Verifying a valid root certificate always fails.

Eugene G · ‎2022-09-08

I'm totally baffled by this one.

Brief:

I have 2 projects, connecting to a MQTT broker.

First project is just a basic shell - Connects to broker and publishes dummy data to a topic. Works perfectly.

Second project is an expansion of the First one and is supposed to connect to the same broker and publish real data to the same topic.

What is confusing me is that the Second project is unable to connect to the broker. I am always receiving a "The certificate is not correctly signed by the trusted CA" error when it tries to open the socket. Certificate and broker settings are EXACTLY the same as the first project. Second project is essentially a direct clone of the first one, with more code added in. Additional code is not related to the MQTT connection settings and process.

Can anyone point me in the right direction? Why is the same certificate valid on one project and invalid on the other?

grd · ‎2023-06-23

I assume that the issue relates for the TLS client to verify the server certificate thanks to the root CA certificate which has signed the server certificate.

In such a case, where the TLS configuration (certificates, keys, TLS library configuration) and the target system (drivers, network environment, test time) are identical in both project, it may be worth investigating possible memory corruption sources, such as stack overflow, unhandled dynamic memory allocation failure, or defective thread safety.