stackoom
  简体   繁体   中英

Azure Downstream device to Edge gateway with python

 原文  2020-03-25 06:11:14       python/ azure/ azure-iot-edge

Question

I'm trying to get the downstream device communication with Azure gateway scenario. Raspberry Pi is the IoT device and I am using Jetson nano as Edge Device, I have tried both symmetric method and self signed, both seems a failure. Please help me with this. I tried from this azure tutorial https://docs.microsoft.com/en-us/azure/iot-edge/how-to-authenticate-downstream-deviceand I tried send_message.py and send_message_x509.py from here: https://github.com/Azure/azure-iot-sdk-python/tree/master/azure-iot-device/samples/async-hub-scenariosAnd Im using azure-iot-test-only.root.ca.cert.pem (ROOTCA), iot-edge-device-downedge-full-chain.cert.pem (device cert), and iot-edge-device-downedge.key.pem (device key) as the credentials inside the .py script... and hostname as the edge gatewat hostname.. But it's a failure. This command works fine and returns OK status:

" openssl s_client -connect mygateway.contoso.com:8883 -CAfile /certs/azure-iot-test-only.root.ca.cert.pem -showcerts"

But still .py returns with TLS authentication error as follows

TLS handshake failed., System.AggregateException: One or more errors occurred. (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
   --- End of inner exception stack trace ---

Please let me know how to resolve this error, or any alterative code to achieve the same.

1 answers

solution1
 0  2020-04-01 19:08:26

did you modify send_message.py to add in the edge devices trusted root ca certificate (azure-iot-test-only.root.ca.cert.pem) as a trusted cert? to use that python SDK in a leaf device, you have to use an overload of the create_from_connection_string function that lets you pass in the edge devices root ca certificate (in order for the SDK to 'trust' it).

for example, I modified the first few lines of send_message.py to this and it works (after copying over the root ca cert to my leaf device)

async def main():
    # Fetch the connection string from an enviornment variable
    conn_str ="<your connection string, including GatewayHostName>"

    #change this path to YOUR cert -- just left mine in as an example...
    certfile = open("/home/stevebus/edge/certs/azure-iot-test-only.root.ca.cert.pem")
    root_ca_cert = certfile.read()

    # Create instance of the device client using the connection string

device_client= IoTHubDeviceClient.create_from_connection_string(connection_string=conn_str,server_verification_cert=root_ca_cert)

this works for me...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Add VM to Azure App Gateway python How to update device twin from device with Azure Python device SDK? remote debug python on aarch64 edge device How to Send New Messages from Azure IoT Edge Module Python Custom Python Azure IoT Edge Module "No such file or directory: ''" How to create Azure Application gateway using python SDK Microsoft Azure Application Gateway blocking python's requests library How to add new certificate for a listener of an Azure Application gateway with Python Python Azure Service Bus Identify sending device Python process to complete before downstream commands run
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM