search

Azure / azure-iot-sdk-c

A C99 SDK for connecting devices to Microsoft Azure IoT services
https://azure.github.io/azure-iot-sdk-c
Other
588 stars 740 forks source link

Http connection failed - DPS #2398

Closed amit12cool closed 1 year ago

amit12cool commented 1 year ago

Im facing below issue while registering device to DPS. Any idea:-

2029-10-18T16:31:26.864984+03:00 -2022070004 iot-agent-[1041]: [ERROR] [7f54737fe640] AZURE_PLATFORM:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 2029-10-18T16:31:26.865204+03:00 -2022070004 iot-agent-[1041]: [ERROR] [7f54737fe640] AZURE_PLATFORM:Http connection failed to connect 2029-10-18T16:31:26.865236+03:00 -2022070004 iot-agent-[1041]: [ERROR] [7f54737fe640] AZURE_PLATFORM:Failure retrieving data from the provisioning service 2029-10-18T16:31:26.865263+03:00 -2022070004 iot-agent-[1041]: [ERROR] [7f54737fe640] AZURE_PLATFORM:Failed to register device: PROV_DEVICE_RESULT_PARSING 2029-10-18T16:31:26.865306+03:00 -2022070004 iot-agent-[1041]: [INFO] [7f54737fe640] AZURE_PLATFORM:Closing tlsio from a state other than TLSIO_STATE_EXT_OPEN or TLSIO_STATE_EXT_ERROR 2029-10-18T16:31:26.911857+03:00 -2022070004 iot-agent-[1041]: [ERROR] [7f548ae38f40] AZURE_PLATFORM:Failure when registering

Note: We have verified that certificate is valid and also tried to regenerate multiple cert but same issue occur .

danewalton commented 1 year ago

Have you checked only the device cert or did you check that the server cert was verified?

Can you give more details on platform and sdk version?

amit12cool commented 1 year ago

@danewalton it works for some devices and for some doesn't. So the certs seems to be valid on server. And on device side cert they are also valid as they are not expired and used to work before.

The platform is linux and sdk version is the latest one.

danewalton commented 1 year ago

Are you able to get a wireshark trace which would spell out which server certs are being sent to the device?

ericwolz commented 1 year ago

Is this on Linux? If so, the CA roots are not installed by default. sudo apt-get install -y ca-certificates

ericwolz commented 1 year ago

cert verify in openSSL is done here, so you can trace thru it and see which validation fails

https://cs.github.com/openssl/openssl/blob/8aa82b337081b7a22c35dddad8d62fb1ca9ea884/ssl/ssl_cert.c#L387

ericwolz commented 1 year ago

I'm closing this issue due to lack of activity. Please feel free to reopen if you have any further information.