 seconds if you want to update the device security parameters or credentials." ?

that's where the certificate must be configured.

Also I see in the log you are using X-CUBE-AWS 1.2.1. It would be better to use latest version in 1.x series (v1.4.1). Use "select version" in https://www.st.com/en/embedded-software/x-cube-aws.html.

Cheye.1 · ‎2021-12-23

I have a similar problem but when using the generic HTTP client application on the STM94 discovery board.

The application example connects to httpbin.org, but it fails at this stage:

ERROR: net_sock_open_mbedtls L#165 failed

! mbedtls_x509_crt_parse returned -0x3b00 while parsing root cert

some further debug shows that the error is thrown in x509_crt.c in the mbedtls library

/*

* Quit parsing on a memory error

*/

if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )

There is no blue button to push for this generic http client application, but it defines it somewhere in RooCa.h which shows the certificate for httpbin.org.

The documentation for how to configure mbedtls in these example designs is quite poor, making it very difficult to understand what the solution to this is now..

Could you please advise?

Guillaume K · ‎2022-01-03

Hello

When you write about "STM94 discovery board" , I presume are you referring to the STM32L496 Discovery board, is it ?

What development environment are you using ? STM32CubeIDE ? what version ?

Does the application offer to configure the Root CA with a prompt on serial COM port:

"Do you want to update your IoT device connection parameters?" ?

When it displays that, you have 5 seconds to press the blue button on the board.

If it does not display it, try to do a full erase of the board with STM32CubeProgrammer, then flash the application again. A full erase wipes the default config. An empty configuration makes the application ask for configurations details.

Cheye.1 · ‎2022-01-10

Hello,

Yes that's correct.

So I was running X-cube GCP 2.0 on the STM32L496 board using the BG96 modem, which means I had modified to code to change the wifi connection on the bgiot475 example design to work on the stm discovery board.

But then today I downloaded GCP v1.0.0, as after digging a bit deeper, it seems to have support for the STM32L496 discovery board I am working on.

So now...same kind of problem really...

All the code runs, it first asks me for the google connection string, which I can enter successfully, press enter...then the console requests to enter the RootCA as expected...

But when I then copy/paste the CA in the format as expected, press enter, the code doesn't get past the following function

enterPemString(char * read_buffer, size_t max_len)

Is this just an incorrect RootCA format I've enteredas I can't see anything wrong with the following:?

-----BEGIN CERTIFICATE-----

MIIBxTCCAWugAwIBAgINAfD3nVndblD3QnNxUDAKBggqhkjOPQQDAjBEMQswCQYD

VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzERMA8G

A1UEAxMIR1RTIExUU1IwHhcNMTgxMTAxMDAwMDQyWhcNNDIxMTAxMDAwMDQyWjBE

MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM

QzERMA8GA1UEAxMIR1RTIExUU1IwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATN

8YyO2u+yCQoZdwAkUNv5c3dokfULfrA6QJgFV2XMuENtQZIG5HUOS6jFn8f0ySlV

eORCxqFyjDJyRn86d+Iko0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw

AwEB/zAdBgNVHQ4EFgQUPv7/zFLrvzQ+PfNA0OQlsV+4u1IwCgYIKoZIzj0EAwID

SAAwRQIhAPKuf/VtBHqGw3TUwUIq7TfaExp3bH7bjCBmVXJupT9FAiBr0SmCtsuk

miGgpajjf/gFigGM34F9021bCWs1MbL0SA==

-----END CERTIFICATE-----

The code seems to want to write this to flash, but then read from flash again in

GcpIoT_connect( gcp_client_t *gcpClient )

So what I've done to try and get around this flashing issue or whatever it may be, is that I places the RootCa in a header file, removed the code that writes and reads from flash, but then directly read from file like so:

ret |= net_sock_setopt(socket, "tls_ca_certs", (void *)gcpRootCA, strlen(gcpRootCA)+1);

instead of

// ret |= net_sock_setopt(socket, "tls_ca_certs", (void *) ca_cert, strlen(ca_cert) + 1);

What happens then is that the mbedtls handshake starts, but fails at Client State 3.

If I then change the authentication mode to optional in net_tls_mbedtls.c

mbedtls_ssl_conf_authmode(&tlsData->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);

Then the handshake makes it all the way to client state 17 (but going from stare 12 to 17)

with the following errors showing

C:/MY_DATA/Port_IoT_Sensor_PROJ/STM32/Cellular/en.x-cube-gcp_v1.0.0/STM32CubeExpansion_Cloud_GCP_V1.0.0/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2489: message length: 7, out_left: 7

ERROR: net_sock_send_tcp_c2c L#330 C2C_SendData(): send ERROR: 572,operation not allowed

So to me it seems there is just something wrong with the certificate itself or are there any other settings missing?

I've been digging into this code for weeks now, porting to other boards etc.., and it always seems to end up at this state, so is it just something simple as an incorrect certificate, which would be great, but then how to solve?

Cheye.1 · ‎2022-01-10

Apologies, those were obviously 2 different things I'd been working on

First was the generic httpclient exampe on stm32l496 doscovery, secondlt the GCP integration.

Somehow I always seem to have the same issue during the mbedtls handshake though

Guillaume K · ‎2022-01-10

Hello

Did you use PuTTY on a Windows PC to configure the Root CA certificate on the serial port ?

The problem with PuTTY is that it sends only Carriage Return characters for end of line. CR-LF or LF is needed.

Make sure the certificate has end of line CR-LF or LF, especially before and after -----END CERTIFICATE-----.

Tera term and Termite are able to send CR-LF or LF for end of line characters.

Cheye.1 · ‎2022-01-10

I've been using teraterm actually, then configure teraterm with Local Echo enabled for the terminal

So to get this correct, do you mean something like this?:

"-----BEGIN CERTIFICATE-----\n" \

"MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk\n" \

"MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH\n" \

"bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX\n" \

"DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD\n" \

"QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu\n" \

"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ\n" \

"FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw\n" \

"DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F\n" \

"uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX\n" \

"kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs\n" \

"ewv4n4Q=\n" \

"-----END CERTIFICATE-----\n" \

I've tried this didn't seem to work either....