做ssl连接aws服务器的时候,出现一直ssl_connect failed,使用mqttfx工具测试正常,所以确认证书应该没有问题,另外使用另一套地址和和证书,可以连接成功,也就证明代码上应该没有问题。所以现在无法判断问题出现在哪里,有没有前辈遇到过类似问题,请指点一二。
连接日志如下:
cyassl_log CyaSSL Entering CYASSL_CTX_new
cyassl_log CyaSSL Entering CyaSSL_CertManagerNew
cyassl_log CyaSSL Leaving CYASSL_CTX_new, return 0
cyassl_log CyaSSL Entering CyaSSL_CTX_load_verify_buffer
cyassl_log Processing CA PEM file
cyassl_log Adding a CA
cyassl_log CyaSSL Entering GetExplicitVersion
cyassl_log CyaSSL Entering GetMyVersion
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Getting Cert Name
cyassl_log Getting Cert Name
DecodeToKey: Certificate:
Subject: /C=US/O=Amazon/CN=Amazon Root CA 1
Issuer: /C=US/O=Amazon/CN=Amazon Root CA 1
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log CyaSSL Entering DecodeCertExtensions
cyassl_log found optional critical flag, moving past
cyassl_log CyaSSL Entering DecodeBasicCaConstraint
cyassl_log found optional critical flag, moving past
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Parsed new CA
cyassl_log Freeing Parsed CA
cyassl_log Freeing der CA
cyassl_log OK Freeing der CA
cyassl_log CyaSSL Leaving AddCA, return 0
cyassl_log Processed a CA
cyassl_log CyaSSL Entering CyaSSL_CTX_use_PrivateKey_buffer
cyassl_log CyaSSL Entering GetMyVersion
cyassl_log CyaSSL Entering CyaSSL_CTX_use_certificate_buffer
cyassl_log Checking cert signature type
cyassl_log CyaSSL Entering GetExplicitVersion
cyassl_log CyaSSL Entering GetMyVersion
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Getting Cert Name
cyassl_log Getting Cert Name
DecodeToKey: Certificate:
Subject: /CN=AWS IoT Certificate
Issuer: /OU=Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Not ECDSA cert signature
cyassl_log CyaSSL Entering SSL_new
cyassl_log CyaSSL Leaving SSL_new, return 0
cyassl_log CyaSSL Entering SSL_set_fd
cyassl_log CyaSSL Leaving SSL_set_fd, return 1
cyassl_log CyaSSL Entering SSL_connect()
cyassl_log growing output buffer
cyassl_log Shrinking output buffer
cyassl_log connect state: CLIENT_HELLO_SENT
GetInputData: 5
cyassl_log growing input buffer
Blocking for data from network ... expecting 5 bytes
Got 5 bytes
GetInputData: 4998
cyassl_log growing input buffer
Blocking for data from network ... expecting 4998 bytes
Got 2395 bytes
Blocking for data from network ... expecting 2603 bytes
Got 1200 bytes
Blocking for data from network ... expecting 1403 bytes
Got 1200 bytes
Blocking for data from network ... expecting 203 bytes
Got 203 bytes
cyassl_log received record layer msg
cyassl_log CyaSSL Entering DoHandShakeMsg()
cyassl_log CyaSSL Entering DoHandShakeMsgType
cyassl_log processing server hello
cyassl_log CyaSSL Leaving DoHandShakeMsgType(), return 0
cyassl_log CyaSSL Leaving DoHandShakeMsg(), return 0
cyassl_log More messages in record
cyassl_log received record layer msg
cyassl_log CyaSSL Entering DoHandShakeMsg()
cyassl_log CyaSSL Entering DoHandShakeMsgType
cyassl_log processing certificate
cyassl_log Loading peer's cert chain
cyassl_log Put another cert into chain
cyassl_log Put another cert into chain
cyassl_log Put another cert into chain
cyassl_log Put another cert into chain
Total certificates in chain : 4
Decoding the certificates ...
