AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE in lambda #703
Description
Describe the bug
In a python lambda context (can be reproduced in the amazon/aws-lambda-python:3.12 docker image), the connection to the MQTT endpoint fails the TLS handshake even if the AmazonRootCA1.pem certificate is given to the client.
The debug logs show [WARN] [2025-12-04T21:24:55Z] [00007f567e400640] [tls-handler] - id=0x7f566c0130f0: negotiation failed with error Certificate is untrusted (Error encountered in /tmp/build-via-sdist-225wx5hs/awscrt-0.28.1/crt/s2n/tls/s2n_x509_validator.c:229) (full output bellow)
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
The client connects properly to the AWS MQTT broker
Current Behavior
The TLS handshake fails.
Reproduction Steps
Running this script in the amazon/aws-lambda-python:3.12 docker image.
#! /usr/bin/env python3
import os
import uuid
from awscrt import auth, io
from awsiot import mqtt_connection_builder
log_level = io.LogLevel.Debug
file_name = 'stderr'
io.init_logging(log_level, file_name)
ca_filepath = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'AmazonRootCA1.pem')
endpoint = "XXX-ats.iot.us-east-1.amazonaws.com."
credentials_provider = auth.AwsCredentialsProvider.new_default_chain()
client_id = f"test-client-{str(uuid.uuid4())}"
client = mqtt_connection_builder.websockets_with_default_aws_signing(endpoint=endpoint,
client_id=client_id,
region="us-east-1",
credentials_provider=credentials_provider,
ca_filepath=ca_filepath,
)
connect_future = client.connect()
connect_future.result()
print("Done")Possible Solution
No response
Additional Information/Context
Full debug output of the script ran in the docker image:
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281a4080: Initializing edge-triggered epoll
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281a4080: Using eventfd for cross-thread notifications.
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281a4080: Starting event-loop thread.
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281bc920: Initializing edge-triggered epoll
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281bc920: Using eventfd for cross-thread notifications.
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281bc920: Starting event-loop thread.
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281c1f20: Initializing edge-triggered epoll
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281c1f20: Using eventfd for cross-thread notifications.
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [event-loop] - id=0x281c1f20: Starting event-loop thread.
[INFO] [2025-12-04T21:24:55Z] [00007f567ee00640] [event-loop] - id=0x281a4080: main loop started
[INFO] [2025-12-04T21:24:55Z] [00007f567ee00640] [event-loop] - id=0x281a4080: default timeout 100000, and max events to process per tick 100
[INFO] [2025-12-04T21:24:55Z] [00007f567e400640] [event-loop] - id=0x281bc920: main loop started
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [dns] - id=0x2819c8b0: Initializing default host resolver with 16 max host entries.
[INFO] [2025-12-04T21:24:55Z] [00007f567e400640] [event-loop] - id=0x281bc920: default timeout 100000, and max events to process per tick 100
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [channel-bootstrap] - id=0x2810a7b0: Initializing client bootstrap with event-loop group 0x281a18f0
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x27f6afb0): TLS context not provided, initializing a new one for credentials provider.
[INFO] [2025-12-04T21:24:55Z] [00007f567da00640] [event-loop] - id=0x281c1f20: main loop started
[INFO] [2025-12-04T21:24:55Z] [00007f567da00640] [event-loop] - id=0x281c1f20: default timeout 100000, and max events to process per tick 100
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [tls-handler] - Set security policy to AWS-CRT-SDK-TLSv1.0-2023 (minimum_tls_version: 128; cipher_pref: 0)
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - Creating profile collection from file at "/root/.aws/config"
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - Creating profile collection from file at "/root/.aws/credentials"
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "region" has value "" replaced during merge
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "aws_access_key_id" has value "" replaced during merge
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "aws_secret_access_key" has value "" replaced during merge
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "aws_access_key_id" has value "" replaced during merge
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "aws_secret_access_key" has value "" replaced during merge
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - static: profile default attempting to create profile-based credentials provider
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - Creating profile collection from file at "/root/.aws/config"
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - Successfully built config profile collection from file at (/root/.aws/config)
[ERROR] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - Failed to resolve role arn during sts web identity provider initialization.
