[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
| [paho-dev] Trouble connecting using SSL | 
Hi,
I posted a similar question to the mattermost channel
(https://mattermost.eclipse.org/eclipse/pl/tzh9jd7sw3n3x8focqapiebrnc)
before I realized that this mailing list exists.  It seems like there is
more activity here, so I'm going to re-post.
I am trying to connect to AWS IoT using paho.mqtt.c using a simple
program that I wrote:
https://github.com/dpfrey/aws_iot_mqtt_example/blob/master/main.c
I have verified that it *is* possible to open an SSL session using this
command:
openssl s_client -cert ../certs/04ada7f21c-certificate.pem.crt -key
../certs/04ada7f21c-private.pem.key -CAfile
../certs/ca/AmazonRootCA1.pem -connect
acsf8ikktv204-ats.iot.us-west-2.amazonaws.com:8883
I have played around with the SSL settings available in paho and I can't
find a combination that works.  I posted the output of my program
running with trace level PROTOCOL here:
https://gist.github.com/dpfrey/1a07d5d64bb305fa764bba043170bf24
In one instance, I fill in ssl_opts.keyStore and in the other I don't.
It seems that the openssl command I executed above doesn't make use of
the public key file, so I'm guessing that the version where I don't
supply the keyStore to paho might be closer to correct.
The last few lines of the output (without keyStore) are:
> 20181211 220656.062 SSL alert write:fatal:unknown CA
> 20181211 220656.062 SSL connect:error
> In ssl_error_callback with str=140219359057664:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1924:
> 
> Connection failed with code=-1, message=TCP/TLS connect failure> All finished
The last few lines of the output (with keyStore) are:
> 20181211 220543.698 Connecting to serverURI acsf8ikktv204-ats.iot.us-west-2.amazonaws.com:8883 with MQTT version 3
> In ssl_error_callback with str=140643715286784:error:140DC009:SSL routines:use_certificate_chain_file:PEM lib:ssl/ssl_rsa.c:622:
> 
> Connection failed with code=-1, message=TCP/TLS connect failure
> All finished
Do you see issues with my SSL settings in paho?  Is anyone familiar with
some sample code that shows paho.mqtt.c connecting to AWS IoT?
Thanks,
David