awslabs / aws-crt-python

Python bindings for the AWS Common Runtime
Apache License 2.0
87 stars 43 forks source link

AWS_ERROR_SUCCESS after TLS handshake failure #141

Closed dhwalters423 closed 4 years ago

dhwalters423 commented 4 years ago

Hi,

When using the AWS IoT Python Device SDK v2, I was testing different failure scenarios. When passing an invalid private key (one that the corresponding public key was not used to generate the device cert) the TLS handshake failed, as expected. But the error code was 0 = AWS_ERROR_SUCCESS. This is not an expected error code:

Traceback (most recent call last): File "pubsub.py", line 150, in <module> keep_alive_secs=6) File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/awscrt/awsiot_mqtt_connection_builder.py", line 211, in mtls_from_path return _builder(tls_ctx_options, **kwargs) File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/awscrt/awsiot_mqtt_connection_builder.py", line 172, in _builder tls_ctx = awscrt.io.ClientTlsContext(tls_ctx_options) File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/awscrt/io.py", line 275, in __init__ options.verify_peer RuntimeError: 0 (AWS_ERROR_SUCCESS): Success.

bretambrose commented 4 years ago

Coming back to this, it looks like error surfacing has improved in the intervening time interval. When I follow the repro steps I now get AWS_TLS_CTX_ERROR which is a bit closer to the actual problem.

waelmas commented 3 years ago

This is still an issue with no explanation. Please re-open or at least provide some context.

waelmas commented 3 years ago

Actually this might be caused by accidentally using the public key instead of the private one.