时间戳

首页 > 解决方案 > Azure Sphere 无法连接到 Edge 设备——TLS 握手失败

ssl - Azure Sphere 无法连接到 Edge 设备——TLS 握手失败

问题描述

我正在尝试以嵌套方式将 Azure Sphere 设备配置和设置为 IoT Edge 设备的子设备。以下是程序

  1. 按照此链接https://docs.microsoft.com/en-us/azure/iot-edge/tutorial-nested-iot-edge?view=iotedge-2020-11形成 Azure IoT Edge 设备的层次结构(顶层+ 低层 1 + 低层 2),共 3 层

  2. 按照https://docs.microsoft.com/en-us/azure-sphere/app-development/setup-iot-edge?tabs=cliv1将SPhere配置为顶层的子设备。

  3. 我正在使用 Azure 示例、Azure IoT 示例连接到边缘设备。对 CMakeLists.txt 和 app_manifest.json 文件进行了必要的更改(主机名作为边缘设备的 IP 地址,证书作为在上面第 1 步生成的根证书 (iotedge_config_cli_root.pem))

  4. 通过 Azure 门户将 Azure Sphere 设备设置为边缘设备(顶层)的子设备。

  5. Azure Sphere 设备是按照链接https://docs.microsoft.com/en-us/azure-sphere/app-development/setup-iot-hub?tabs=cliv2beta中的说明手动预配的

  6. Azure Edge 设备,按照步骤 6。将 Azure Sphere 设备的租户 CA 证书提供给 IoT Edge 设备,将 PEM 格式的租户 CA 证书附加到 iotedge_config_cli_root.pem。

  7. 重新启动边缘设备并尝试将设备尝试连接到边缘设备。但它没有成功。以下是 edgeHub 模块的错误

    <4> 2021-08-18 13:09:00.901 +00:00 [WRN] - TLS handshake failed., System.AggregateException: One or more errors occurred. (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate --- End of inner exception stack trace --- at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) --- End of inner exception stack trace --- at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Net.Security.SslStream.ThrowIfExceptional() at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__68_2(IAsyncResult iar) at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task``1 promise, Boolean requiresSynchronization) --- End of inner exception stack trace ---, 734368d8 <4> 2021-08-18 13:10:01.660 +00:00 [WRN] - TLS handshake failed., System.IO.IOException: Channel is closed, 5cc9b5ea

  8. 在下面的球体一侧是错误的

    IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. /run/daa/41d781ff-519a-406d-b1dd-c4078f372dff [Azure IoT] Using HSM cert at /run/daa/41d781ff-519a-406d-b1dd-c4078f372dff [Azure IoT] Using HSM cert at /run/daa/41d781ff-519a-406d-b1dd-c4078f372dff [Azure IoT] Using HSM cert at /run/daa/41d781ff-519a-406d-b1dd-c4078f372dffINFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started.**'

  9. 根据https://github.com/Azure/azure-sphere-samples/blob/master/Samples/AzureIoT/Troubleshooting.md错误指向这些错误可能会在以下情况下发生:

  10. IoT Edge 设备上尚未打开入站端口 8883。有关详细信息,请参阅打开 IoT Edge 网关设备端口进行通信中的步骤 3。

  11. 该示例使用了不正确或无效的 IoT Edge 设备根 CA 证书。

  12. edgeAgent 和 edgeHub 模块未在 IoT Edge 设备上运行。

但是可以排除原因1和3。入站端口 8883 在边缘设备上打开,并且所有边缘模块都在运行。

需要您的帮助来解决此问题。请注意,球体设备能够直接连接到 IoT 中心。

谢谢,吉文

标签: sslgatewayazure-iot-edgeazure-sphere

解决方案

在 EdgeHub 模块中将环境变量“OptimizeForPerformance”设置为 false 对出现 TLS 握手错误的人有效(https://github.com/MicrosoftDocs/azure-docs/issues/15565https://github.com/Azure /iotedge/issues/159 )

但是我也遇到了这个错误,OptimizeForPerformance 是错误的,我还没有找到解决方案。我也认为这可能是模块之间的证书通信问题。您可以尝试注释掉配置中的证书设置部分。

我也很好奇您用于 ca 部分的证书中包含什么?

推荐阅读