Hello all, I am working on AWS device qualification program, for that it is required to clear some tests in AWS IoT Device Advisor test suite. I have used MQTT nodes to connect AWS IoT.
The test suite consist of
- MQTT Connect
- MQTT Subscribe
- MQTT Publish
- TLS Connect
- TLS Unsecure Server Cert
- TLS Incorrect Subject Name Server Cert
from these test cases 1 to 4 are passed, but the last two, TLS Unsecure Server Cert and TLS Incorrect Subject Name Server Cert got failed.
TLS Unsecure Server Cert failed with the message - EXPECT_DEVICE_DISCONNECT.
Details of test cases as stated here.
TLS Unsecure Server Cert
Validates that the client device closes the connection if it's presented with a server certificate that doesn't have a valid signature from the ATS CA. A device should only connect to an endpoint that presents a valid certificate.
Test case outputs:
Pass: The client device closed the connection.
Fail: The client device completed TLS handshake with AWS IoT.
TLS Incorrect Subject Name Server Cert
Validates that the client device closes the connection if it's presented with a server certificate for a domain name that is different than the one requested.
Test case outputs:
Pass: The client device closed the connection.
Fail: The client device completed TLS handshake with AWS IoT.
I checked the code of node-red mqtt node, it seems like the condition is missing in the mqtt node to close the connection when the TLS server cert validation fails. Following is a snippet I found in mqtt broker node.
if (typeof this.options.rejectUnauthorized === 'undefined') {
this.options.rejectUnauthorized = (this.verifyservercert == "true" || this.verifyservercert === true);
}
But the rejectUnauthorized is never used in the code, could someone suggest me where/how to add the condition in the code to successfully execute the test cases.