Hi,
I have an issue that MQTT connect always fail with an error code 5 (not authorized) on Raspberry Pi3.
Followed the steps for X.509 CA Signed authentication type, created necessary certificates and verified with AzureIoT.
From PahoMQTT logs, SSL Connection is established and fails in MQTT Connect.
=========================================================
Trace Output
Product name: Eclipse Paho Asynchronous MQTT C Client Library
Version: 1.3.4
Build level: Sun 16 May 21:45:33 CEST 2021
OpenSSL version: OpenSSL 3.0.0-alpha17-dev
OpenSSL flags: compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
OpenSSL build timestamp: built on: Sun May 16 18:57:37 2021 UTC
OpenSSL platform: platform: linux-armv4
OpenSSL directory: OPENSSLDIR: "/usr/local/ssl"
/proc/version: Linux version 4.9.35-v7+ (dc4@dc4-XPS13-9333) (gcc version 4.9.3 (crosstool-NG crosstool-ng-1.22.0-88-g8460611) ) #1014 SMP Fri Jun 30 14:47:43 BST 2017
=========================================================
[MQTT]: Connecting:ssl://XXXXXXXXXXXXXXXXXXXXXXX.azure-devices.net:8883
20210516 224137.294 Connecting to serverURI XXXXXXXXXXXXXXXXXXXXXXX.azure-devices.net:8883 with MQTT version 4
20210516 224137.556 SSL cipher available: 0:TLS_AES_256_GCM_SHA384
20210516 224137.556 SSL cipher available: 1:TLS_CHACHA20_POLY1305_SHA256
20210516 224137.556 SSL cipher available: 2:TLS_AES_128_GCM_SHA256
20210516 224137.556 SSL cipher available: 3:ECDHE-ECDSA-AES256-GCM-SHA384
20210516 224137.556 SSL cipher available: 4:ECDHE-RSA-AES256-GCM-SHA384
20210516 224137.616 SSL cipher available: 5:DHE-RSA-AES256-GCM-SHA384
20210516 224137.616 SSL cipher available: 6:ECDHE-ECDSA-CHACHA20-POLY1305
20210516 224137.616 SSL cipher available: 7:ECDHE-RSA-CHACHA20-POLY1305
20210516 224137.616 SSL cipher available: 8:DHE-RSA-CHACHA20-POLY1305
20210516 224137.616 SSL cipher available: 9:ECDHE-ECDSA-AES128-GCM-SHA256
20210516 224137.616 SSL cipher available: 10:ECDHE-RSA-AES128-GCM-SHA256
20210516 224137.616 SSL cipher available: 11:DHE-RSA-AES128-GCM-SHA256
20210516 224137.616 SSL cipher available: 12:ECDHE-ECDSA-AES256-SHA384
20210516 224137.616 SSL cipher available: 13:ECDHE-RSA-AES256-SHA384
20210516 224137.616 SSL cipher available: 14:DHE-RSA-AES256-SHA256
20210516 224137.616 SSL cipher available: 15:ECDHE-ECDSA-AES128-SHA256
20210516 224137.616 SSL cipher available: 16:ECDHE-RSA-AES128-SHA256
20210516 224137.616 SSL cipher available: 17:DHE-RSA-AES128-SHA256
20210516 224137.616 SSL cipher available: 18:ECDHE-ECDSA-AES256-SHA
20210516 224137.616 SSL cipher available: 19:ECDHE-RSA-AES256-SHA
20210516 224137.616 SSL cipher available: 20:DHE-RSA-AES256-SHA
20210516 224137.616 SSL cipher available: 21:ECDHE-ECDSA-AES128-SHA
20210516 224137.616 SSL cipher available: 22:ECDHE-RSA-AES128-SHA
20210516 224137.616 SSL cipher available: 23:DHE-RSA-AES128-SHA
20210516 224137.616 SSL cipher available: 24:RSA-PSK-AES256-GCM-SHA384
20210516 224137.619 SSL cipher available: 25:DHE-PSK-AES256-GCM-SHA384
20210516 224137.619 SSL cipher available: 26:RSA-PSK-CHACHA20-POLY1305
20210516 224137.619 SSL cipher available: 27:DHE-PSK-CHACHA20-POLY1305
20210516 224137.619 SSL cipher available: 28:ECDHE-PSK-CHACHA20-POLY1305
20210516 224137.619 SSL cipher available: 29:AES256-GCM-SHA384
20210516 224137.619 SSL cipher available: 30:PSK-AES256-GCM-SHA384
20210516 224137.619 SSL cipher available: 31:PSK-CHACHA20-POLY1305
20210516 224137.619 SSL cipher available: 32:RSA-PSK-AES128-GCM-SHA256
20210516 224137.619 SSL cipher available: 33:DHE-PSK-AES128-GCM-SHA256
20210516 224137.619 SSL cipher available: 34:AES128-GCM-SHA256
20210516 224137.619 SSL cipher available: 35:PSK-AES128-GCM-SHA256
20210516 224137.619 SSL cipher available: 36:AES256-SHA256
