Community
cancel
Showing results for 
Search instead for 
Did you mean: 
DVasi3
Novice
3,028 Views

Updating openssl on Edison (Yocto)

Hi Guys.

I have recently been working with the azure-iot-sdks and encountered problems when sending messages using AMQP to Azure. I keep getting Authentication Errors when connecting.

---------------------------------------------------

Starting the IoTHub client sample AMQP...

Info: IoT Hub SDK for C, version 1.0.9

IoTHubClient_SetMessageCallback...successful.

IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

Error: Time:Wed Jul 13 21:54:41 2016 File:/home/cpt/azure-iot-sdks/c/iothub_client/src/iothubtransportamqp.c Func:IoTHubTransportAMQP_DoWork Line:1469 AMQP transport authentication timed out.

-> [CLOSE]* {}

Error: Time:Wed Jul 13 21:55:11 2016 File:/home/cpt/azure-iot-sdks/c/iothub_client/src/iothubtransportamqp.c Func:IoTHubTransportAMQP_DoWork Line:1469 AMQP transport authentication timed out.

-> [CLOSE]* {}

---------------------------------------------------

Having searched many forums on this issue, I have come to the conclusion that the cause of the timeouts may be the openssl version (1.0.1m) on the Yocto Linux.

I was wondering if somebody could give me some help regarding the update of the openssl as I have already looked in the Intel repository for the Edison and the latest version is 1.0.1m which is already installed.

Much appreciated!!

10 Replies
idata
Community Manager
101 Views

Hi dv,

 

 

I just checked the repository and, as you mentioned, the openssl version is not the latest. In that case you'll need to install a newer version from source, following the instructions in their site https://www.openssl.org/source/ https://www.openssl.org/source/. The latest stable version is 1.0.2, and there's already a beta version (1.1.0), but be careful, some other users have tried to install this beta version and they have encountered multiple issues, you can check this here: /thread/99365 https://communities.intel.com/thread/99365. As a suggestion, I would say to try first with version 1.0.1t or 1.0.2h (you can also install the bigger Perl installation, you can do this from the AlexT repository).

 

 

Regards,

 

-Pablo
DVasi3
Novice
101 Views

Thank you Pablo,

I have tried to update the openssl version to 1.0.2g. However after replacing everything with the updated version, the system still reports 1.0.1m. I will look into to this over the weekend and report back with findings.

idata
Community Manager
101 Views

Hi dv,

 

 

Do you have updates on this? Have you been working on this lately?

 

 

Regards,

 

-Pablo
DVasi3
Novice
101 Views

Hi Pablo,

Unfortunately I did not manage to get it updated properly. The issue is that even after updating the library when typing in "openssl version" still returns back 1.0.1m.

The other solution could be to bitbake the image before uploading it so we can get the higher version on the Yocto image before we put it onto the device.

DVasi3
Novice
101 Views

I have also tried the ubilinux OS on the edison board and all worked without a problem and authentication was successful, openssl version 1.0.1e.

idata
Community Manager
101 Views

Hi dv9346,

 

 

I'm happy to know that you were able to make it work using Ubilinux, apparently it has nothing to do with your version of SSL (I kept trying to install a newer version of openSSL on my Intel Edison without success). I also noticed that you opened a discussion on Github about this issue and yesterday another user suggested a possible solution based on a similar issue, you can check that and give a try. We would like to know your results.

 

 

Regards,

 

-Pablo
DVasi3
Novice
101 Views

Hi Pablo,

After trying out the solution from GitHub, it was the same result.

After having a look at other issues on Azure-iot-sdk I found one where it had a similar problem >>>>> https://github.com/Azure/azure-iot-sdks/issues/507 [C][Linux][SimpleSample]Running azure-iot-sdk sample code failed · Issue # 507 · Azure/azure-iot-sdks · GitHub

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

https://github.com/jjlee9 jjlee9 commented https://github.com/Azure/azure-iot-sdks/issues/507# issuecomment-214592799 on 26 Apr • edited

Yes, you are right. The "TrustedCerts" solution solved this problem. Anyway the solution cannot work with OpenSSL 1.0.0a.

After I switched to OpenSSL 1.0.2g, the AMQP and MQTT worked well with "TrustedCerts" solution. I just commented out MBED_BUILD_TIMESTAMP in simplesample_amqp.c and simplesample_mqtt.c plus "TrustedCerts" solution (certs/certs.*) and linked with OpenSSL 1.0.2g library.

The two binary files (amqp and mqtt) worked well under Kevin's device!

I switched back to OpenSSL 1.0.0a with "TrustedCerts" solution and the two binary could not work correctly.

Thanks, it solved the problem with OpenSSL 1.0.2g! Thanks a lot!

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This person above was running embedded Linux platform and he had solved the authentication error by updating his openssl and by passing down the certificates.

Would also like to add that when using NodeJs for connecting to azure-iot-sdk, everything connects and can be monitored using the IoT Hub.

idata
Community Manager
101 Views

Hi dv,

I still found really strange that you were able to make it work using Ubilinux, even though the version of openSSL is even an older one (1.0.1e). I'll keep trying to install a newer version of openSSL, below you can see the errors that I'm getting when running "make" I will let you know if I get some new results. Are you currently implementing it with NodeJS?

 

Regards,

 

-Pablo
idata
Community Manager
101 Views

Hi dv,

 

 

I was unable to build openSSL successfully, but last time you told me that you were able to make it work with NodeJS, so I would suggest you to keep using it that way, at least until OpenSSL is updated on the Edison.
BWhal1
Beginner
101 Views

I was able to get the AMQP sample working on the Edison without the TrustedCerts workaround by setting the following environment variable:

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt