By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Connecting from awsiotsdk to Greengrass Core over LocalMQTT TLS problems

0

I try and connect from a client device over localMQTT to the broker on the greengrass core. However, when I connect, I get this error on the awsiotsdk side. I ran an almost identical script to this a couple months ago and I don't think it had the same problems.

Traceback (most recent call last):
  File "client_v2.py", line 76, in <module>
    connect_future.result()
  File "/Users/username/.pyenv/versions/3.8.11/lib/python3.8/concurrent/futures/_base.py", line 444, in result
    return self.__get_result()
  File "/Users/username/.pyenv/versions/3.8.11/lib/python3.8/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
awscrt.exceptions.AwsCrtError: AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed

On the Core side, I have just the Moquette broker and the bridge and a component that subscribes to the messages coming off of LocalMqtt and through the bridge. This is the message in greengrass.log

2022-04-05T07:00:56.397Z [ERROR] (nioEventLoopGroup-7-10) io.moquette.broker.NewNettyMQTTHandler: Unexpected exception while processing MQTT message. Closing Netty channel. CId=null. {}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLProtocolException: Received close_notify during handshake
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478)
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
        at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
        at io.moquette.broker.metrics.BytesMetricsHandler.channelRead(BytesMetricsHandler.java:51)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLProtocolException: Received close_notify during handshake
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:129)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:339)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:295)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:286)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:250)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
        at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
        at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
        at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
        at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
        at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)
        at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282)
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387)
        at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1282)
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1329)
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)
        ... 25 more

2022-04-05T07:00:56.399Z [INFO] (nioEventLoopGroup-7-10) io.moquette.broker.metrics.MQTTMessageLogger: Channel Inactive. {}

I'm using the mqtt_connection_builder.mtls_from_path function to create my connection setup between the client and the core, but obviously during the connect function itself it breaks because of the TLS handshake.

  • sushantAtAWS
    2 years ago

    Hi, I suspect that the CA used by the client is not valid. Can you show me how you are performing the cloud discovery and how you are connecting to the server in code (the code using mqtt_connection_builder.mtls_from_path)? Also, if you have logs from the cloud discovery code, please share that as well.

  • AWS-User-7945247
    2 years ago

    Yep you were correct, splicing with the discovery code I was able to connect and send the data.

  • Greg_B EXPERT
    2 years ago

    sushantAtAWS can you please repeat your comment in the answer section so this no longer appears as an unanswered question?

Topics
Internet of Things (IoT)
Tags
AWS IoT GreengrassInternet of Things (IoT)
Language
English
AWS-User-7945247
asked 2 years ago887 views
1 Answer
1
<reposting from the comments section>

Hi, I suspect that the CA used by the client is not valid. Can you show me how you are performing the cloud discovery and how you are connecting to the server in code (the code using mqtt_connection_builder.mtls_from_path)? Also, if you have logs from the cloud discovery code, please share that as well.

sushantAtAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content