[BUG] `CORE_MQTT_MUTUAL_AUTH` Demo: Failed to establish new connection about amazon-freertos HOT 5 CLOSED

Hi @laukik-hase

I tried with the commit b3fde23 on main branch, but could not reproduce the issue. Please find attached logs for MQTT Mutual Auth demo on ESP32 WROOM board.

mqtt_success_logs.txt

7 601 [iot_thread] ERROR: TLS handshake failed trying to connect. SSL - The connection indicated an EOF :
8 601 [iot_thread] TLS_Connect fail (0x7280, a10y2vqnezxqbn-ats.iot.us-east-1.amazonaws.com)

The error 0x7280 in your log indicates a terminated connection by the server. Can you confirm if the certificate used is valid and registered with AWS IoT ? Also could you check if the policy attached to the certificate has sufficient permissions?

from amazon-freertos.

Hello, @ravibhagavandas!

I have checked the AWS IoT configuration (thing, certificate and policy attached) and it is correct.
I am confused why a configuration would work at 8e69ca7 but fail at a commit just after it.

(Note: The demo also works on the 202203.00 release with the same config)

Apart from setting the appropriate parameters in aws_clientcredential.h and aws_clientcredential_keys.h, is anything else required for the mqtt_demo_mutual_auth on the latest main branch?

from amazon-freertos.

Apart from setting the appropriate parameters in aws_clientcredential.h and aws_clientcredential_keys.h, is anything else required for the mqtt_demo_mutual_auth on the latest main branch?

Only these configuration files needs to be modified for the demo.

Could you enable mbedtls debug logs and share the logs for TLS handshake failure?

from amazon-freertos.

PFA the Mbed TLS debug logs: mqtt_fail.log

On another note, increasing the mqttexampleTRANSPORT_SEND_RECV_TIMEOUT_MS to 1000 in mqtt_demo_mutual_auth.c makes the example run as expected.

from amazon-freertos.

We have seen changes to the timeout making a big difference in different regions.

from amazon-freertos.