Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[paho-dev] Trouble connecting using SSL


I posted a similar question to the mattermost channel
before I realized that this mailing list exists.  It seems like there is
more activity here, so I'm going to re-post.

I am trying to connect to AWS IoT using paho.mqtt.c using a simple
program that I wrote:

I have verified that it *is* possible to open an SSL session using this
openssl s_client -cert ../certs/04ada7f21c-certificate.pem.crt -key
../certs/04ada7f21c-private.pem.key -CAfile
../certs/ca/AmazonRootCA1.pem -connect

I have played around with the SSL settings available in paho and I can't
find a combination that works.  I posted the output of my program
running with trace level PROTOCOL here:

In one instance, I fill in ssl_opts.keyStore and in the other I don't.
It seems that the openssl command I executed above doesn't make use of
the public key file, so I'm guessing that the version where I don't
supply the keyStore to paho might be closer to correct.

The last few lines of the output (without keyStore) are:
> 20181211 220656.062 SSL alert write:fatal:unknown CA
> 20181211 220656.062 SSL connect:error
> In ssl_error_callback with str=140219359057664:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1924:
> Connection failed with code=-1, message=TCP/TLS connect failure> All finished

The last few lines of the output (with keyStore) are:
> 20181211 220543.698 Connecting to serverURI with MQTT version 3
> In ssl_error_callback with str=140643715286784:error:140DC009:SSL routines:use_certificate_chain_file:PEM lib:ssl/ssl_rsa.c:622:
> Connection failed with code=-1, message=TCP/TLS connect failure
> All finished

Do you see issues with my SSL settings in paho?  Is anyone familiar with
some sample code that shows paho.mqtt.c connecting to AWS IoT?


Back to the top