Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] MQTTSNGateway and AWS IoT

Hello Tomoaki,

I tried to change SSL context in the Network.cpp file.

Each of the next methods causing "Error: BrokerRecvTask can't receive a
packet from the broker errno=0":

    _ctx = SSL_CTX_new(TLS_client_method());
    _ctx = SSL_CTX_new(TLSv1_2_client_method());
    _ctx = SSL_CTX_new(SSLv23_client_method());

I saw in tcpdump completed handshake sequence.


Next methods causing "SSL_connect() error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure
Error: BrokerSendTask can't connect to the broker.  mqtt-sn-tools-15374":

    _ctx = SSL_CTX_new(TLSv1_client_method());
    _ctx = SSL_CTX_new(TLSv1_1_client_method());

And I saw in tcpdump that handshake was not finished.


With best regards, Sergey.


19.07.2017 14:24, Tomoaki Yamaguchi wrote:
> Hi Sergey,
> 
> I checked the gateway was working with AWS IoT before.
> I will check it again.
> 
> could you try TLS 1.2 ?
> 
> 
> 
> Tomy Technology
> Tomoaki  YAMAGUCHI
> 
> 2017-07-19 20:17 GMT+09:00 Sergey Semernin <sergey.semernin@xxxxxxxxx
> <mailto:sergey.semernin@xxxxxxxxx>>:
> 
>     Hello Tomoaki,
> 
>     Thank you for the answer, and sorry for my english.
> 
>     Yes, of course. I also tried to change client identification string, and
>     then I got error message that client is rejected by the gateway. So,
>     client authentication is working well.
> 
>     Build system: Debian GNU/Linux 9.0, SSL version 1.1.0f.
> 
>     I see successful SSL connection handshake between Gateway and AWS
>     server. But then, the Gateway somehow closing this connection.
>     I tried to deactivate AWS keypair, and then I got "connection error to
>     the broker" on gateway, as expected. So, keypairs is valid too. Some
>     problem in send()/recv() cycle, I suppose.
> 
> 
>     With best regards, Sergey.
> 
> 
>     19.07.2017 14:05, Tomoaki Yamaguchi wrote:
>     > Hi,
>     >
>     > Did you register your ClientID and SensorNet Address address to
>     > clients.conf ?
>     >
>     > In order to authenticate the client, the gateway confirms that the ID
>     > and SensorNet Address are registered in clients.conf in case of TLS
>     > connection.
>     >
>     >
>     > Tomy Technology
>     > Tomoaki  YAMAGUCHI
>     >
>     > 2017-07-19 18:21 GMT+09:00 Sergey Semernin <sergey.semernin@xxxxxxxxx <mailto:sergey.semernin@xxxxxxxxx>
>     > <mailto:sergey.semernin@xxxxxxxxx
>     <mailto:sergey.semernin@xxxxxxxxx>>>:
>     >
>     >     Hello All!
>     >
>     >     I'm new to transparent MQTT-SN gateway that published in Paho project.
>     >     I'm trying to test this gateway with Amazon MQTT message broker. I set
>     >     up SSL/TLS certificates, test connection to the MQTT, and it works.
>     >
>     >     Then, I setup gateway:
>     >
>     >     BrokerName=....iot.eu-central-1.amazonaws.com <http://iot.eu-central-1.amazonaws.com>
>     >     <http://iot.eu-central-1.amazonaws.com
>     <http://iot.eu-central-1.amazonaws.com>>
>     >     BrokerPortNo=1883
>     >     BrokerSecurePortNo=8883
>     >     ClientAuthentication=YES
>     >     ClientsList=clients.conf
>     >
>     >     RootCAfile=root-CA.crt
>     >     CertKey=my-certificate.pem.crt
>     >     PrivateKey=my-private.pem.key
>     >
>     >     GatewayID=1
>     >     GatewayName=PahoGateway-01
>     >     KeepAlive=900
>     >
>     >     GatewayPortNo=10000
>     >     MulticastIP=225.1.1.1
>     >     MulticastPortNo=1883
>     >
>     >     And I'm trying to publish or subscribe with mqtt-sn-tools.
>     >     Each time I got this error:
>     >
>     >     20170719 120527.230   CONNECT           <---  mqtt-sn-tools-7142
>     >              04 04 01 00 0A 6D 71 74 74 2D 73 6E 2D 74 6F 6F 6C 73
>     2D 37 31
>     >     34 32
>     >     20170719 120527.910   CONNECT           --->  mqtt-sn-tools-7142
>     >              10 1E 00 04 4D 51 54 54 04 02 00 0A 00 12 6D 71 74 74
>     2D 73 6E
>     >     2D 74 6F 6F 6C 73 2D 37 31 34 32
>     >     Error: BrokerRecvTask can't receive a packet from the broker
>     errno=0
>     >     mqtt-sn-tools-7142
>     >
>     >     I checked traffic with tcpdump and saw that SSL/TLS connection
>     with AWS
>     >     cloud is present. But nothing more.
>     >
>     >     What I missed? Or this gateway just not working/not tested
>     with AWS MQTT
>     >     broker?
>     >
>     >
>     >     With best regards, Sergey.
>     >     _______________________________________________
>     >     paho-dev mailing list
>     >     paho-dev@xxxxxxxxxxx <mailto:paho-dev@xxxxxxxxxxx>
>     <mailto:paho-dev@xxxxxxxxxxx <mailto:paho-dev@xxxxxxxxxxx>>
>     >     To change your delivery options, retrieve your password, or
>     >     unsubscribe from this list, visit
>     >     https://dev.eclipse.org/mailman/listinfo/paho-dev
>     <https://dev.eclipse.org/mailman/listinfo/paho-dev>
>     >     <https://dev.eclipse.org/mailman/listinfo/paho-dev
>     <https://dev.eclipse.org/mailman/listinfo/paho-dev>>
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > paho-dev mailing list
>     > paho-dev@xxxxxxxxxxx <mailto:paho-dev@xxxxxxxxxxx>
>     > To change your delivery options, retrieve your password, or
>     unsubscribe from this list, visit
>     > https://dev.eclipse.org/mailman/listinfo/paho-dev
>     <https://dev.eclipse.org/mailman/listinfo/paho-dev>
>     >
>     _______________________________________________
>     paho-dev mailing list
>     paho-dev@xxxxxxxxxxx <mailto:paho-dev@xxxxxxxxxxx>
>     To change your delivery options, retrieve your password, or
>     unsubscribe from this list, visit
>     https://dev.eclipse.org/mailman/listinfo/paho-dev
>     <https://dev.eclipse.org/mailman/listinfo/paho-dev>
> 
> 
> 
> 
> _______________________________________________
> paho-dev mailing list
> paho-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/paho-dev
> 


Back to the top