-
Notifications
You must be signed in to change notification settings - Fork 739
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL routines:tls_process_server_certificate:certificate verify failed (cross-compile) #435
Comments
INCLUDE(CMakeForceCompiler) SET(CMAKE_SYSTEM_NAME Linux) # this one is important this is the location of the amd64 toolchain targeting the Raspberry PiSET(CMAKE_C_COMPILER /home/ubuntu/chenwei/ioT-6G2C-L/gcc-linaro-arm-linux-gnueabihf-4.9-2014.09_linux/bin/arm-linux-gnueabihf-gcc) this is the file system root of the target#SET(CMAKE_FIND_ROOT_PATH $ENV{RPI_ROOT}) search for programs in the build host directoriesSET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) for libraries and headers in the target directoriesSET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) set(OPENSSL_ROOT_DIR /home/ubuntu/chenwei/lib/openssl/openssl-1.1.1-pre3) set(CURL_INCLUDE_DIR /home/ubuntu/chenwei/lib/curl/curl_lib/include) |
@github-easyway Ensure that you call the function IoTHubClient_LL_SetOption(iothub_ll_handle, OPTION_TRUSTED_CERT, certificates); with the trusted server certificate found in the here. Let us know if this fixes your issue. |
i use iothub_ll_telemetry_sample ,and code as follow: IOTHUB_CLIENT_LL_HANDLE iothub_ll_handle;
|
Hi , to resolve the issue |
@lakshmisivareddy but the problem is the same. |
@github-easyway |
@github-easyway
This will return the directory OpenSSL is using as its root. It will look in a subdirectory of that directory called certs for the certificates. This is typically symlinked to another location. You need to check and see if the Baltimore Cybertrust certificate is present in that directory. Here is the certificate on my Raspberry Pi. I don't remember if I had to add it. I have had to do so on some platforms:
Note the certificate is another symlink to another location. If the certificate is missing then you can download it form https://ssl-tools.net/subjects/c12f4576ed1559ecb05dba89bf9d8078e523d413. You will need the pem version of the cerficate. Also notice that there are two symlinks to the certificate. You will also need to create these. You can generate the hash values for the file names using OpenSSL but they will be exactly the same on any platform so just create the two shown above on your own system. Once that is done it should all work. If you already have the certificate though then there must be something else going on. Alternatively, you can use the trusted certs option. That should work too. Mark Radbourne MSFT |
Hi @github-easyway , |
I transplant AZURE-IOT-SDK to my MX26 platform, cross compile, but run abnormal. I use I.iothub_ll_telemetry_sample, the error message is as follows:
Creating IoTHub handle
Sending message 1 to IoTHub
Sending message 2 to IoTHub
Sending message 3 to IoTHub
Sending message 4 to IoTHub
Sending message 5 to IoTHub
Info: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Info: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Info: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
What is the cause of this?
The text was updated successfully, but these errors were encountered: