search

aws / aws-iot-device-sdk-js

SDK for connecting to AWS IoT from a device using JavaScript/Node.js
Apache License 2.0
965 stars 385 forks source link

Override by AWS IoT SDK #428

Closed prince-git-0000 closed 6 months ago

prince-git-0000 commented 6 months ago

Describe the bug

I am writing below code to connect a device 

const awsIot = require("aws-iot-device-sdk");
const path = require("path");
const fs = require("fs");
const caPath = path.join(__dirname, "AmazonRootCA1.pem");
const certPath = path.join(__dirname, "Acertificate.pem.crt");
const keyPath = path.join(__dirname, "Aprivate.pem.key");
const clientId = "*****************";
const iotEndpoint = "************.iot.ap-south-1.amazonaws.com";

// Create a device object
const device = awsIot.device({
  keyPath: keyPath,
  certPath: certPath,
  caPath: caPath,
  clientId: clientId,
  host: iotEndpoint,
  debug: true,
  rejectUnauthorized: false,
});

Expected Behavior

this should be return rejectUnauthorized: false

Current Behavior

in log it is providing rejectUnauthorized as true

{
  keyPath: 'D:\\LOGICTRIX\\IOT\\Aprivate.pem.key',
  certPath: 'D:\\LOGICTRIX\\IOT\\Acertificate.pem.crt',
  caPath: 'D:\\LOGICTRIX\\IOT\\AmazonRootCA1.pem',
  clientId: '*************************',
  host: '************.iot.ap-south-1.amazonaws.com',
  debug: true,
  rejectUnauthorized: true,
  keepalive: 300,
  username: '?SDK=JavaScript&Version=2.2.13',
  reconnectPeriod: 1000,
  fastDisconnectDetection: true,
  resubscribe: false,
  protocol: 'mqtts',
  servername: '************.iot.ap-south-1.amazonaws.com',
  port: 8883,
  key: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 45 70 41 49 42 41 41 4b 43 41 51 45 41 7a 69 ... 1629 more bytes>,
  cert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 6a 43 43 41 6b 4b 67 41 77 49 42 41 67 49 56 41 4e ... 1174 more bytes>,
  ca: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 51 54 43 43 41 69 6d 67 41 77 49 42 41 67 49 54 42 6d ... 1137 more bytes>,
  requestCert: true
}

Reproduction Steps

provide solution for that

Possible Solution

No response

Additional Information/Context

No response

SDK version used

^2.2.13

Environment details (OS name and version, etc.)

windows 11 node version 18.12.0

bretambrose commented 6 months ago

I don't see any indication in the SDK documentation that parameters to the device client constructor are intended to pass-through to the underlying TLS options. You could argue that it might be nice, but that's not the contract established 8 years ago.

The SDK explicitly forces TLS verification and I don't see anything wrong with that beyond a lack of flexibility if using a non-AWS endpoint (self-signed certs, etc...). If you're using a non-AWS endpoint then the SDK doesn't provide you with much useful and you're probably better off using mqtt-js directly.

github-actions[bot] commented 6 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.