10 Replies Latest reply on Oct 8, 2016 1:54 PM by brwhaley

    Updating openssl on Edison (Yocto)

    dv9346

      Hi Guys.

       

      I have recently been working with the azure-iot-sdks and encountered problems when sending messages using AMQP to Azure. I keep getting Authentication Errors when connecting.

       

      ---------------------------------------------------

      Starting the IoTHub client sample AMQP...

      Info: IoT Hub SDK for C, version 1.0.9

      IoTHubClient_SetMessageCallback...successful.

      IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

      IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

      IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

      IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

      IoTHubClient_SendEventAsync accepted data for transmission to IoT Hub.

      Error: Time:Wed Jul 13 21:54:41 2016 File:/home/cpt/azure-iot-sdks/c/iothub_client/src/iothubtransportamqp.c Func:IoTHubTransportAMQP_DoWork Line:1469 AMQP transport authentication timed out.

      -> [CLOSE]* {}

      Error: Time:Wed Jul 13 21:55:11 2016 File:/home/cpt/azure-iot-sdks/c/iothub_client/src/iothubtransportamqp.c Func:IoTHubTransportAMQP_DoWork Line:1469 AMQP transport authentication timed out.

      -> [CLOSE]* {}

      ---------------------------------------------------

       

      Having searched many forums on this issue, I have come to the conclusion that the cause of the timeouts may be the openssl version (1.0.1m) on the Yocto Linux.

       

      I was wondering if somebody could give me some help regarding the update of the openssl as I have already looked in the Intel repository for the Edison and the latest version is 1.0.1m which is already installed.

       

      Much appreciated!!

        • 1. Re: Updating openssl on Edison (Yocto)
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hi dv,

          I just checked the repository and, as you mentioned, the openssl version is not the latest. In that case you’ll need to install a newer version from source, following the instructions in their site https://www.openssl.org/source/. The latest stable version is 1.0.2, and there’s already a beta version (1.1.0), but be careful, some other users have tried to install this beta version and they have encountered multiple issues, you can check this here: https://communities.intel.com/thread/99365. As a suggestion, I would say to try first with version 1.0.1t or 1.0.2h (you can also install the bigger Perl installation, you can do this from the AlexT repository).

          Regards,
          -Pablo

          • 2. Re: Updating openssl on Edison (Yocto)
            dv9346

            Thank you Pablo,

             

            I have tried to update the openssl version to 1.0.2g. However after replacing everything with the updated version, the system still reports 1.0.1m. I will look into to this over the weekend and report back with findings.

            • 3. Re: Updating openssl on Edison (Yocto)
              Intel Corporation
              This message was posted on behalf of Intel Corporation

              Hi dv,

              Do you have updates on this? Have you been working on this lately?

              Regards,
              -Pablo

              • 4. Re: Updating openssl on Edison (Yocto)
                dv9346

                Hi Pablo,

                 

                Unfortunately I did not manage to get it updated properly. The issue is that even after updating the library when typing in "openssl version" still returns back 1.0.1m.

                 

                The other solution could be to bitbake the image before uploading it so we can get the higher version on the Yocto image before we put it onto the device.

                • 5. Re: Updating openssl on Edison (Yocto)
                  dv9346

                  I have also tried the ubilinux OS on the edison board and all worked without a problem and authentication was successful, openssl version 1.0.1e.

                  • 6. Re: Updating openssl on Edison (Yocto)
                    Intel Corporation
                    This message was posted on behalf of Intel Corporation

                    Hi dv9346,

                    I’m happy to know that you were able to make it work using Ubilinux, apparently it has nothing to do with your version of SSL (I kept trying to install a newer version of openSSL on my Intel Edison without success). I also noticed that you opened a discussion on Github about this issue and yesterday another user suggested a possible solution based on a similar issue, you can check that and give a try. We would like to know your results.

                    Regards,
                    -Pablo

                    • 7. Re: Updating openssl on Edison (Yocto)
                      dv9346

                      Hi Pablo,

                       

                      After trying out the solution from GitHub, it was the same result.

                       

                      After having a look at other issues on Azure-iot-sdk I found one where it had a similar problem >>>>> [C][Linux][SimpleSample]Running azure-iot-sdk sample code failed · Issue #507 · Azure/azure-iot-sdks · GitHub

                       

                      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                       

                      jjlee9 commented on 26 Apr edited

                       

                       

                      Yes, you are right. The "TrustedCerts" solution solved this problem. Anyway the solution cannot work with OpenSSL 1.0.0a.

                      After I switched to OpenSSL 1.0.2g, the AMQP and MQTT worked well with "TrustedCerts" solution. I just commented out MBED_BUILD_TIMESTAMP in simplesample_amqp.c and simplesample_mqtt.c plus "TrustedCerts" solution (certs/certs.*) and linked with OpenSSL 1.0.2g library.

                      The two binary files (amqp and mqtt) worked well under Kevin's device!

                      I switched back to OpenSSL 1.0.0a with "TrustedCerts" solution and the two binary could not work correctly.

                      Thanks, it solved the problem with OpenSSL 1.0.2g! Thanks a lot!

                       

                      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                       

                      This person above was running embedded Linux platform and he had solved the authentication error by updating his openssl and by passing down the certificates.

                       

                      Would also like to add that when using NodeJs for connecting to azure-iot-sdk, everything connects and can be monitored using the IoT Hub.

                      • 8. Re: Updating openssl on Edison (Yocto)
                        Intel Corporation
                        This message was posted on behalf of Intel Corporation

                        Hi dv,

                         

                        I still found really strange that you were able to make it work using Ubilinux, even though the version of openSSL is even an older one (1.0.1e). I’ll keep trying to install a newer version of openSSL, below you can see the errors that I’m getting when running “make” I will let you know if I get some new results. Are you currently implementing it with NodeJS?


                        Regards,
                        -Pablo

                        • 9. Re: Updating openssl on Edison (Yocto)
                          Intel Corporation
                          This message was posted on behalf of Intel Corporation

                          Hi dv, 

                          I was unable to build openSSL successfully, but last time you told me that you were able to make it work with NodeJS, so I would suggest you to keep using it that way, at least until OpenSSL is updated on the Edison. 

                          • 10. Re: Updating openssl on Edison (Yocto)
                            brwhaley

                            I was able to get the AMQP sample working on the Edison without the TrustedCerts workaround by setting the following environment variable:

                             

                            export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt