Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] Trouble connecting using SSL

Hi David,

there's a bug in 1.3.0 where the newly added CApath TLS option doesn't work (see  That will have been confusing you.

If you use the trustStore option (equivalent to CAfile), then it should work.


On 12/12/2018 17:02, David Frey wrote:

I posted a similar question to the mattermost channel
before I realized that this mailing list exists.  It seems like there is
more activity here, so I'm going to re-post.

I am trying to connect to AWS IoT using paho.mqtt.c using a simple
program that I wrote:

I have verified that it *is* possible to open an SSL session using this
openssl s_client -cert ../certs/04ada7f21c-certificate.pem.crt -key
../certs/04ada7f21c-private.pem.key -CAfile
../certs/ca/AmazonRootCA1.pem -connect

I have played around with the SSL settings available in paho and I can't
find a combination that works.  I posted the output of my program
running with trace level PROTOCOL here:

In one instance, I fill in ssl_opts.keyStore and in the other I don't.
It seems that the openssl command I executed above doesn't make use of
the public key file, so I'm guessing that the version where I don't
supply the keyStore to paho might be closer to correct.

The last few lines of the output (without keyStore) are:
20181211 220656.062 SSL alert write:fatal:unknown CA
20181211 220656.062 SSL connect:error
In ssl_error_callback with str=140219359057664:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1924:

Connection failed with code=-1, message=TCP/TLS connect failure> All finished

The last few lines of the output (with keyStore) are:
20181211 220543.698 Connecting to serverURI with MQTT version 3
In ssl_error_callback with str=140643715286784:error:140DC009:SSL routines:use_certificate_chain_file:PEM lib:ssl/ssl_rsa.c:622:

Connection failed with code=-1, message=TCP/TLS connect failure
All finished
Do you see issues with my SSL settings in paho?  Is anyone familiar with
some sample code that shows paho.mqtt.c connecting to AWS IoT?

paho-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Ian Craggs
icraggs@xxxxxxxxxx                 IBM United Kingdom
Eclipse Paho Project Lead & Mosquitto Committer

Back to the top