TCP connect completion failure' error while connecting to aws broker using SSL certificates

[chifaabouguila]

Hello, i'm compiling paho cpp sample ssl_publish.cpp to publish data to was it core broker,
I'm providing the rootca certificate as the trust store and the client private key as the key store, but I'm getting a tcp error. I've changed the trust store with the client certificate but it's not working also.
does anyone tried it and has the solution

[lucassdiass]

I had a similar problem. Error TCP Connection -1. However, I modified version TLS / SSL and configured in / etc / hosts the commom name from server at client and at server, I configure common name from client.

[martinpeniak]

Might be similar to the issue I am having on arm: #318

[fpagliughi]

One problem with AWS, in particular (and several of the other public IoT services), is that the initial SSL/TLS connection is established without an issue, but then the broker - which is not fully MQTT compliant - doesn't like something in the MQTT Connect packet and simply drops the connection without explanation.

Unfortunately, the underlying networking is completely managed by the C library over which I have little control. But I did request that they consider more detailed connection error messages to distinguish between these two totally different errors:
eclipse-paho/paho.mqtt.c#937

For now, turn on the C library logging:

export MQTT_C_CLIENT_TRACE=ON
export MQTT_C_CLIENT_TRACE_LEVEL=MEDIUM

If it says that the SSL connection is properly established, but then the connection is dropped soon after that (when the CONNECT packet is sent), it means that there's something in your connect_options that AWS doesn't like.

[fpagliughi]

But, basically, if you use their online or CLI tools to generate certificates, this setup should work for the SSL options:

trust_store => "root-CA.crt"
key_store => "thing1.cert.pem"
private_key => "thing1.private.key"
private_key_password => ""
enable_server_cert_auth => false
verify => true