diff --git a/libraries/freertos_plus/aws/greengrass/src/aws_helper_secure_connect.c b/libraries/freertos_plus/aws/greengrass/src/aws_helper_secure_connect.c index c0ea98f71e5..ab1b6c17a18 100644 --- a/libraries/freertos_plus/aws/greengrass/src/aws_helper_secure_connect.c +++ b/libraries/freertos_plus/aws/greengrass/src/aws_helper_secure_connect.c @@ -65,6 +65,7 @@ BaseType_t GGD_SecureConnect_Connect( const GGD_HostAddressData_t * pxHostAddres size_t xURLLength; BaseType_t xIsIPAddress; BaseType_t xStatus; + int32_t returnCode; configASSERT( pxHostAddressData != NULL ); configASSERT( pxSocket != NULL ); @@ -105,6 +106,13 @@ BaseType_t GGD_SecureConnect_Connect( const GGD_HostAddressData_t * pxHostAddres xServerAddress.usPort = SOCKETS_htons( pxHostAddressData->usPort ); xServerAddress.ulAddress = SOCKETS_GetHostByName( pxHostAddressData->pcHostAddress ); + + if( xServerAddress.ulAddress == 0u ) + { + ggdconfigPRINT( "ERROR! Failed to resolve host address: ServerHost=%.*s", + xURLLength, pxHostAddressData->pcHostAddress ); + } + xServerAddress.ucSocketDomain = SOCKETS_AF_INET; /* Set send timeout for the socket. */ @@ -130,26 +138,35 @@ BaseType_t GGD_SecureConnect_Connect( const GGD_HostAddressData_t * pxHostAddres if( pxHostAddressData->pcCertificate != NULL ) { - if( SOCKETS_SetSockOpt( *pxSocket, - 0, - SOCKETS_SO_TRUSTED_SERVER_CERTIFICATE, - pxHostAddressData->pcCertificate, - ( size_t ) pxHostAddressData->ulCertificateSize ) - != SOCKETS_ERROR_NONE ) + /* Override TLS trust store with server certificate. */ + returnCode = SOCKETS_SetSockOpt( *pxSocket, + 0, + SOCKETS_SO_TRUSTED_SERVER_CERTIFICATE, + pxHostAddressData->pcCertificate, + ( size_t ) pxHostAddressData->ulCertificateSize ); + + if( returnCode != SOCKETS_ERROR_NONE ) { + ggdconfigPRINT( "ERROR! Failure in SOCKET_SetSockOpt call for overriding TLS trust store: " + "ReturnCode=%d\r\n", returnCode ); xStatus = pdFAIL; } } if( xIsIPAddress == pdFALSE ) { - if( SOCKETS_SetSockOpt( *pxSocket, - 0, - SOCKETS_SO_SERVER_NAME_INDICATION, - pxHostAddressData->pcHostAddress, - ( size_t ) 1 + xURLLength ) - != SOCKETS_ERROR_NONE ) + /* Enable use of SNI in TLS. */ + returnCode = SOCKETS_SetSockOpt( *pxSocket, + 0, + SOCKETS_SO_SERVER_NAME_INDICATION, + pxHostAddressData->pcHostAddress, + ( size_t ) 1 + xURLLength ); + + if( returnCode != SOCKETS_ERROR_NONE ) { + ggdconfigPRINT( "ERROR! Failure in SOCKET_SetSockOpt call for enabling TLS SNI: " + "ServerHost=%.*s, ReturnCode=%d\r\n", + xURLLength, pxHostAddressData->pcHostAddress, returnCode ); xStatus = pdFAIL; } } @@ -157,11 +174,14 @@ BaseType_t GGD_SecureConnect_Connect( const GGD_HostAddressData_t * pxHostAddres /* Establish the TCP connection. */ if( pdPASS == xStatus ) { - if( ( SOCKETS_Connect( *pxSocket, - &xServerAddress, - ( uint32_t ) sizeof( xServerAddress ) ) - != SOCKETS_ERROR_NONE ) ) + returnCode = SOCKETS_Connect( *pxSocket, + &xServerAddress, + ( uint32_t ) sizeof( xServerAddress ) ); + + if( returnCode != SOCKETS_ERROR_NONE ) { + ggdconfigPRINT( "ERROR! SOCKETS_Connect call failed: ServerAddress=%lu, Port=%u, ReturnCode=%d\r\n", + xServerAddress.ulAddress, xServerAddress.usPort, returnCode ); GGD_SecureConnect_Disconnect( pxSocket ); xStatus = pdFAIL; } diff --git a/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_demos/config_files/FreeRTOSConfig.h b/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_demos/config_files/FreeRTOSConfig.h index 6aca992a944..29e7b2024aa 100644 --- a/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_demos/config_files/FreeRTOSConfig.h +++ b/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_demos/config_files/FreeRTOSConfig.h @@ -143,7 +143,7 @@ void vLoggingPrintf( const char * pcFormat, ... ); /* Map the FreeRTOS printf() to the logging task printf. */ -#define configPRINTF( x ) printf x //vLoggingPrintf x +#define configPRINTF( x ) vLoggingPrintf