search

Azure / azure-iot-sdk-c

A C99 SDK for connecting devices to Microsoft Azure IoT services
https://azure.github.io/azure-iot-sdk-c
Other
580 stars 738 forks source link

DPS Simulation with x.509 / prov_dev_client_sample doesn't work #2628

Closed geebinge closed 2 days ago

geebinge commented 3 weeks ago

I have an issue with the demo you provided at https://learn.microsoft.com/en-us/azure/iot-dps/quick-create-simulated-device-x509?tabs=linux&pivots=programming-language-ansi-c

I have installed Ubuntu 20.04 and try it now 2 times (1st with main and 2nd time with lts_03_2024), always with the same issue. Everything works fine until I run the sample. 

gerhard@fme-geb-scb-dev:~/azure-iot-sdk-c/cmake$ provisioning_client/samples/prov_dev_client_sample/prov_dev_client_sample
Provisioning API Version: 1.12.1

Registering Device

Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/c-utility/adapters/x509_openssl.c Func:log_ERR_get_error Line:33 failure creating private key evp_key
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/c-utility/adapters/x509_openssl.c Func:log_ERR_get_error Line:40   [0] error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/c-utility/adapters/x509_openssl.c Func:log_ERR_get_error Line:40   [1] error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/c-utility/adapters/x509_openssl.c Func:log_ERR_get_error Line:40   [2] error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/c-utility/adapters/x509_openssl.c Func:log_ERR_get_error Line:40   [3] error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/c-utility/adapters/tlsio_openssl.c Func:log_ERR_get_error Line:490 unable to use x509 authentication
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/c-utility/adapters/tlsio_openssl.c Func:tlsio_openssl_open Line:1449 Failed creating the OpenSSL instance.
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/umqtt/src/mqtt_client.c Func:mqtt_client_connect Line:1124 Error: io_open failed
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/provisioning_client/src/prov_transport_mqtt_common.c Func:create_connection Line:645 Failure connecting to mqtt server
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/provisioning_client/src/prov_transport_mqtt_common.c Func:prov_transport_common_mqtt_dowork Line:919 unable to create mqtt connection
Error: Time:Tue Jun 25 19:39:28 2024 File:/home/gerhard/azure-iot-sdk-c/provisioning_client/src/prov_device_ll_client.c Func:on_transport_registration_data Line:762 Failure retrieving data from the provisioning service

Failure registering device: PROV_DEVICE_RESULT_TRANSPORT
Press enter key to exit:

I use OpenSSL 1.1.1f 31 Mar 2020. lts_03_2024 https://github.com/Azure/azure-iot-sdk-c.git Ubuntu 20.04.6 LTS

The build I did in that way. 

cmake -Duse_prov_client=ON ..
cmake --build .
cmake -Duse_prov_client:BOOL=ON -Dhsm_type_custom=ON -Dhsm_custom_lib="~/azure-iot-sdk-c/cmake/provisioning_client/samples/custom_hsm_example/libcustom_hsm_example.a" .
cmake --build .
comorris2 commented 1 week ago

It appears from your comment that you are leveraging the relative path to the -Dhsm_custom_lib. Instead, could you attempt to follow the scenario using the absolute path and verify the outcome?

The documentation states:

When specifying the path used with -Dhsm_custom_lib in the following command, make sure to use the absolute path to the library in the cmake directory you previously created.

geebinge commented 1 week ago

if I do it with the absolute path, the result stays the same. 

cmake -Duse_prov_client=ON ..
cmake --build .
cmake -Duse_prov_client:BOOL=ON -Dhsm_type_custom=ON -Dhsm_custom_lib="/home/$USER/azure-iot-sdk-c/cmake/provisioning_client/samples/custom_hsm_example/libcustom_hsm_example.a" .
cmake --build .
geebinge commented 2 days ago

We found the issue on our own. The way we add the certs into the code was the wrong one. The whole cert chain must be part of static const char* const CERTIFICATE = "-----BEGIN CERTIFICATE-----""\n" in the custom hsm example.

/usr/share/ca-certificates/ does not work, at least not in our case.