Not able to establish MQTT connection without overriding default system trust store on Android #157
Description
- I've searched for previous similar issues and didn't find any solution
Known Issue
- I'm using ATS data type endpoint: the endpoint should look like
<prefix>-ats.iot.<region>.amazonaws.com
Describe the bug
Not able to establish MQTT connection without overriding default system trust store on Android.
SDK version number
Platform/OS/Hardware/Device
What are you running the sdk on?
Device:Pixel 3a
OS: Android 11
To Reproduce (observed behavior)
private var connection: MqttClientConnection? = null
val eventLoopGroup = EventLoopGroup(1)
connection = newMtlsBuilder(config.certificate, config.privateKey)
.withClientId(clientId)
.withCleanSession(true)
.withKeepAliveMs(MQTT_CONNECTION_KEEP_ALIVE_TIME_MILLI_SECONDS)
.withWill(lastWill(config), QualityOfService.AT_LEAST_ONCE, false)
.withConnectionEventCallbacks(connectionCallback)
.withBootstrap(ClientBootstrap(eventLoopGroup, HostResolver(eventLoopGroup)))
.withEndpoint(config.iotEndpoint)
.build()
connection?.connect()?.get()
With above code we get TLS (SSL) negotiation failed if we don't provide an explicit root certificate via withCertificateAuthoriy.
Expected behavior
It should be able to connect as Amazon root Cert is present in the trust store of Pixel3a running Android 11. As shown here.
Logs/output
TLS (SSL) negotiation failed
Additional context
We mentioned this issue before and had internal sync meetings with the team. It's a known issue. Before it was mixed up with another issue, so creating separate one to be explicit and track the progress.