我正在尝试与Azure网关场景进行下游设备通信。 Raspberry Pi是物联网设备,我将Jetson nano用作边缘设备,我尝试过对称方法和自签名,两者似乎都失败了。请帮我解决一下这个。我从这个Azure教程https://docs.microsoft.com/en-us/azure/iot-edge/how-to-authenticate-downstream-deviceand中尝试了,我从这里尝试了send_message.py和send_message_x509.py:https://github.com/Azure/azure-iot-sdk-python/tree/master/azure-iot-device/samples/async-hub-scenariosAnd我正在使用azure-iot-test-only.root.ca.cert.pem(ROOTCA),物联网-edge-device-downedge-full-chain.cert.pem(设备证书)和iot-edge-device-downedge.key.pem(设备密钥)作为.py脚本中的凭据...,主机名作为边缘gatewat主机名。但这是失败的。该命令可以正常工作并返回OK状态:
“ openssl s_client -connect mygateway.contoso.com:8883 -CAfile /certs/azure-iot-test-only.root.ca.cert.pem -showcerts”
但是.py仍然会返回TLS身份验证错误,如下所示:
TLS handshake failed., System.AggregateException: One or more errors occurred. (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
--- End of inner exception stack trace ---
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of inner exception stack trace ---
---> (Inner Exception #0) System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
--- End of inner exception stack trace ---
请让我知道如何解决此错误,或者通过其他替代代码来解决此错误。
答案 0 :(得分:0)
您是否修改了send_message.py以在边缘设备中添加受信任的根ca证书(azure-iot-test-only.root.ca.cert.pem)作为受信任的证书?要在叶设备中使用该python SDK,必须使用create_from_connection_string函数的重载,该函数可让您传入边缘设备的根ca证书(以使SDK“信任”它)。
例如,我修改了send_message.py的前几行,并且它起作用了(将root ca cert复制到我的叶子设备之后)
async def main():
# Fetch the connection string from an enviornment variable
conn_str ="<your connection string, including GatewayHostName>"
#change this path to YOUR cert -- just left mine in as an example...
certfile = open("/home/stevebus/edge/certs/azure-iot-test-only.root.ca.cert.pem")
root_ca_cert = certfile.read()
# Create instance of the device client using the connection string
device_client = IoTHubDeviceClient.create_from_connection_string(connection_string = conn_str,server_verification_cert = root_ca_cert)
这对我有用...