Parse certificate- Length: 1145
cyassl_log CyaSSL Entering GetExplicitVersion
cyassl_log CyaSSL Entering GetMyVersion
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Getting Cert Name
cyassl_log Getting Cert Name
DecodeToKey: Certificate:
Subject: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
Issuer: /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log CyaSSL Entering DecodeCertExtensions
cyassl_log found optional critical flag, moving past
cyassl_log CyaSSL Entering DecodeBasicCaConstraint
cyassl_log found optional critical flag, moving past
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log There are more Authority Information Access records, but we only use first one.
cyassl_log CyaSSL Entering DecodeCrlDist
cyassl_log Extension type not handled, skipping
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log About to verify certificate signature
cyassl_log No CA signer to verify with
cyassl_log Failed to verify CA from chain
Parse certificate- Length: 1174
cyassl_log CyaSSL Entering GetExplicitVersion
cyassl_log CyaSSL Entering GetMyVersion
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Getting Cert Name
cyassl_log Getting Cert Name
DecodeToKey: Certificate:
Subject: /C=US/O=Amazon/CN=Amazon Root CA 1
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log CyaSSL Entering DecodeCertExtensions
cyassl_log found optional critical flag, moving past
cyassl_log CyaSSL Entering DecodeBasicCaConstraint
cyassl_log found optional critical flag, moving past
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log There are more Authority Information Access records, but we only use first one.
cyassl_log CyaSSL Entering DecodeCrlDist
cyassl_log Extension type not handled, skipping
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log About to verify certificate signature
cyassl_log No CA signer to verify with
cyassl_log Failed to verify CA from chain
Parse certificate- Length: 1101
cyassl_log CyaSSL Entering GetExplicitVersion
cyassl_log CyaSSL Entering GetMyVersion
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Getting Cert Name
cyassl_log Getting Cert Name
DecodeToKey: Certificate:
Subject: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
Issuer: /C=US/O=Amazon/CN=Amazon Root CA 1
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log CyaSSL Entering DecodeCertExtensions
cyassl_log found optional critical flag, moving past
cyassl_log CyaSSL Entering DecodeBasicCaConstraint
cyassl_log found optional critical flag, moving past
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log There are more Authority Information Access records, but we only use first one.
cyassl_log CyaSSL Entering DecodeCrlDist
cyassl_log Extension type not handled, skipping
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log About to verify certificate signature
cyassl_log Adding CA from chain
cyassl_log Adding a CA
cyassl_log CyaSSL Entering GetExplicitVersion
cyassl_log CyaSSL Entering GetMyVersion
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Getting Cert Name
cyassl_log Getting Cert Name
DecodeToKey: Certificate:
Subject: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
Issuer: /C=US/O=Amazon/CN=Amazon Root CA 1
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log CyaSSL Entering DecodeCertExtensions
cyassl_log found optional critical flag, moving past
cyassl_log CyaSSL Entering DecodeBasicCaConstraint
cyassl_log found optional critical flag, moving past
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log There are more Authority Information Access records, but we only use first one.
cyassl_log CyaSSL Entering DecodeCrlDist
cyassl_log Extension type not handled, skipping
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Parsed new CA
cyassl_log Freeing Parsed CA
cyassl_log Freeing der CA
cyassl_log OK Freeing der CA
cyassl_log CyaSSL Leaving AddCA, return 0
cyassl_log Veriying Peer's cert
cyassl_log CyaSSL Entering GetExplicitVersion
cyassl_log CyaSSL Entering GetMyVersion
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log Getting Cert Name
cyassl_log Getting Cert Name
DecodeToKey: Certificate:
Subject: /CN=*.iot.us-west-2.amazonaws.com
Issuer: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log CyaSSL Entering DecodeCertExtensions
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log CyaSSL Entering DecodeAltNames
cyassl_log Not DNS type
cyassl_log Extension type not handled, skipping
cyassl_log found optional critical flag, moving past
cyassl_log Extension type not handled, skipping
cyassl_log Extension type not handled, skipping
cyassl_log CyaSSL Entering DecodeCrlDist
cyassl_log Extension type not handled, skipping
cyassl_log There are more Authority Information Access records, but we only use first one.
cyassl_log found optional critical flag, moving past
cyassl_log CyaSSL Entering DecodeBasicCaConstraint
cyassl_log Extension type not handled, skipping
cyassl_log CyaSSL Entering GetAlgoId
cyassl_log About to verify certificate signature
cyassl_log Verified Peer's cert
cyassl_log growing output buffer
cyassl_log Shrinking output buffer
cyassl_log CyaSSL Leaving DoHandShakeMsgType(), return -155
cyassl_log CyaSSL Leaving DoHandShakeMsg(), return -155
cyassl_log CyaSSL error occured, error = -155
cyassl_log CyaSSL Entering SSL_get_error
cyassl_log CyaSSL Leaving SSL_get_error, return -155
cyassl_log CyaSSL Entering ERR_error_string
---------------------err = -155, ASN sig error, confirm failure
SSL_connect failed
cyassl_log CyaSSL Entering SSL_shutdown()
cyassl_log CyaSSL Leaving SSL_shutdown(), return -155
cyassl_log CyaSSL Entering SSL_free
cyassl_log CTX ref count not 0 yet, no free
cyassl_log Shrinking input buffer