SSL certificate location

[datahack336]

I have the application running on a local machine(macOS) that connects to IoT and subscribers to certain topics. It works flawlessly. But when my colleague tries the same app on his Windows, it fails with an SSL handshake error. I thought he did not set REQUEST_CA_BUNDLE properly, but it looks like the library is not referencing this variable. Where does this library look for .pem file?

Code for creating IoT core connection:

credentials_provider = auth.AwsCredentialsProvider.new_default_chain() mqtt_connection = mqtt_connection_builder.websockets_with_default_aws_signing( endpoint=aws_iot_endpoint, region="us-east-1", credentials_provider=credentials_provider, client_id=client_id, on_connection_interrupted=on_connection_interrupted, on_connection_resumed=on_connection_resumed, clean_session=False, keep_alive_secs=30)

Error he gets:

ERROR - There was an error: AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed. RuntimeError: 5131 (AWS_ERROR_MQTT_NOT_CONNECTED): The requested operation is invalid as the connection is not open.

[bretambrose]

Unless you specify a root ca override, the appropriate system trust store is used based on the OS.

Debug level logs might give a better idea as to what's going on.

[github-actions[bot]]

Hello! Reopening this discussion to make it searchable.