tls invalid key heartache.

[Trackguardian1]

I am trying to create a connection to an mqtt server in aws (a thing) I have a regular python script that seems to work just great but try as I like I just cant get past invalid key on micropython.

I am using the very latest preview:
MicroPython v1.24.0-preview.149.g6007f3e20 on 2024-07-26; Raspberry Pi Pico W with RP2040

I have tried both pem and der certs but all the same, I understand that ssl has be deprecated into tls now and I always fail on ontext.load_cert_chain(cert_data, key_data)

Here is an example of what I am doing to try and connect, again my certs work as .pem files in normal python.

`import tls
import socket

Load the DER formatted files

with open("/cert/certificate.der", "rb") as cert_file:
cert_data = cert_file.read()
with open("/cert/private_key.der", "rb") as key_file:
key_data = key_file.read()
with open("/cert/ca_certificate.der", "rb") as ca_file:
ca_data = ca_file.read()

print("Certificate length:", len(cert_data))
print("Private key length:", len(key_data))
print("CA certificate length:", len(ca_data))

Create and configure SSL context

context = tls.SSLContext(tls.PROTOCOL_TLS_CLIENT)
context.set_ciphers(["TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"])

Attempt to load the certificates and key

try:
context.load_cert_chain(cert_data, key_data)
context.load_verify_locations(ca_data)
print("Certificates loaded successfully.")
except ValueError as e:
print(f"Error loading certificates: {e}")
except Exception as e:
print(f"Unexpected error loading certificates: {e}")

Create a socket and wrap it with SSL

try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = context.wrap_socket(sock, server_hostname="myurl.net")
ssl_sock.connect(("18.132.144.20", 443))
print("SSL connection established successfully.")

except Exception as e:
print(f"Error establishing SSL connection: {e}")`

This returns

`>>> %Run -c $EDITOR_CONTENT

MPY: soft reboot
Certificate length: 861
Private key length: 1217
CA certificate length: 837
Error loading certificates: invalid key
Error establishing SSL connection: [Errno 107] ENOTCONN

`

I am really pulling out my hair on this one. Does anyone have a tls example that works, if it works with AWS that would be even better.

Thanks in advance
Gus

[davefes]

Edit your code following the guidelines in the Welcome post. Indentation is important.

[Trackguardian1]

I used code sniper markers 'code' I did thi k that would maintain the code format or did I miss something?

[davefes]

For blocks of code, use triple backticks with an optional language specifier.

triple back ticks then py at the beginning of the code block
and triple backticks to finish

[davefes]

There was a post recently on using markers 'code'

[vasili1]

Hey, i just had a very similar issue with a pico w and aws iot as well. I described it here: #15674
Using the latest firmware, published just today, did the trick for me: MicroPython v1.24.0-preview.206.ge9814e987 on 2024-08-18; Raspberry Pi Pico W with RP2040

[dreambucket13]

Same here. Validating the key failed with MicroPython v1.23.0, was successful with v1.24.0-preview.286.g042693496 (2024-09-04).