0

I'm trying to run the azure iothub sdk c sample of the mqtt protocol. I've compiled hte project but when I run the program it returns some error about SSL routines

This i the complete error:

error:1416F086: SSL routines:tls_process_server_certificate:certificate verify failed
Info: Closing tlsio from a state other than TLSIO_STATE_EXT_OPEN or TLSIO_STATE_EXT_ERROR

I got only this error repeated five times, one for each accepted message ready to be transmitted to the IoTHub.

I've read that I need to set trust to the openssl certs in the sample directory but I've not figured out how to do this task or how to avoid this problem.

Is there someone who has already faced this issue?

Marco
  • 705
  • 8
  • 28
  • which platform do you run the sample on? And which sdk version did you use?I have test the sample on windows platform with IoT Hub SDK for C, version 1.1.27, it works without issue. – Michael Xu Nov 14 '17 at 07:36
  • I've compiled the SDK for an ARM device running linux 2.6.36 and I got that issue, compiling and running on x86-64 don't give me any error. I think I've made some error in the compiling process. The SDK version is the last which has been released the 2017-11-03 – Marco Nov 14 '17 at 07:44
  • please check that whether the openssl has been installed in your linux OS. – Michael Xu Nov 14 '17 at 08:03
  • I've compiled openssl and its dependencies for the ARM architecture and then I've copied them on the device and referenced them updating LD_LIBRARY_PATH with the location of libssl and dependencies. I was thinking of an error in the makefile I've created but there aren't errors because compilation succceed for x86 – Marco Nov 14 '17 at 08:57
  • Please refer to this link:https://lists.debian.org/debian-kernel/2010/12/msg00219.html. I think you should check the openssl works on your linux2.6.36. – Michael Xu Nov 14 '17 at 09:07
  • the openssl binary works and libraries' dependencies for my test program are satisfied, I've done a check to control that the NEEDED libraries from objdump -p test_ARM are present in the file system. – Marco Nov 14 '17 at 13:58

2 Answers2

0

This document describes in detail how to prepare your development environment as well as how to run the samples on Linux, Windows or other platforms. Please refer to the section to rebuild you code and then run to test.

Michael Xu
  • 4,382
  • 1
  • 8
  • 16
  • I've already followed that document, trying a direct connection to the iothub I've found out that there's a problem with certificates. Openssl client returns to me an **error 20: unable to get local issuer certificate** ,independently of the host on which I try the connection (google, amazon, ecc...) – Marco Nov 15 '17 at 11:35
  • Please use the cmd to check openssl: openssl s_client -connect .azure-devices.net:8883. – Michael Xu Nov 16 '17 at 05:38
  • The output in my previous comment is exactly the one from the command line, it seems that the device isn't able to find the complete certs' chain, despite I've copied the whole /etc/ssl/certs from my development environment to the device and the same command will succeed on that machine – Marco Nov 16 '17 at 07:43
  • Please see here(https://stackoverflow.com/questions/12790572/openssl-unable-to-get-local-issuer-certificate) about the error.Hope that can help you. – Michael Xu Nov 16 '17 at 08:22
0

Try using the TrustedCerts option. With this option you can pass to the SDK the certificate that is used to validate the server's certificate. This is typically used when either you don't have the root certificate, Baltimore CyberTrust, or your device does not have the concept of a trusted root certificate store. You can find an example of this option being used in

<repositoryRoot>\iothub_client\samples\iothub_client_sample_amqp_shared\iothub_client_sample_amqp_shared.c

https://github.com/Azure/azure-iot-sdk-c/blob/44827986929af7f4fbb41806b880a6da4e13d3e8/iothub_client/samples/iothub_client_sample_amqp_shared/iothub_client_sample_amqp_shared.c#L261

Mark Radbourne
  • 528
  • 3
  • 12