Closed ryanhliu closed 7 years ago
Hi @ryanhliu, Unfortunately, the python SDK does not currently support Python v3+. You can find further information and a workaround on this post. We are working on enabling support for v3.x in the next release. Thank you for using AWS IoT.
Rahul
Hi again! I noticed I posted this issue in the wrong repo! Do you happen to know if aws-iot-device-sdk-python (https://github.com/aws/aws-iot-device-sdk-python) is supported by python 3.6? It says in the README it is, but the error above presents itself. I also made the change to the client.py file as you indicated in the link. Sorry for the confusion!
Hi @ryanhliu, It is no problem. We got to the correct repo in the end. The link I provided in the previous post is the work around for the python device SDK. You will still have to use the workaround for the moment to make it work properly. Please let me know if you have further questions.
Rahul
Hi @chaurah, I put the code change specified in the link you provided but get the same error. I put the change in: /Users/Ryan/virtualenvs/alexa/lib/python3.6/site-packages/AWSIoTPythonSDK/core/protocol/paho/client.py
Hi @ryanhliu ,
Thank you very much for providing the information.
Can you verify that you have activated the certificate in your AWS IoT Console?
Thanks, Liusu
Will this do?
Hi @ryanhliu ,
Yes, the certificate is shown as active. Are you still experiencing the issue after the certificate is active?
Thanks, Liusu
Yes, I get the exact same error as originally posted. Is there anything I could try? Keep note that I made the changes to client.py as specified by the workaround post.
Hi @ryanhliu ,
Can you attach the IoT policy you associate with the certificate? Can you use the same certificate and key with MQTT.fx to try again? If it still does not work, can you generate another pair of certificate and key and try again?
Thanks, Liusu
Hi, I tried with the previous certificate and key and made a new certificate and key and tried it with those and ended up with this error:
2017-05-16 18:35:32,811 INFO --- ScriptsController : Clear console.
2017-05-16 18:35:32,812 INFO --- MqttFX ClientModel : MqttClient with ID 1afed18631c945b386848497c0fd2ef8 assigned.
2017-05-16 18:35:33,243 ERROR --- MqttFX ClientModel : Error when connecting
org.eclipse.paho.client.mqttv3.MqttException: MqttException
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38) ~[org.eclipse.paho.client.mqttv3-1.1.0.jar:?]
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:664) ~[org.eclipse.paho.client.mqttv3-1.1.0.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_131]
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_131]
at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:93) ~[org.eclipse.paho.client.mqttv3-1.1.0.jar:?]
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:650) ~[org.eclipse.paho.client.mqttv3-1.1.0.jar:?]
... 1 more
2017-05-16 18:35:33,244 ERROR --- MqttFX ClientModel : Please verify your Settings (e.g. Broker Address, Broker Port & Client ID) and the user credentials!
org.eclipse.paho.client.mqttv3.MqttException: MqttException
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38) ~[org.eclipse.paho.client.mqttv3-1.1.0.jar:?]
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:664) ~[org.eclipse.paho.client.mqttv3-1.1.0.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_131]
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_131]
at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:93) ~[org.eclipse.paho.client.mqttv3-1.1.0.jar:?]
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:650) ~[org.eclipse.paho.client.mqttv3-1.1.0.jar:?]
... 1 more
2017-05-16 18:35:33,248 INFO --- ScriptsController : Clear console.
2017-05-16 18:35:33,248 ERROR --- BrokerConnectService : MqttException
My policy attached to both certificates is as follows:
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Subscribe",
"iot:Receive"
],
"Resource": [
"*"
]
}
]
}
My settings for the connection setup on mqtt fx is as follows:
Hi @ryanhliu ,
Unfortunately, I am not able to duplicate your issue on my side. The following are the steps and configuration I did. You can take a look and check if there is any difference:
basicPubSub|master⚡ ⇒ python3.6 basicPubSub.py -e <PREFIX>.iot.us-east-1.amazonaws.com -r aws-iot-rootCA.crt -c 8d23e57394-certificate.pem.crt -k 8d23e57394-private.pem.key
2017-05-22 11:06:16,573 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Paho MQTT Client init.
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - INFO - ClientID: basicPubSub
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - INFO - Protocol: MQTTv3.1.1
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Register Paho MQTT Client callbacks.
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - mqttCore init.
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Load CAFile from: <path>/aws-iot-rootCA.crt
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Load Key from: <path>/8d23e57394-private.pem.key
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Load Cert from: <path>/8d23e57394-certificate.pem.crt
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for backoff timing: baseReconnectTime = 1 sec
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for backoff timing: maximumReconnectTime = 32 sec
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for backoff timing: minimumConnectTime = 20 sec
2017-05-22 11:06:16,574 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for publish queueing: queueSize = -1
2017-05-22 11:06:16,575 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for publish queueing: dropBehavior = Drop Newest
2017-05-22 11:06:16,575 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Custom setting for draining interval: 0.5 sec
2017-05-22 11:06:16,575 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Set maximum connect/disconnect timeout to be 10 second.
2017-05-22 11:06:16,575 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Set maximum MQTT operation timeout to be 5 second
2017-05-22 11:06:16,575 - AWSIoTPythonSDK.core.protocol.mqttCore - INFO - Connection type: TLSv1.2 Mutual Authentication
2017-05-22 11:06:17,015 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Connect result code 0
2017-05-22 11:06:17,020 - AWSIoTPythonSDK.core.protocol.mqttCore - INFO - Connected to AWS IoT.
2017-05-22 11:06:17,020 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Connect time consumption: 130.0ms.
2017-05-22 11:06:17,020 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Started a subscribe request 1
2017-05-22 11:06:17,102 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - _resubscribeCount: -1
2017-05-22 11:06:17,102 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Subscribe request 1 sent.
2017-05-22 11:06:17,106 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Subscribe request 1 succeeded. Time consumption: 70.0ms.
2017-05-22 11:06:17,107 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Recover subscribe context for the next request: subscribeSent: False
2017-05-22 11:06:19,109 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Try to put a publish request 2 in the TCP stack.
2017-05-22 11:06:19,109 - AWSIoTPythonSDK.core.protocol.mqttCore - DEBUG - Publish request 2 succeeded.
Received a new message:
b'New Message 0'
from topic:
sdk/test/Python
--------------
Usually, certificate_unknown
happens when the server is not able to recognize your certificate, which might be caused by an inactive certificate or the server simply just cannot find it in its identity store.
Hope the above helps.
Thanks, Liusu
Thank you! It seems I didn't generate my certificates/keys properly since it works now after following your steps.
Hi! I'm trying your basicPubSub example and keep running into this error. Could you help me out?
I run the command:
python basicPubSub.py -e <host> -r ../../../root-CA.crt -c ../../../izac_listener.cert.pem -k ../../../izac_listener.private.key
I generated all the certificates with AWS IoT. I am running Python3.6 and my ssl version:
Thank you in advance!