Using AWS IoT and Mosquitto client causes a TLS error - amazon-web-services

I am new to AWS IoT. I am following the example in the link below about setting up JITP (Just In Time Provisioning). Everything goes fine such as registering the Root CA, private key verification certificate etc.
https://aws.amazon.com/blogs/iot/setting-up-just-in-time-provisioning-with-aws-iot-core/
I don't normally post "what is wrong with my code" kind of questions, but i'm out of ideas with this one. When I try the last step to use the MQTT Mosquitto client to connect and publish to AWS IoT Core with the below command
mosquitto_pub --cafile root.cert --cert deviceCertAndCACert.crt --key deviceJITPCert.key -h a9bqki6ij1hx9.iot.us-east-1.amazonaws.com -p 8883 -q 1 -t foo/bar -I anyclientID --tls-version tlsv1.2 -m "Hello" -d
I get the error :
Client anyclientID4406 sending CONNECT
Error: A TLS error occurred.
I can't understand whatsoever what is the problem here with the handshake. All the keys and certificates are generated correctly. I have tried it from the start time and time again. Perhaps i'm missing one obvious step. If anyone with some experience might know what is going wrong i'd greatly appreciate it.

Related

How to enable log in openconnect vpn

I new to openconnect (https://github.com/openconnect/openconnect.git), can someone please tell that how can I redirect all the log to a file in openconnect, and how to change the log level.
Thanks in advance.
This is working for me. I am adding --timestamp for
Prepend a timestamp to each progress message
and --syslog for:
After tunnel is brought up, use syslog for further progress messages
export vpn_server="<YOUR IP ADDRESS>"
export vpn_username="<YOUR USERNAME>"
sudo openconnect --syslog --timestamp --servercert --protocol=anyconnect -u $vpn_username $vpn_server
Then in another terminal tab, tail the messages
tail -f /var/log/syslog
This bit was taken from https://askubuntu.com/a/1062368
More info about other parameters is here https://www.infradead.org/openconnect/manual.html

"TLS Handshake timeout" when installing aws-sdk-go package with go get

I am getting net/http: TLS handshake timeout when trying to install aws-sdk-go with go get.
go get -v github.com/aws/aws-sdk-go
go: downloading github.com/aws/aws-sdk-go v1.30.10
go get: github.com/aws/aws-sdk-go#v1.30.10: Get https://storage.googleapis.com/proxy-golang-org-prod/153044bb636484b4-github.com:aws:aws-sdk-go-v1.30.10.zip?Expires=1587550038&GoogleAccessId=gcs-urlsigner-prod%40golang-modproxy.iam.gserviceaccount.com&Signature=Py%2Fu6vp6bq%2F%2Bz57LXE4oUVTvCjAL08bnxnlWuHUh2FME7v89fzIz1%2FNOJ5kKsXCJV39OMJLsjF5j3457p1mZJsBZSgTjMnFbPbuVRHu%2FhKPFPmvVsLYvchvB7Va%2F%2BGcyYHhOsP0XMdSo3N8GjqltihMWfKML49RNOmqCrQT%2F0Qc1b%2BBhbz9iH88QNd9mSwYYQpr0kuAVOb3OGfyQGY11vrTHLWp5ammOH%2B6Xa7g5cpCMO91Ane8aOEYywc0oSsgvv4y32qp0G%2FGm18pDHzLq1o0OA7HEKUU59ACFpOsTyEhF0uECBoNfFpiBuOub%2BY%2FMhGzsojk1dW0vzmR0SOGxqg%3D%3D: net/http: TLS handshake timeout
I can install any other go packages without any trouble. And my colleagues (in different network) can install aws-sdk-go without any problem. But, I am continuously facing this problem. I have tried with two different laptops. I have also tried switching to 3G network instead of broadband but, no luck there too.
How can I troubleshoot this problem?

CURLE_UNSUPPORTED_PROTOCOL - ftp download fails

i use cURL (installed via vcpkg). Also openssl installed via vcpkg for a c++ project on VS 2019.
The problem:
CURLE_UNSUPPORTED_PROTOCOL = curl_easy_perform(curl);
I used this example:
https://curl.haxx.se/libcurl/c/ftpsget.html
with corrected connection and file data. The FTP server is filezilla. I checked the connection and file
download with filezilla client. All fine.
When i use the sample from link, i get the CURLE_UNSUPPORTED_PROTOCOL and in my FTP server i can't see
any connection try.
The error is described like this:
The URL you passed to libcurl used a protocol that this libcurl does not support..
Verbose information is:
* STATE: INIT => CONNECT handle 0x148090e0b38; line 1356 (connection #-5000)
* Protocol "ftp" not supported or disabled in libcurl
* Closing connection -1
* Expire cleared (transfer 0x148090e0b38)
I check the internet for the error message above and none of those i found solved my problem.
It seems not to be a format problem or problem related to wrong url .
So my question is, where can i enable this ? Do i need additional packages ? Or is the problem elsewhere ?
Many thanks
Mean while i figured out how to accomplish this using latest curl command line tool (version 7.68.0) on windows:
curl -u my_user:my_password --ftp-ssl ftp://my_ip/my_relative_path/my_file --insecure -o my_file
The file for download is on a server where a FileZilla FTP server is working. This server cyphers with a self created cert. The curl client only accepts this, when using flag:
--insecure
So far, i could not find the related options for my c++ curl. Perhaps it is not possible at all, because sources available through vcpkg are not (yet) up to date. But i want to stick with vcpkg. For me, this solutions: using command line tool instead, works fine.
One more hint, which is important: curl version 7.64.00 works NOT. You get error:
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

Use Storybook server on AWS C9?

I'm trying to run a storybook server on AWS Cloud9 but the URL it gives doesn't load anything.
I'm starting the server with
start-storybook -h $HOST -p $PORT --ci
This runs through without error and gives me a "server started" message with a URL. But that URL doesn't connect to anything.
I do notice that the URL isn't secure, and I can imagine AWS having issue with that. There is an --https option on the start-storybook command, but it requires SSL information that I don't know how to source.
Anyone know how this I can get this working?
C9 only opens port 8080, 8081, 8082. So your server should be listening on one of three. Try:
start-storybook -p 8080 s public

Troubleshooting connecting with the eosjs library to eos testnet on aws

we’re using the eosjs library, and have setup to connect to the eos mainnet and it's worked. The issue is when connecting to my aws instance running a testnet, i am getting 'failed to fetch' error:
i've tried using these from my instance as http-endpoints:
http://52.91.212.204:8888
am i using these correctly to connect?
my aws security config is open to all traffic
(btw, i added this to config.ini:
access-control-allow-origin = *)
also relevant, am using nodeos -e -p eosio --plugin eosio::net_api_plugin --plugin eosio::chain_api_plugin --plugin eosio::history_api_plugin --contracts-console