20210516 224137.619 SSL cipher available: 37:AES128-SHA256
20210516 224137.619 SSL cipher available: 38:ECDHE-PSK-AES256-CBC-SHA384
20210516 224137.619 SSL cipher available: 39:ECDHE-PSK-AES256-CBC-SHA
20210516 224137.619 SSL cipher available: 40:SRP-RSA-AES-256-CBC-SHA
20210516 224137.619 SSL cipher available: 41:SRP-AES-256-CBC-SHA
20210516 224137.619 SSL cipher available: 42:RSA-PSK-AES256-CBC-SHA384
20210516 224137.619 SSL cipher available: 43:DHE-PSK-AES256-CBC-SHA384
20210516 224137.619 SSL cipher available: 44:RSA-PSK-AES256-CBC-SHA
20210516 224137.620 SSL cipher available: 45:DHE-PSK-AES256-CBC-SHA
20210516 224137.620 SSL cipher available: 46:AES256-SHA
20210516 224137.620 SSL cipher available: 47:PSK-AES256-CBC-SHA384
20210516 224137.620 SSL cipher available: 48:PSK-AES256-CBC-SHA
20210516 224137.620 SSL cipher available: 49:ECDHE-PSK-AES128-CBC-SHA256
20210516 224137.620 SSL cipher available: 50:ECDHE-PSK-AES128-CBC-SHA
20210516 224137.620 SSL cipher available: 51:SRP-RSA-AES-128-CBC-SHA
20210516 224137.620 SSL cipher available: 52:SRP-AES-128-CBC-SHA
20210516 224137.620 SSL cipher available: 53:RSA-PSK-AES128-CBC-SHA256
20210516 224137.620 SSL cipher available: 54:DHE-PSK-AES128-CBC-SHA256
20210516 224137.620 SSL cipher available: 55:RSA-PSK-AES128-CBC-SHA
20210516 224137.620 SSL cipher available: 56:DHE-PSK-AES128-CBC-SHA
20210516 224137.620 SSL cipher available: 57:AES128-SHA
20210516 224137.620 SSL cipher available: 58:PSK-AES128-CBC-SHA256
20210516 224137.620 SSL cipher available: 59:PSK-AES128-CBC-SHA
20210516 224137.622 SSL handshake started write:unknown:unknown
20210516 224137.622 SSL state connect:before SSL initialization:(NONE)
20210516 224137.622 SSL state connect:SSLv3/TLS write client hello:(NONE)
20210516 224137.622 SSL connect:SSLv3/TLS write client hello
20210516 224137.734 SSL connect:SSLv3/TLS write client hello
20210516 224137.740 SSL connect:SSLv3/TLS write client hello
20210516 224137.741 SSL state connect:SSLv3/TLS write client hello:(NONE)
20210516 224137.741 SSL state connect:SSLv3/TLS read server hello:(NONE)
20210516 224137.741 SSL state connect:SSLv3/TLS read server certificate:(NONE)
20210516 224137.741 SSL state connect:SSLv3/TLS read server key exchange:(NONE)
20210516 224137.748 SSL state connect:SSLv3/TLS read server certificate request:(NONE)
20210516 224137.748 SSL state connect:SSLv3/TLS read server done:(NONE)
20210516 224137.748 SSL state connect:SSLv3/TLS write client certificate:(NONE)
20210516 224137.748 SSL state connect:SSLv3/TLS write client key exchange:(NONE)
20210516 224137.748 SSL state connect:SSLv3/TLS write certificate verify:(NONE)
20210516 224137.748 SSL state connect:SSLv3/TLS write change cipher spec:ECDHE-RSA-AES128-SHA256
20210516 224137.748 SSL state connect:SSLv3/TLS write finished:ECDHE-RSA-AES128-SHA256
20210516 224137.748 SSL connect:SSLv3/TLS write finished
20210516 224138.083 SSL state connect:SSLv3/TLS write finished:ECDHE-RSA-AES128-SHA256
20210516 224138.083 SSL state connect:SSLv3/TLS read change cipher spec:ECDHE-RSA-AES128-SHA256
20210516 224138.083 SSL state connect:SSLv3/TLS read finished:ECDHE-RSA-AES128-SHA256
20210516 224138.083 SSL handshake done write:unknown:unknown
20210516 224138.083 SSL certificate verification: X509_V_OK
20210516 224138.083 SSL connect:SSL negotiation finished successfully
20210516 224138.083 peername from X509_check_host is .azure-devices.net
20210516 224138.085 3 "azure-dev-test2" -> CONNECT version 4 clean: 1 (0)
20210516 224138.206 3 "azure-dev-test2" <- CONNACK rc: 5*
20210516 224138.206 SSL alert write:warning:close notify
[MQTT]: CB_ConnectFailure: 5,CONNACK return code
Could you please provide some points where to look further?
Thanks