amazon-web-services - 错误：iot_tls_connect L#232 失败！mbedtls_ssl_handshake 返回 -0x2700

问题描述

目前我和我的学习小组正在做一个项目。为了尝试使用 AWS IoT Core，我们尝试使用 aws-iot-device-sdk-embedded-c。我们创建了一个事物，创建了一个证书并下载了私钥、公共（无缘无故）密钥、证书并下载了一个根 Ca。我们已将这些密钥和证书放在 certs 文件夹中。该事物还具有允许当前一切的策略。在保护任何东西之前，我们只需要一个简单的连接。

我们希望在继续将 SDK 用于我们自己的目的之前，只需使用 SDK 中的 subscribe_publish_sample 进行连接。

我们编辑了 aws_iot_config.h 文件以匹配我们影子的证书、密钥和主机名的命名。

到目前为止，我们无法在任何论坛上找到有关 -0x2700 错误代码的特定帖子。

输出：

AWS IoT SDK Version 3.0.1-

DEBUG:   main L#159 rootCA /Users/Andy/Documents/Arduino/libraries/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/rootCa.pem
DEBUG:   main L#160 clientCRT /Users/Andy/Documents/Arduino/libraries/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/2386622fde-certificate.pem.crt
DEBUG:   main L#161 clientKey /Users/Andy/Documents/Arduino/libraries/aws-iot-device-sdk-embedded-C/samples/linux/subscribe_publish_sample/../../../certs/2386622fde-private.pem.key
Connecting...
DEBUG:   iot_tls_connect L#130 
  . Seeding the random number generator...
DEBUG:   iot_tls_connect L#138   . Loading the CA root certificate ...
DEBUG:   iot_tls_connect L#144  ok (0 skipped)

DEBUG:   iot_tls_connect L#146   . Loading the client cert. and key...
DEBUG:   iot_tls_connect L#159  ok

DEBUG:   iot_tls_connect L#161   . Connecting to xxxxxxxxx-xxx.iot.eu-west-1.amazonaws.com/8883...
DEBUG:   iot_tls_connect L#180  ok

DEBUG:   iot_tls_connect L#182   . Setting up the SSL/TLS structure...
DEBUG:   iot_tls_connect L#223 

SSL state connect : 0 
DEBUG:   iot_tls_connect L#226  ok

DEBUG:   iot_tls_connect L#228 

SSL state connect : 0 
DEBUG:   iot_tls_connect L#229   . Performing the SSL/TLS handshake...
DEBUG:   _iot_tls_verify_cert L#49 
Verify requested for (Depth 3):

DEBUG:   _iot_tls_verify_cert L#51 cert. version     : 3
serial number     : A7:0E:4A:4C:34:82:B7:7F
issuer name       : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
subject name      : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
issued  on        : 2009-09-02 00:00:00
expires on        : 2034-06-28 17:39:16
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage         : Digital Signature, Key Cert Sign, CRL Sign

DEBUG:   _iot_tls_verify_cert L#56 cert. version     : 3
serial number     : A7:0E:4A:4C:34:82:B7:7F
issuer name       : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
subject name      : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
issued  on        : 2009-09-02 00:00:00
expires on        : 2034-06-28 17:39:16
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage         : Digital Signature, Key Cert Sign, CRL Sign

DEBUG:   _iot_tls_verify_cert L#57 cert. version     : 3
serial number     : A7:0E:4A:4C:34:82:B7:7F
issuer name       : C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
subject name      : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
issued  on        : 2009-09-02 00:00:00
expires on        : 2034-06-28 17:39:16
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage         : Digital Signature, Key Cert Sign, CRL Sign


DEBUG:   _iot_tls_verify_cert L#49 
Verify requested for (Depth 2):

DEBUG:   _iot_tls_verify_cert L#51 cert. version     : 3
serial number     : 06:7F:94:4A:2A:27:CD:F3:FA:C2:AE:2B:01:F9:08:EE:B9:C4:C6
issuer name       : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
subject name      : C=US, O=Amazon, CN=Amazon Root CA 1
issued  on        : 2015-05-25 12:00:00
expires on        : 2037-12-31 01:00:00
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage         : Digital Signature, Key Cert Sign, CRL Sign

DEBUG:   _iot_tls_verify_cert L#54   This certificate has no flags

DEBUG:   _iot_tls_verify_cert L#49 
Verify requested for (Depth 1):

DEBUG:   _iot_tls_verify_cert L#51 cert. version     : 3
serial number     : 06:7F:94:57:85:87:E8:AC:77:DE:B2:53:32:5B:BC:99:8B:56:0D
issuer name       : C=US, O=Amazon, CN=Amazon Root CA 1
subject name      : C=US, O=Amazon, OU=Server CA 1B, CN=Amazon
issued  on        : 2015-10-22 00:00:00
expires on        : 2025-10-19 00:00:00
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true, max_pathlen=0
key usage         : Digital Signature, Key Cert Sign, CRL Sign

DEBUG:   _iot_tls_verify_cert L#54   This certificate has no flags

DEBUG:   _iot_tls_verify_cert L#49 
Verify requested for (Depth 0):

DEBUG:   _iot_tls_verify_cert L#51 cert. version     : 3
serial number     : 06:C9:C7:B7:84:F0:8F:8B:34:87:5D:DD:81:FF:E4:F0
issuer name       : C=US, O=Amazon, OU=Server CA 1B, CN=Amazon
subject name      : CN=*.iot.eu-west-1.amazonaws.com
issued  on        : 2018-08-02 00:00:00
expires on        : 2019-08-02 12:00:00
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : iot.eu-west-1.amazonaws.com, *.iot.eu-west-1.amazonaws.com
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication

DEBUG:   _iot_tls_verify_cert L#54   This certificate has no flags

ERROR: iot_tls_connect L#232  failed
  ! mbedtls_ssl_handshake returned -0x2700

ERROR: iot_tls_connect L#239     Unable to verify the server's certificate. Either it is invalid,
    or you didn't set ca_file or ca_path to an appropriate value.
    Alternatively, you may want to use auth_mode=optional for testing purposes.

ERROR: main L#190 Error(-4) connecting to xxxxxxxxx-xxxx.iot.eu-west-1.amazonaws.com:8883

我们已经尝试替换所有证书、密钥、事物、策略等，所以我们一定做错了什么。

标签： amazon-web-servicesiot