Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to establish MQTT connection without overriding default system trust store on Android #157

Closed
2 tasks done
uberbinge opened this issue Apr 23, 2021 · 1 comment
Closed
2 tasks done

Not able to establish MQTT connection without overriding default system trust store on Android #157

uberbinge opened this issue Apr 23, 2021 · 1 comment
Labels
bug This issue is a bug. closed-for-staleness needs-triage This issue or PR still needs to be triaged.

Comments

@uberbinge
Copy link
Contributor

uberbinge commented Apr 23, 2021
edited
Loading

Known Issue

  • I'm using ATS data type endpoint: the endpoint should look like <prefix>-ats.iot.<region>.amazonaws.com

Describe the bug
Not able to establish MQTT connection without overriding default system trust store on Android.

SDK version number

Platform/OS/Hardware/Device
What are you running the sdk on?
Device:Pixel 3a
OS: Android 11

To Reproduce (observed behavior)

private var connection: MqttClientConnection? = null
val eventLoopGroup = EventLoopGroup(1)
                connection = newMtlsBuilder(config.certificate, config.privateKey)
                    .withClientId(clientId)
                    .withCleanSession(true)
                    .withKeepAliveMs(MQTT_CONNECTION_KEEP_ALIVE_TIME_MILLI_SECONDS)
                    .withWill(lastWill(config), QualityOfService.AT_LEAST_ONCE, false)
                    .withConnectionEventCallbacks(connectionCallback)
                    .withBootstrap(ClientBootstrap(eventLoopGroup, HostResolver(eventLoopGroup)))
                    .withEndpoint(config.iotEndpoint)               
                    .build()
connection?.connect()?.get()

With above code we get TLS (SSL) negotiation failed if we don't provide an explicit root certificate via withCertificateAuthoriy.

Expected behavior
It should be able to connect as Amazon root Cert is present in the trust store of Pixel3a running Android 11. As shown here.

Logs/output
TLS (SSL) negotiation failed

Additional context
We mentioned this issue before and had internal sync meetings with the team. It's a known issue. Before it was mixed up with another issue, so creating separate one to be explicit and track the progress.
@uberbinge uberbinge added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 23, 2021
uberbinge pushed a commit to uberbinge/aws-iot-device-sdk-java-v2 that referenced this issue Apr 23, 2021
add trust store issue info
a445f25 
Adds extra information and links to the known issue(aws#157) for the default trust store not being picked by the SDK automatically.
This was referenced Apr 23, 2021
Closed
Merged
bretambrose pushed a commit that referenced this issue Apr 23, 2021
add trust store issue info (#158)
a27d4c8 
Adds extra information and links to the known issue(#157) for the default trust store not being picked by the SDK automatically.
@Pearcekieser Pearcekieser mentioned this issue Dec 28, 2021
Closed
2 tasks
@github-actions
Copy link

Greetings! Sorry to say but this is a very old issue that is probably not getting as much attention as it deservers. We encourage you to check if this is still an issue in the latest release and if you find that this is still a problem, please feel free to open a new one.

@github-actions github-actions bot added closing-soon This issue will automatically close in 5 days unless further comments are made. closed-for-staleness and removed closing-soon This issue will automatically close in 5 days unless further comments are made. labels Apr 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. closed-for-staleness needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@uberbinge