IPAD OS v12.1.1上的AWS IOT连接即将关闭 [英] AWS IOT connection is getting closed on IPAD OS v12.1.1

问题描述

当我们在ios版本12.1.1上使用wss协议连接到AWS IoT时，我们能够成功连接到IoT，但是立即我们可以看到IoT触发了onError事件，然后关闭了连接.它尝试再次重新连接，但没有任何运气.我们从物联网中得到的错误是"{IsTrusted:true}". 我们不使用任何证书，仅使用个人资料访问密钥和秘密密钥.

When we are connecting to AWS IoT using wss protocol on ios version 12.1.1, we were able to connect to IoT successfully, but immediately we could see onError event being triggered from IoT and then the connection gets closed. It tries to reconnect again but without any luck. The error we are getting from IoT is "{IsTrusted : true}". We are not using any certificates, just using a profile access key and secret key.

同一内部版本可以在ios 12.0.1、12.1上正确连接

The same build is able to connect properly on ios 12.0.1, 12.1

IOS版本:12.1.1(无效版本)

IOS version:12.1.1(Not working version)

AWS IOT SDK:2.0.0

AWS IOT SDK:2.0.0

推荐答案

iOS 12.1.1引入了Apple的新证书透明策略.从Apple的发行说明中:

iOS 12.1.1 introduced Apple's new Certificate Transparency policy. From Apple's release notes:

iOS 12.1.1要求在2018年10月15日之后发布的公共信任的传输层安全性(TLS)服务器身份验证证书必须符合证书透明性策略，才能在Apple平台上被评估为受信任的.

iOS 12.1.1 requires that publicly-trusted Transport Layer Security (TLS) server authentication certificates issued after October 15, 2018 meet the Certificate Transparency policy to be evaluated as trusted on Apple platforms.

此政策正在成为Google已在其Chrome浏览器中强制执行的广泛标准.亚马逊知道即将到来，并响应这些新政策，发布了其MQTT后端(AWS IoT)的更新，以在新端点上包括适当的认证.参见 https://aws.amazon.com/blogs/iot/aws-iot-core-ats-endpoints/:

This policy is becoming a widespread standard which Google already enforces in its Chrome browser. Amazon knew this was coming and, in response to these new policies, released updates to their MQTT backend (AWS IoT) to include appropriate certification on a new endpoint. See https://aws.amazon.com/blogs/iot/aws-iot-core-ats-endpoints/:

您必须为帐户中的每个区域明确请求一个Amazon Trust Services终端节点.您拥有的任何现有客户端点都可能是VeriSign端点.如果您的终端节点在第一个子域的末尾带有"-ats"，则它是Amazon Trust Services终端节点.例如，"asdfasdf-ats.iot.us-east-2.amazonaws.com"是ATS端点.

You must explicitly request an Amazon Trust Services endpoint for each region in your account. Any existing customer endpoint you have is most likely a VeriSign endpoint. If your endpoint has "-ats" at the end of the first subdomain, then it is an Amazon Trust Services endpoint. For example, ‘asdfasdf-ats.iot.us-east-2.amazonaws.com’ is an ATS endpoint.

简而言之，对于我的iOS应用程序，我们使用的是AWS提供的MQTT端点asdfasdf.iot.us-east-2.amazonaws.com(仅作为示例)，而没有-ats.我将端点更新为asdfasdf-ats.iot.us-east-2.amazonaws.com，我们能够完成SSL握手.

In short, for my iOS App, we were using our AWS provided MQTT endpoint asdfasdf.iot.us-east-2.amazonaws.com (just an example), without the -ats. I updated the endpoint to asdfasdf-ats.iot.us-east-2.amazonaws.com and we were able to accomplish our SSL handshake.

我希望这对您的问题有所帮助！祝你好运！

I hope this helps with your issue! Good Luck!

这篇关于IPAD OS v12.1.1上的AWS IOT连接即将关闭的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！