- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Everybody,
I have just joined and started playing with Intel Edison and AWS IoT SDK.
The last steps in the tutorial should make a secured MQTT connection to AWS IoT service but the openSSL refuses the connection with an SSL3 error.
When I installed the latest firmware I got the following warning:
InsecurePlatformWarning: A true SSLContext object is not available.
This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail.
For more information, see https://urllib3.readthedocs.org/en/latest/security.html# insecureplatformwarning https://urllib3.readthedocs.org/en/latest/security.html# insecureplatformwarning.
Checking the link above:
Certain Python platforms (specifically, versions of Python earlier than 2.7.9) have restrictions in their ssl module that limit the configuration that urllib3 can apply. In particular, this can cause HTTPS requests that would succeed on more featureful platforms to fail, and can cause certain security features to be unavailable.
If you encounter this warning, it is strongly recommended you upgrade to a newer Python version, or that you use pyOpenSSL as described in the https://urllib3.readthedocs.org/en/latest/security.html# pyopenssl OpenSSL / PyOpenSSL section.
and I also found this in the Yocto project manual:
5.7.4. SSL 3.0 is Now Disabled in OpenSSLhttp://www.yoctoproject.org/docs/1.8/ref-manual/ref-manual.html# migration-1.8-ssl ¶SSL 3.0 is now disabled when building OpenSSL. Disabling SSL 3.0 avoids any lingering instances of the POODLE vulnerability. If you feel you must re-enable SSL 3.0, then you can add an append file (*.bbappend
) for the openssl
recipe to remove "-no-ssl3" from http://www.yoctoproject.org/docs/1.8/ref-manual/ref-manual.html# var-EXTRA_OECONF EXTRA_OECONF
.
I think this causes my problem. Is there anybody who can provide me an updated image with SSL3 support for Edison?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi lbabaly,
When you run configure_edison –version, are you getting 159 as result?
After following the steps from https://software.intel.com/en-us/articles/setup-aws-iot-intel-edison-board IoT - Setting up AWS IoT Thing SDK on the Intel® Edison Board | Intel® Developer Zone, did you have problems? Were you able to run all those commands and install all the requirements?
Have you tried to build your own image by following those instructions?
..you can add an append file (*.bbappend) for the openssl recipe to remove "-no-ssl3" from http://www.yoctoproject.org/docs/1.8/ref-manual/ref-manual.html# var-EXTRA_OECONF EXTRA_OECONF...
Regards,
Charlie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Charlie,
Yes, I have the latest version 159.
I followed the steps and everything worked fine until the last two commands with mosquitto. I got the following error:
root@myEdison:~# mosquitto_sub --cafile rootCA.pem --cert cert.pem --key privateKey.pem -h .iot.us-east-1.amazonaws.com -p 8883 -q 1 -d -t topic/test -i clientid1
Client clientid1 sending CONNECT
OpenSSL Error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error: Protocol error
Unfortunately, I'm not so familiar with Linux at the moment to create my own build but I'm working on improving it. Anyway I was expecting that this IoT tutorial should have worked with the latest image without making my own one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi lbabaly,
I'm going to investigate about this and replicate the issue in order to help you with this. Have you done another change in your image? Have you installed something else in the board or is this the only changes you have done?
Kind regards,
Charlie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Charlie,
I haven't installed any additional software. I just followed this step-by-step tutorial:
https://software.intel.com/en-us/articles/setup-aws-iot-intel-edison-board https://software.intel.com/en-us/articles/setup-aws-iot-intel-edison-board
Best regards,
Laszlo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Laszlo,
This seems to be an error with obtaining the certification, take a look at: https://forums.aws.amazon.com/thread.jspa?messageID=454565 AWS Developer Forums: [Errno 1] _ssl.c:499: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICA
I suggest you to contact https://forums.aws.amazon.com/index.jspa AWS Developer Forums:Discussion Forums for a more appropriate response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Charlie,
Just one more question. Why do I get this message right after starting the aws cli setup (pip install awscli)?:
InsecurePlatformWarning: A true SSLContext object is not available.
This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail.
For more information, see https://urllib3.readthedocs.org/en/latest/security.html# insecureplatformwarning https://urllib3.readthedocs.org/en/latest/security.html# insecureplatformwarning
Thanks and regards,
Laszlo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Laszlo,
The problem you are having seems to be an error while obtaining the certification from the server. We suggest you to contact the AWS support for more information about it.
Regards,
Charlie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Charlie,
I clarified the problem with the AWS support and it turned out that the version number of the mosquitto in the Edison image is lower than required by the AWS IoT service. It has to support wildcard TLS certificates. Mosquitto supports this starting from version 1.4.
Here is how I upgraded my mosquitto:
echo "src/gz i586 http://iotdk.intel.com/repos/1.5/iotdk/i586/ http://iotdk.intel.com/repos/1.5/iotdk/i586/" >> /etc/opkg/base-feeds.conf
opkg update
opkg install util-linux-dev
wget http://mosquitto.org/files/source/mosquitto-1.4.4.tar.gz http://mosquitto.org/files/source/mosquitto-1.4.4.tar.gz
tar xzf mosquitto-1.4.4
cd mosquitto-1.4.4
make
# Install
cp client/mosquitto_pub /usr/bin
cp client/mosquitto_sub /usr/bin
cp lib/libmosquitto.so.1 /usr/lib
cp src/mosquitto /usr/bin
Regards,
László
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page