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - ECS provider: Unable to initialize from environment because AWS_CONTAINER_CREDENTIALS_FULL_URI and AWS_CONTAINER_CREDENTIALS_RELATIVE_URI are not set.
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - default chain: IMDS credentials provider will be used to retrieve credentials
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [channel-bootstrap] - id=0x2810a7b0: acquiring bootstrap reference
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [connection-manager] - id=0x283c8070: Successfully created
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [exp-backoff-strategy] - id=0x282ccae0: Initializing exponential backoff retry strategy with scale factor: 0 jitter mode: 0 and max retries 1
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [tls-handler] - Set security policy to AWS-CRT-SDK-TLSv1.0-2023 (minimum_tls_version: 128; cipher_pref: 0)
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [tls-handler] - ctx: Setting ALPN list http/1.1
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [mqtt-client] - client=0x27ff6ea0: Initalizing MQTT client
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [channel-bootstrap] - id=0x2810a7b0: acquiring bootstrap reference
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [mqtt-client] - id=0x282c6c50: Creating new mqtt 311 connection
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [mqtt-topic-tree] - tree=0x282c6fb0: Creating new topic tree
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [mqtt-client] - id=0x282c6c50: Begin connecting process, switch state to CONNECTING.
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [mqtt-client] - id=0x282c6c50: using ping timeout of 3000000000 ns
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x27f6afb0) Credentials provider chain get credentials dispatch
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x28300e30) Cached credentials provider has expired credentials. Requerying.
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x282d11d0) Credentials provider chain get credentials dispatch
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - id=0x282c76b0: Failed to load credentials from environment variables: Required environment variables could not be sourced from process environment
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x282d11d0) Credentials provider chain callback 1 invoked with invalid credentials and error code 6150
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x282d11d0) Credentials provider chain invoking chain member #1
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - Creating profile collection from file at "/root/.aws/config"
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x282d0e10) Profile credentials provider successfully built config profile collection from file at (/root/.aws/config)
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - Creating profile collection from file at "/root/.aws/credentials"
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x282d0e10) Profile credentials provider successfully built credentials profile collection from file at (/root/.aws/credentials)
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "region" has value "" replaced during merge
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "aws_access_key_id" has value "" replaced during merge
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "aws_secret_access_key" has value "" replaced during merge
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "aws_access_key_id" has value "" replaced during merge
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AWSProfile] - property "aws_secret_access_key" has value "" replaced during merge
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x282d0e10) Profile credentials provider attempting to pull credentials from profile "default"
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - Loaded credentials from profile provider
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x282d11d0) Credentials provider chain callback terminating on index 2, with valid credentials and error code 0
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x28300e30) Cached credentials provider next refresh time set to 3694646927815
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x28300e30) Cached credentials provider successfully sourced credentials on refresh
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x28300e30) Cached credentials provider notifying pending queries of new credentials
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthCredentialsProvider] - (id=0x27f6afb0) Default chain credentials provider successfully sourced credentials
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthSigning] - (id=0x28020270) Signing successfully built canonical request for algorithm SigV4, with contents
GET
/mqtt
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=XXX%2F20251204%2Fus-east-1%2Fiotdevicegateway%2Faws4_request&X-Amz-Date=20251204T212455Z&X-Amz-SignedHeaders=connection%3Bhost
connection:Upgrade
host:XXX-ats.iot.us-east-1.amazonaws.com.
connection;host
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthSigning] - (id=0x28020270) Signing successfully built string-to-sign via algorithm SigV4, with contents
AWS4-HMAC-SHA256
20251204T212455Z
20251204/us-east-1/iotdevicegateway/aws4_request
d1bd918dc89bea1cb4683ad8b7aa6cfc946884f664b05dd2dcb7d9eb3578e752
[INFO] [2025-12-04T21:24:55Z] [00007f5680f41b80] [AuthSigning] - (id=0x28020270) Http request successfully built final authorization value via algorithm SigV4, with contents
677eb0a728ab72e0b878e39e4a3d39458ef864a069cf88827dc9823af985ec95
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [channel-bootstrap] - id=0x2810a7b0: acquiring bootstrap reference
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [dns] - id=0x2819c8b0: Host resolution requested for XXX-ats.iot.us-east-1.amazonaws.com.
