Problem with connection to AWS IoT Broker with TLS with ALPN
rkalicinski opened this issue · 3 comments
I tried to connect to AWS IoT Broker using mqtt_cpp. AWS requires ALPN to be configured on TLS but mqtt_cpp does not support it directly so I needed to use native OpenSSL function to set it up:
auto c = MQTT_NS::make_tls_sync_client(ioc, "{AWS host}", 443);
static const unsigned char protos[5] = {4, 'm','q','t','t'};
auto res = SSL_CTX_set_alpn_protos(c->get_ssl_context().native_handle(), protos, 5);
c->connect();
Unfortunately connection does not succeed and end up with "End of file".
What could be missing here?
Additionally, I'm limited to C++14 so cannot use asyc_mqtt instead.
I don't know much about AWS IoT Broker, but https://github.com/redboltz/mqtt_cpp/blob/master/example/tls_client_with_sni.cpp could help you.
auto connect =
[&] {
// create custom socket
auto stream =
std::make_shared<
MQTT_NS::tcp_endpoint<
MQTT_NS::tls::stream<boost::asio::ip::tcp::socket>,
MQTT_NS::strand
>
>(ioc, c->get_ssl_context());
if (!SSL_set_tlsext_host_name(MQTT_NS::any_cast<SSL*>(stream->native_handle()), host.c_str())) {
std::cout << "SSL_set_tlsext_host_name return false" << std::endl;
return false;
}
c->connect(MQTT_NS::force_move(stream));
return true;
};FYI: (I understand that you are limitted to C++14)
Doing custom setting for TLS layer is one of complecated part of mqtt_cpp. There is no way to improve it because mqtt_cpp too much holds underlying layters. This is one reason of I started develop async_mqtt.
Here is async_mqtt layer model https://github.com/redboltz/async_mqtt/blob/doc/tutorial/create_endpoint.adoc
@redboltz Thank you for Your kind asist. I confirm that Your hint helped and now connection works like a charm :)
@rkalicinski you are welcome :)