Yusuf X Yusuf X - 1 month ago 19
iOS Question

AWS MQTT on OSX

In the OSX app here, I can use AWS MQTT with iOS9, but when I try the same with OSX10.11, I get this error:


CFNetwork SSLHandshake failed (-9829)


Error -9828 is defined as


errSSLPeerCertUnknown = -9829, /* unknown certificate */


My OSX info.plist is

<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>amazonaws.com</key>
<dict>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
<key>amazonaws.com.cn</key>
<dict>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>


The p12 (from "openssl pkcs12 -info -in awsiot-identity.p12") is:

MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: 5F 80 DC 6E AB F1 98 6A AA FC 0B 7B 04 F9 0E 66 99 E9 86 4F
subject=/CN=AWS IoT Certificate
issuer=/OU=Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US
-----BEGIN CERTIFICATE-----
MIIDWTCCAkGgAwIBAgIUJQgfGjmoboOQ7eJo+NTRs5wr8KMwDQYJKoZIhvcNAQEL
BQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g
SW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTE2MDcyNTA2NDU0
NloXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQVdTIElvVCBDZXJ0aWZpY2F0
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK57RCK3ppDk22TPA+97
2coZeo36lJpZ9M/0l6xHyeQiiVZMKGrkP3S+ej4Dgd+q4gviB2g5dc9T6jMwRSA8
qkdadxspSmEtCCwdFY3poVOpsD7Z0s3lVwBSgTiztfQo15yTyIjhkS0gS9tBg1sI
xIJoYuxXEHkoJKHum8yaluL71jYLxdmp5YHGVHZ55ussZUrWuE4ut4EbHJ8+Ef+z
caJtJB6YMEeKpKMvZ0vrb+jHytD6s7K20SnfTvEHsXNwWIfwXsxmqkG9KHT7q9Dd
XlaeKiP0tWE/8ObOPk1W7xT9HTAvkrveJIEFYhMcfi0yTtxm9CyEG0p36yor2HAK
T/UCAwEAAaNgMF4wHwYDVR0jBBgwFoAU8Kei7lBQZkzRV3if5sWxgF9WtM8wHQYD
VR0OBBYEFM7oRgS5iXeFPcI4pzY/0BQCCE3mMAwGA1UdEwEB/wQCMAAwDgYDVR0P
AQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBDzKiP+Gldz4RUe0QyMcYDWS0V
/3PeJTRjoD7IxUOO9czCZoCX46dxJkP1ijzuuqneaEPK7OUQxoHepqPdlbsycXv3
i/Ty649c/d2dizYqO2iM+6M+xdDLYPBmEAD4aQ9Qj8TpnC5OCSdqGq9XCFLTnz4j
icx2lYS3COdfZbKs9KQG7dkPK7CWSjHHy21Ftz0zBx7wj5v+2lNbcHCFmYn9+lYg
Jw1zUR/rGqTcQZHGUvgv3Mfp8xWtHDFhYAKnwGbhIxCanOM6An+yzEwLUEvkQ81Q
Lzv/yReCVHO4M0+JTW4Fu6BWEaTThPzdN3kQbIzJsViIL9Q6dfAXlvepkHr4
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
localKeyID: 5F 80 DC 6E AB F1 98 6A AA FC 0B 7B 04 F9 0E 66 99 E9 86 4F
Key Attributes: <No Attributes>


Why does OSX fail but iOS succeed?

Answer

None of these answers helped. I finally got an answer from Amazon, saying "we don't support OSX MQTT yet." That's not especially useful, and it's frustrating that the key worked on some machines some of the time, but my options now are:

  1. wait for Amazon to support OSX MQTT someday maybe
  2. use the embedded-C SDK for MQTT