Aws-sdk-ios: AWS IoT requires using of `-ats.xxx.xxx` endpoints.

Created on 6 Dec 2018 · 27Comments · Source: aws-amplify/aws-sdk-ios

Describe the bug
mqtt cannot connected in IOS 12.1.1 ,and it is normal in lower version.

To Reproduce
Steps to reproduce the behavior:

Which AWS service(s) are affected?
Iot
Expected behavior

Screenshots
Connecting...
2018-12-06 20:04:24:347 IoTSampleSwift[1120:38283] username is : ?SDK=iOS&Version=2.6.19
2018-12-06 20:04:24:347 IoTSampleSwift[1120:38283] Metrics collection is: Enabled
2018-12-06 20:04:24:352 IoTSampleSwift[1120:38623] <<{number = 20, name = (null)}>> Initializing MQTTEncoder and MQTTDecoder streams
2018-12-06 20:04:24:353 IoTSampleSwift[1120:38623] opening encoder stream.
2018-12-06 20:04:24:353 IoTSampleSwift[1120:38623] opening decoder stream.
2018-12-06 20:04:24.976071+0800 IoTSampleSwift[1120:38623] CFNetwork SSLHandshake failed (-9807)
2018-12-06 20:04:24.976169+0800 IoTSampleSwift[1120:38623] TCP Conn 0x28281b600 SSLHandshake failed (-9807)
2018-12-06 20:04:24:976 IoTSampleSwift[1120:38623] MQTT session error, code: 3
2018-12-06 20:04:24:977 IoTSampleSwift[1120:38623] closing encoder stream.
2018-12-06 20:04:24:977 IoTSampleSwift[1120:38623] closing decoder stream.
2018-12-06 20:04:25:983 IoTSampleSwift[1120:38623] MQTTSessionEventConnectionError: Received an MQTT session connection error
connection status = 5
Connection Error
2018-12-06 20:06:33:987 IoTSampleSwift[1120:38633] Attempting to reconnect.
connection status = 1
Connecting...
2018-12-06 20:06:33:988 IoTSampleSwift[1120:38633] username is : ?SDK=iOS&Version=2.6.19
2018-12-06 20:06:33:988 IoTSampleSwift[1120:

Environment(please complete the following information):

SDK Version: 'AWSIoT', '~> 2.7.3'
Dependency Manager: Cocoapods
Swift Version : [e.g. 4.0]

Device Information (please complete the following information):

Device: 7Plus iPhone X
iOS Version:12.1.1
Specific to simulators:

Additional context
Add any other context about the problem here.

iot question requesting info

Source

MrLiuYunPing

Most helpful comment

@MrLiuYunPing, @BronzeWareH

Sorry to hear you are running into issues. I will look into this and get back to you. One quick thing to check - is your MQTT endpoint configured with an Amazon Trust Services certificate? The easiest way to check is to see if your endpoint has a -ats or .ats in it.

If it is not, then can you go to the AWS Console->IoT Core ->Settings page and use the URL present there _( ATS configured URLs have been setup for you by default)_

cbommas on 7 Dec 2018

👍2 ❤1 🎉1

All 27 comments

any one see the issue?

MrLiuYunPing on 7 Dec 2018

I can repro this issue. @rohandubal , Can you help to assign someone to follow up?

BronzeWareH on 7 Dec 2018

MrLiuYunPing on 7 Dec 2018

@MrLiuYunPing, @BronzeWareH

If it is not, then can you go to the AWS Console->IoT Core ->Settings page and use the URL present there _( ATS configured URLs have been setup for you by default)_

cbommas on 7 Dec 2018

👍2 ❤1 🎉1

OK I will try as the way you have provided !Thank you for your suggestions! Can you repro this issue?

MrLiuYunPing on 7 Dec 2018

I'm having the same issue. The endpoint we're using ends with -ats.iot.us-east-1.amazonaws.com

johnflanagan-spok on 7 Dec 2018

@MrLiuYunPing @johnflanagan-spok @BronzeWareH

@rohandubal and I tried to reproduce this on our side, but did not encounter the problem on either an iOS 12.1 simulator or a physical device running 12.1.1.

