Hello Khem,
thanks for the answer. I'm pretty sure now that it is an ssl problem
(see below).
On 26.06.2017 16:28, Khem Raj wrote:
On Sun, Jun 25, 2017 at 11:35 PM, Jakob Hasse
<jakob.ha...@smart-home-technology.ch> wrote:
Hello,
I'm trying to run the Mircosoft Azure IoT hub mqtt example
(iothub_client_sample_amqp or simliar) of the C SDK on yocto
(https://github.com/Azure/azure-iot-sdk-c).
On my Ubuntu host machine, everything compiles and works fine, the
application connects to the azure server and sends messages.
In Yocto, I get errors after compiling the whole SDK with all examples, but
the mqtt example is already there, so I assume it's correct. Furthermore, I
could compile it using Intel's meta-iot-cloud layer and only taking the
example application itself into my own layer.
I would suggest to fix all compile errors. If you need support please share
your compile errors here, there might be interesting for people here.
As I said, the application also compiled with the meta-iot-cloud layer
without errors. Anyway, here are the errors when compiling with the SDK:
[ 67%] Building C object
iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/iothub_client_sample_mqtt_dm.c.o
cc1: error: include location "/usr/include/azureiot" is unsafe for
cross-compilation [-Werror=poison-system-directories]
[ 68%] Building C object uamqp/CMakeFiles/uamqp.dir/src/session.c.o
[ 69%] Building C object
iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/pi_device/pi.c.o
cc1: error: include location "/usr/include/azureiot" is unsafe for
cross-compilation [-Werror=poison-system-directories]
cc1: all warnings being treated as errors
iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/build.make:86:
recipe for target
'iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/pi_device/pi.c.o'
failed
make[2]: ***
[iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/pi_device/pi.c.o]
Error 1
make[2]: *** Waiting for unfinished jobs....
Scanning dependencies of target simplesample_http
[ 70%] Building C object
serializer/samples/simplesample_http/CMakeFiles/simplesample_http.dir/simplesample_http.c.o
cc1: all warnings being treated as errors
iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/build.make:62:
recipe for target
'iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/iothub_client_sample_mqtt_dm.c.o'
failed
make[2]: ***
[iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/iothub_client_sample_mqtt_dm.c.o]
Error 1
CMakeFiles/Makefile2:2288: recipe for target
'iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/all'
failed
make[1]: ***
[iothub_client/samples/iothub_client_sample_mqtt_dm/CMakeFiles/iothub_client_sample_mqtt_dm.dir/all]
Error 2
make[1]: *** Waiting for unfinished jobs....
[ 70%] Building C object
serializer/samples/simplesample_http/CMakeFiles/simplesample_http.dir/linux/main.c.o
[ 70%] Building C object
uamqp/CMakeFiles/uamqp.dir/src/socket_listener_berkeley.c.o
[ 71%] Linking C static library libuamqp.a
[ 71%] Built target uamqp
[ 72%] Linking C executable simplesample_http
[ 72%] Built target simplesample_http
Makefile:94: recipe for target 'all' failed
make: *** [all] Error 2
Now the actual problem:
When I run the application on the Yocto system, it establishes a tcp
connection to the azure server, but then "stops working", until the azure
server sends the tcp fin ack, which the the application acknowlegdes. On TCP
dump I can see that packets were dropped by the kernel.
The tcp problem seems to occur while the azure server is transmitting the
certificate, if I interpret the tcpdump output correctly. But might be just
coincidence. I checked the openssl libs requested by the application and
they are the same on the Ubuntu host and on the Yocto embedded system.
The network is also the same as on the host machine.
I would be very happy for ideas about what went wrong here.
Whats the kernel version on working and non working systems. ?
Ubuntu host: 4.4.0-81-generic
Yocto: 4.1.38-dey+gce24590
The dropped packages in tcpdump are a tcpdump problem, as I found out...
so nothing to do with the actual problem.
The connection is closed very early by the server, as I saw some
certificate-related strings, it seems to finish right after the
application received the openssl certs.
I can reproduce the behavior on the host machine by renaming the
/etc/ssl/certs/ folder, so I'm pretty sure that it's an openssl problem
(or finding the certs).
When I try to connect with
openssl s_client -showcerts -connect 13.95.15.251:8883
I get the error: Verify return code: 20 (unable to get local issuer
certificate).
When I try to connect with
openssl s_client -showcerts -connect 13.95.15.251:8883 -CAfile
/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
in turn, everything is fine: Verify return code: 0 (ok).
I added the certificate delievered in the azure-iot-c-sdk by Microsoft,
which is in fact the same as Baltimore_CyberTrust_Root.crt.
I have the certificate in following locations:
/etc/ssl/certs/
/usr/share/ca-certificates/
/usr/local/share/ca-certificates/
/usr/lib/ssl/certs // *see below
and ran update-ca-certificates after each add and rebooted. Nothing
changed, the application still doesn't connect properly.
Is there maybe another path that I have missed?
* this directory came out when I put this code into the application:
|const char *dir; dir = getenv(X509_get_default_cert_dir_env()); if
(!dir) dir = X509_get_default_cert_dir(); puts(dir);|
Best Regards,
Jakob
--
Jakob Hasse
Software Developement
E: jakob.ha...@smart-home-technology.ch
T: +41 44 552 02 66
Smart Home Technology GmbH
www.smart-home-technology.ch
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
