0

I have been trying to connect to the broker for a while. But I get the following error when I use the dns: ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'ec2-x-x-x-x.us-east-2.compute.amazonaws.com'. (_ssl.c:1131) When I use the ip address I get this: Error ! Result code 5 Here is my code:

import paho.mqtt.client as mqtt

devEUI = "8CF9572000023509"
appsKey = "6C1E294550045DCF651F4A33F2C01594"
appKey = "2B7E151628AED2A6ABF7158809CF4F3C"
devAddr = "005C0591"
MQTT_HOST = "ec2-x-x-x-x.us-east-2.compute.amazonaws.com"
BROKER_PORT = 2883
MQTT_KEEPALIVE_INTERVAL = 45


def on_log(client,userdata,level,buf):
    print("log: ",buf)

def on_connect(client, userdata, flags, rc):  
    if int(rc) == 0:
        print("Succesful connection")
        client.subscribe("user/3/device/8cf9572000023509/uplink") 
    print("Error ! Result code {}".format(rc)) 

def on_message(client, userdata, msg):
    print("ok")
   
client = mqtt.Client(client_id="",clean_session=True,userdata=None,transport="tcp")

client.tls_set(ca_certs="caCert.pem")

client.username_pw_set(username="xxxx",password="xxxxxxx")

client.on_log = on_log

  # Define callback function for successful connection

client.connect(MQTT_HOST,BROKER_PORT,MQTT_KEEPALIVE_INTERVAL)
client.on_message = on_message
client.on_connect = on_connect


client.loop_forever()

The certificate is valid. How can I solve this problem?

YaLeaura
  • 61
  • 3
  • 9
  • See https://stackoverflow.com/questions/60956844/ssl-sslcertverificationerror-ssl-certificate-verify-failed-certificate-verif and https://stackoverflow.com/questions/50236117/scraping-ssl-certificate-verify-failed-error-for-http-en-wikipedia-org – Jorge Orpinel Pérez Jul 22 '22 at 19:16

2 Answers2

1

The certificate is valid

That may be the case; but is it valid for "ec2-x-x-x-x.us-east-2.compute.amazonaws.com"? The error you are getting is basically saying "I asked ec2-x-x-x-x.us-east-2.compute.amazonaws.com for its certificate; it gave me a valid certificate but its for a different hostname (e.g. bad.hacker.com) so I wont trust it!".

For testing you can ignore this using the tls_insecure_set() option (see the docs). However you really need to take a look at the certificate and check the Common Names (CN) and Subject Alternative Names (SAN) (see this answer).

The fact that you get Error ! Result code 5 when connecting with the IP leads me to suspect that the certificate was created with the IP address as a SAN (so the certificate verification part is working when you conect using the IP). Error 5 is "Connection Refused, not authorized" so you probably need to check your username/password (and broker configuration).

Brits
  • 14,829
  • 2
  • 18
  • 31
  • My collaborators tell me that the problem comes from my code. Is there a bad practice or a problem in the code I shared? – YaLeaura Aug 04 '21 at 16:04
  • Your code do not really do much and is mainly the [example](https://www.eclipse.org/paho/index.php?page=clients/python/docs/index.php#getting-started) with TLS added. You should set the callbacks before connecting but that is not your current issue (as your code will not get to that point). – Brits Aug 04 '21 at 20:08
0

i just hide my request source code, then i got result locate is .local .local\pipx\venvs\eth-brownie\Lib\site-packages\requests\adapters.py disable this line # self.cert_verify(conn, request.url, verify, cert)

it work for me,but not safe

阳光Sunny
  • 11
  • This does not provide an answer to the question. Once you have sufficient [reputation](https://stackoverflow.com/help/whats-reputation) you will be able to [comment on any post](https://stackoverflow.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/33084237) – chrslg Nov 06 '22 at 13:25