It will be helpful if you can try this on a physical device running 12.1.1 and let us know how it goes.

Also, can you let me know how you got hold of a 12.1.1 simulator? I have the latest XCode and it only has options for 12.1

cbommas on 8 Dec 2018

Same issue. I'm on west-2. Works fine on simulator (12.1) and devices I haven't upgraded yet (still on 12.1) but soon as you go to 12.1.1 you're sunk.

arrow53 on 8 Dec 2018

@arrow53
Is your endpoint configured with an ATS certificate. See my post earlier in this thread on how to verify.

Also, can you post your logs from running this on a 12.1.1 physical device?

cbommas on 8 Dec 2018

@cbommas haha yeah, you're right. That's all it was. I just needed to update the endpoint. Thanks!

arrow53 on 8 Dec 2018

@arrow53
good to hear! thank you for letting me know.

@MrLiuYunPing @BronzeWareH @johnflanagan-spok
Can you also validate on your side please

cbommas on 8 Dec 2018

👍1

@cbommas
Problem solved by using the new endpoints.
In us-east Virginia it is '-ats', in cn-north Beijing it is '.ats'

ufosaga on 8 Dec 2018

@cbommas It's ok, Thanks

XQ-Huang on 8 Dec 2018

thank you ，my problem is resolved!@cbommas

MrLiuYunPing on 8 Dec 2018

Thank you all.

cbommas on 8 Dec 2018

👍1

@cbommas I'm still getting an SSLHandshake failed error.

Our IoTCore endpoint contains -ats, but it doesn't look like it's even getting far enough to attempt to reach that address. It's failing trying to connect to wss://data.iot.us-east-1.amazonaws.com/mqtt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=... at https://github.com/aws-amplify/aws-sdk-ios/blob/c60cfce7e2445668fc631418ac3be1624b729c62/AWSIoT/Internal/AWSIoTMQTTClient.m#L451

johnflanagan-spok on 10 Dec 2018

@johnflanagan-spok

It appears that it still connecting to the non ATS endpoint. It could be that your configuration is still pointing to the old URL. Can you share a code snippet on how you are configuring and instantiating the IoT client?

Also, can you make sure that you have followed the steps to configure the client as documented here - https://aws-amplify.github.io/docs/ios/pubsub.

I will reopen this thread to make sure that we can track this issue appropriately.

cbommas on 10 Dec 2018

@cbommas

I wasn't explicitly setting the endpoint in the AWSServiceConfiguration. I've set that and it looks to be working now. Thanks!

johnflanagan-spok on 10 Dec 2018

Excellent. Thank you for confirming.

cbommas on 10 Dec 2018

👍1

Same issue. I have used the ats.xxx.xxx endpoint, useast1

Wanxujie on 28 Dec 2018

@cbommas Should I need insert RootCA to iOS Application?

Wanxujie on 28 Dec 2018

@Wanxujie I didn't need to install a certificate. The mistake I was making was not explicitly supplying an endpoint to initialize AWSServiceConfiguration. I changed my code from:

AWSServiceConfiguration(region: config.region, credentialsProvider: credentialProvider)

let endpoint = AWSEndpoint(urlString: "wss://\(environment.iotEndpoint)")
AWSServiceConfiguration(region: config.region, endpoint: endpoint, credentialsProvider: self.credentialProvider)

and that fixed it for me. (obviously config and environment were coming in form somewhere else)

johnflanagan-spok on 28 Dec 2018

@johnflanagan-spok

Thanks for helping with this.

@Wanxujie
can you confirm if that fixes your issue. Otherwise, please open a new issue so that we can track it and get it addressed for you.

cbommas on 29 Dec 2018

@MrLiuYunPing, @BronzeWareH

Sorry to hear you are running into issues. I will look into this and get back to you. One quick thing to check - is your MQTT endpoint configured with an Amazon Trust Services certificate? The easiest way to check is to see if your endpoint has a -ats or .ats in it.

If it is not, then can you go to the AWS Console->IoT Core ->Settings page and use the URL present there _( ATS configured URLs have been setup for you by default)_

thanks brother error has fixed.