amazon-web-services - 错误:iot_tls_connect L#232 失败!mbedtls_ssl_handshake 返回 -0x2700
问题描述
目前我和我的学习小组正在做一个项目。为了尝试使用 AWS IoT Core,我们尝试使用 aws-iot-device-sdk-embedded-c。我们创建了一个事物,创建了一个证书并下载了私钥、公共(无缘无故)密钥、证书并下载了一个根 Ca。我们已将这些密钥和证书放在 certs 文件夹中。该事物还具有允许当前一切的策略。在保护任何东西之前,我们只需要一个简单的连接。
我们希望在继续将 SDK 用于我们自己的目的之前,只需使用 SDK 中的 subscribe_publish_sample 进行连接。
我们编辑了 aws_iot_config.h 文件以匹配我们影子的证书、密钥和主机名的命名。
到目前为止,我们无法在任何论坛上找到有关 -0x2700 错误代码的特定帖子。
输出:
AWS IoT SDK Version 3.0.1-
DEBUG: main L#159 rootCA /Users/Andy/Documents/Arduino/libraries/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/rootCa.pem
DEBUG: main L#160 clientCRT /Users/Andy/Documents/Arduino/libraries/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/2386622fde-certificate.pem.crt
DEBUG: main L#161 clientKey /Users/Andy/Documents/Arduino/libraries/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/2386622fde-private.pem.key
Connecting...
DEBUG: iot_tls_connect L#130
. Seeding the random number generator...
DEBUG: iot_tls_connect L#138 . Loading the CA root certificate ...
DEBUG: iot_tls_connect L#144 ok (0 skipped)
DEBUG: iot_tls_connect L#146 . Loading the client cert. and key...
DEBUG: iot_tls_connect L#159 ok
DEBUG: iot_tls_connect L#161 . Connecting to xxxxxxxxx-xxx.iot.eu-west-1.amazonaws.com/8883...
DEBUG: iot_tls_connect L#180 ok
DEBUG: iot_tls_connect L#182 . Setting up the SSL/TLS structure...
DEBUG: iot_tls_connect L#223
SSL state connect : 0
DEBUG: iot_tls_connect L#226 ok
DEBUG: iot_tls_connect L#228
SSL state connect : 0
DEBUG: iot_tls_connect L#229 . Performing the SSL/TLS handshake...
DEBUG: _iot_tls_verify_cert L#49
Verify requested for (Depth 3):
DEBUG: _iot_tls_verify_cert L#51 cert. version : 3
serial number : A7:0E:4A:4C:34:82:B7:7F
issuer name : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
subject name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
issued on : 2009-09-02 00:00:00
expires on : 2034-06-28 17:39:16
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Digital Signature, Key Cert Sign, CRL Sign
DEBUG: _iot_tls_verify_cert L#56 cert. version : 3
serial number : A7:0E:4A:4C:34:82:B7:7F
issuer name : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
subject name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
issued on : 2009-09-02 00:00:00
expires on : 2034-06-28 17:39:16
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Digital Signature, Key Cert Sign, CRL Sign
DEBUG: _iot_tls_verify_cert L#57 cert. version : 3
serial number : A7:0E:4A:4C:34:82:B7:7F
issuer name : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
subject name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
issued on : 2009-09-02 00:00:00
expires on : 2034-06-28 17:39:16
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Digital Signature, Key Cert Sign, CRL Sign
DEBUG: _iot_tls_verify_cert L#49
Verify requested for (Depth 2):
DEBUG: _iot_tls_verify_cert L#51 cert. version : 3
serial number : 06:7F:94:4A:2A:27:CD:F3:FA:C2:AE:2B:01:F9:08:EE:B9:C4:C6
issuer name : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
subject name : C=US, O=Amazon, CN=Amazon Root CA 1
issued on : 2015-05-25 12:00:00
expires on : 2037-12-31 01:00:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Digital Signature, Key Cert Sign, CRL Sign
DEBUG: _iot_tls_verify_cert L#54 This certificate has no flags
DEBUG: _iot_tls_verify_cert L#49
Verify requested for (Depth 1):
DEBUG: _iot_tls_verify_cert L#51 cert. version : 3
serial number : 06:7F:94:57:85:87:E8:AC:77:DE:B2:53:32:5B:BC:99:8B:56:0D
issuer name : C=US, O=Amazon, CN=Amazon Root CA 1
subject name : C=US, O=Amazon, OU=Server CA 1B, CN=Amazon
issued on : 2015-10-22 00:00:00
expires on : 2025-10-19 00:00:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true, max_pathlen=0
key usage : Digital Signature, Key Cert Sign, CRL Sign
DEBUG: _iot_tls_verify_cert L#54 This certificate has no flags
DEBUG: _iot_tls_verify_cert L#49
Verify requested for (Depth 0):
DEBUG: _iot_tls_verify_cert L#51 cert. version : 3
serial number : 06:C9:C7:B7:84:F0:8F:8B:34:87:5D:DD:81:FF:E4:F0
issuer name : C=US, O=Amazon, OU=Server CA 1B, CN=Amazon
subject name : CN=*.iot.eu-west-1.amazonaws.com
issued on : 2018-08-02 00:00:00
expires on : 2019-08-02 12:00:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : iot.eu-west-1.amazonaws.com, *.iot.eu-west-1.amazonaws.com
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
DEBUG: _iot_tls_verify_cert L#54 This certificate has no flags
ERROR: iot_tls_connect L#232 failed
! mbedtls_ssl_handshake returned -0x2700
ERROR: iot_tls_connect L#239 Unable to verify the server's certificate. Either it is invalid,
or you didn't set ca_file or ca_path to an appropriate value.
Alternatively, you may want to use auth_mode=optional for testing purposes.
ERROR: main L#190 Error(-4) connecting to xxxxxxxxx-xxxx.iot.eu-west-1.amazonaws.com:8883
我们已经尝试替换所有证书、密钥、事物、策略等,所以我们一定做错了什么。
解决方案
在这种情况下,一个常见的问题是我的 greengrass 组没有正确的订阅。
AWS IoT Core 在 MQTT 上使用,因此请在以下位置启用正确的主题来分享您的东西:
The greengrass group subscriptions
The thing's certificate.
维克多·尼泽伊马纳
推荐阅读
- reactjs - 即使响应为 200,S3 React Typescript 也不会上传文件
- node.js - 如何在 MERN 应用中实现登录功能?
- vba - 如何使用用于格式化表格的宏计算选择中有多少个选项卡
- php - PHP比较字符串日期值正在输出不同的输出
- java - 是否可以通过使用 Google Map API 知道特定街道是否是一种方式?
- domain-driven-design - 为什么存储库与域实体一起使用?
- sql - 将所有行从一个表复制到另一个而不写出所有列
- java - 我正在尝试获取 json 文件的特定字符串
- json - 使用 Postman 调用 Web 服务
- javascript - 如何在 Angular 中使用异步函数的结果