Paho MQTT C Client connection with azure IoT-Hub on Beaglebone Black

Question

I am trying to connect with Azure IoT-Hub with MQTT and send and receive messages using Paho C Client from Beaglebone black (OS: Debian Wheezy). I'm using eclipse CDT on Ubuntu machine to develop my application and deploy/debug remotely.

When i run the application on my native ubuntu machine (Compiled with gcc), Azure connection is success and i'm able to send packets.

I crosscompiled the OPENSSL as specified here and copied the appropriate directories in "/usr/arm-linux-gnueabihf" folder. But when I compile with arm-linux-gnueabihf-gcc-4.7 and remote debug on my beaglebone black (With gdb-multiarch) i'm getting the following error in my output console:

3068126320:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1185:
3068126320:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1185:
Failed to connect, return code -1

Please help me to resolve this issue.Thanks.

Edit: Suspected link - Reg: The error in the suspected duplicate link is same, but the OPENSSL error there is due to expired certificate. But in my case its during MQTT connection with azure & BBB. And moreover there is no answer for my question in that link. As per that link there is no point in disabling the certificate verification when we opt for SSL/TLS secured connection.

My code:

#include "stdio.h"
#include "stdlib.h"
#include "string.h"
#include "MQTTClient.h"
#define PAYLOAD     "Hello World!"
#define QOS         1
#define TIMEOUT     10000L
#define TOPIC1       "devices/Manoj_Test/messages/events/"
#define ADDRESS     "ssl://xxxxxxxx.azure-devices.net:8883"
#define CLIENTID1    "Manoj_Test"

int main(void)
{
MQTTClient client;
MQTTClient_connectOptions conn_opts = MQTTClient_connectOptions_initializer;
MQTTClient_message pubmsg = MQTTClient_message_initializer;
MQTTClient_deliveryToken token;
int rc1;

MQTTClient_create(&client, ADDRESS, CLIENTID1, 1, NULL);
conn_opts.cleansession = 1;
conn_opts.username = "xxxxxxxx.azure-devices.net/Manoj_Test";
conn_opts.password = "SharedAccessSignature sr=xxxxxxxx.azure-devices.net%2fdevices%2fManoj_Test&sig=GyizT%2b7uyIpOkMJjTfN%2fpOZh9CnuQedNB%2bre2NrL1Kg%3d&se=1496395529";


 MQTTClient_setCallbacks(client, NULL, connlost, msgarrvd, delivered);


if ((rc1 = MQTTClient_connect(client, &conn_opts)) != MQTTCLIENT_SUCCESS)
{
    printf("Failed to connect, return code %d\n", rc1);
    exit(-1);
}

MQTTClient_subscribe(client, TOPIC, QOS);
while(1)
{
    pubmsg.payload = PAYLOAD;
    pubmsg.payloadlen = strlen(PAYLOAD);
    pubmsg.qos = 1;
    pubmsg.retained = 0;
    MQTTClient_publishMessage(client, TOPIC1, &pubmsg, &token);
    printf("Waiting for up to %d seconds for publication of %s\non topic %s for client with ClientID: %s\n", (int)(TIMEOUT/1000), PAYLOAD, TOPIC1, CLIENTID1);
    rc1 = MQTTClient_waitForCompletion(client, token, TIMEOUT);
    printf("Message with delivery token %d delivered\n", token);
    usleep(100000);
}
MQTTClient_disconnect(client, 10000);
MQTTClient_destroy(&client);
return rc1;
}

Answer 1

Have you considered using Azure IoT SDKs for connection to IoT Hub? Debian is supported out-of-box and complexity with establishing the connection is abstracted. You can read this blog for the benefits of using the SDKs.

Answer 2

I resolved the issue.
I obtained the server certificate from command line in .crt format and saved to /usr/local/share/ca-certificates/ folder.

openssl s_client -showcerts -connect server.edu:443 </dev/null 2>/dev/null|openssl x509 -outform DER >mycertfile.crt 

Then I updated the trust store certificates to add the above downloaded certificate,

update-ca-certificates

After updating i refered the ca-certificates file in my code,

conn_opts.ssl->trustStore = "/etc/ssl/certs/ca-certificates.crt";