x /* Non-format version thread-safe print */ #define configPRINT( X ) vLoggingPrint( X ) @@ -152,7 +152,7 @@ void vLoggingPrintf( const char * pcFormat, /* Sets the length of the buffers into which logging messages are written - so * also defines the maximum length of each log message. */ -#define configLOGGING_MAX_MESSAGE_LENGTH 80 +#define configLOGGING_MAX_MESSAGE_LENGTH 128 /* Set to 1 to prepend each log message with a message number, the task name, * and a time stamp. */ diff --git a/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_demos/config_files/FreeRTOSIPConfig.h b/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_demos/config_files/FreeRTOSIPConfig.h index 2ab69971f9e..25492aef9b6 100644 --- a/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_demos/config_files/FreeRTOSIPConfig.h +++ b/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_demos/config_files/FreeRTOSIPConfig.h @@ -47,7 +47,7 @@ extern void vLoggingPrintf( const char * pcFormatString, * out the debugging messages. */ #define ipconfigHAS_DEBUG_PRINTF 0 #if ( ipconfigHAS_DEBUG_PRINTF == 1 ) - #define FreeRTOS_debug_printf( X ) vLoggingPrintf( X ) + #define FreeRTOS_debug_printf( X ) configPRINTF( X ) #endif /* Set to 1 to print out non debugging messages, for example the output of the @@ -200,7 +200,7 @@ extern uint32_t numaker_ulRand(void); * ipconfigINCLUDE_FULL_INET_ADDR is set to 1 then both FreeRTOS_inet_addr() and * FreeRTOS_indet_addr_quick() are available. If ipconfigINCLUDE_FULL_INET_ADDR is * not set to 1 then only FreeRTOS_indet_addr_quick() is available. */ -#define ipconfigINCLUDE_FULL_INET_ADDR 0 +#define ipconfigINCLUDE_FULL_INET_ADDR 1 /* ipconfigNUM_NETWORK_BUFFER_DESCRIPTORS defines the total number of network buffer that * are available to the IP stack. The total number of network buffers is limited diff --git a/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_tests/config_files/FreeRTOSIPConfig.h b/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_tests/config_files/FreeRTOSIPConfig.h index 10eea000b17..6b9ba3d8b3a 100644 --- a/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_tests/config_files/FreeRTOSIPConfig.h +++ b/vendors/nuvoton/boards/numaker_iot_m487_wifi/aws_tests/config_files/FreeRTOSIPConfig.h @@ -45,9 +45,9 @@ extern void vLoggingPrintf( const char * pcFormatString, /* Set to 1 to print out debug messages. If ipconfigHAS_DEBUG_PRINTF is set to * 1 then FreeRTOS_debug_printf should be defined to the function used to print * out the debugging messages. */ -#define ipconfigHAS_DEBUG_PRINTF 0 //1 +#define ipconfigHAS_DEBUG_PRINTF 0 #if ( ipconfigHAS_DEBUG_PRINTF == 1 ) - #define FreeRTOS_debug_printf( X ) vLoggingPrintf( X )//configPRINTF( X ) + #define FreeRTOS_debug_printf( X ) configPRINTF( X ) #endif /* Set to 1 to print out non debugging messages, for example the output of the @@ -118,7 +118,7 @@ extern void vLoggingPrintf( const char * pcFormatString, * number generation is performed via this macro to allow applications to use their * own random number generation method. For example, it might be possible to * generate a random number by sampling noise on an analogue input. */ -extern uint32_t numaker_ulRand(void); +extern uint32_t numaker_ulRand( void ); #define ipconfigRAND32() numaker_ulRand() /* If ipconfigUSE_NETWORK_EVENT_HOOK is set to 1 then FreeRTOS+TCP will call the @@ -206,7 +206,7 @@ extern uint32_t numaker_ulRand(void); * are available to the IP stack. The total number of network buffers is limited * to ensure the total amount of RAM that can be consumed by the IP stack is capped * to a pre-determinable value. */ -#define ipconfigNUM_NETWORK_BUFFER_DESCRIPTORS 5//16 +#define ipconfigNUM_NETWORK_BUFFER_DESCRIPTORS 5 /* A FreeRTOS queue is used to send events from application tasks to the IP * stack. ipconfigEVENT_QUEUE_LENGTH sets the maximum number of events that can