[DEBUG] [2025-12-04T21:24:55Z] [00007f5680f41b80] [dns] - id=0x2819c8b0: No cached entries found for XXX-ats.iot.us-east-1.amazonaws.com. starting new resolver thread.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolving host XXX-ats.iot.us-east-1.amazonaws.com.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 52.0.243.154
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 44.207.231.8
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 35.174.164.121
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 3.227.63.223
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 3.213.206.235
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 44.218.49.113
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 35.175.89.238
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 100.28.60.185
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 2406:da00:ff00::23aa:12ca
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 2406:da00:ff00::2cd2:a330
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 2406:da00:ff00::2cdb:e475
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 2406:da00:ff00::22ea:c1f4
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 2406:da00:ff00::36eb:5a92
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 2406:da00:ff00::3d4:802b
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 2406:da00:ff00::3e2:e4b9
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: resolved record: 2406:da00:ff00::3402:4ba0
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static, resolving host XXX-ats.iot.us-east-1.amazonaws.com. successful, returned 16 addresses
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 52.0.243.154 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 44.207.231.8 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 35.174.164.121 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 3.227.63.223 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 3.213.206.235 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 44.218.49.113 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 35.175.89.238 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 100.28.60.185 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 2406:da00:ff00::23aa:12ca for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 2406:da00:ff00::2cd2:a330 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 2406:da00:ff00::2cdb:e475 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 2406:da00:ff00::22ea:c1f4 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 2406:da00:ff00::36eb:5a92 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 2406:da00:ff00::3d4:802b for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 2406:da00:ff00::3e2:e4b9 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static: new address resolved 2406:da00:ff00::3402:4ba0 for host XXX-ats.iot.us-east-1.amazonaws.com. caching
[DEBUG] [2025-12-04T21:24:55Z] [00007f567d000640] [dns] - static, invoking resolution callback for host XXX-ats.iot.us-east-1.amazonaws.com. with 2 addresses
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c000e90 fd=11: initializing with domain 1 and type 0
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c000e90 fd=11: setting socket options to: keep-alive 0, keep-alive timeout 0, keep-alive interval 0, keep-alive probe count 0.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c000e90 fd=11: beginning connect.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c000e90 fd=11: connecting to endpoint 2406:da00:ff00::23aa:12ca:443.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c000e90 fd=11: connect failed with error code 101.
[INFO] [2025-12-04T21:24:55Z] [00007f567e400640] [dns] - id=0x2819c8b0: recording failure for record 2406:da00:ff00::23aa:12ca for XXX-ats.iot.us-east-1.amazonaws.com., moving to bad list
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [dns] - static: purging address 2406:da00:ff00::23aa:12ca for host XXX-ats.iot.us-east-1.amazonaws.com. from the cache due to cache eviction or shutdown
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c000e90 fd=11: is still open, closing...
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c000e90 fd=11: closing
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel-bootstrap] - id=0x2810a7b0: Socket connect attempt 1/2 failed with error 1049. More attempts ongoing...
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c001af0 fd=11: initializing with domain 0 and type 0
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c001af0 fd=11: setting socket options to: keep-alive 0, keep-alive timeout 0, keep-alive interval 0, keep-alive probe count 0.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c001af0 fd=11: beginning connect.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c001af0 fd=11: connecting to endpoint 52.0.243.154:443.
[INFO] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c001af0 fd=11: connection success
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket] - id=0x7f566c001af0 fd=11: assigning to event loop 0x281bc920
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel-bootstrap] - id=0x2810a7b0: client connection on socket 0x7f566c001af0 completed with error 0 : AWS_ERROR_SUCCESS
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel] - id=0x7f566c001f80: Beginning creation and setup of new channel.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel] - id=0x7f566c001f80: setup complete, notifying caller.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel] - id=0x7f566c001f80: no message pool is currently stored in the event-loop local storage, adding 0x7f566c0024e0 with max message size 16384, message count 4, with 4 small blocks of 128 bytes.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel-bootstrap] - id=0x2810a7b0: channel 0x7f566c001f80 setup succeeded: bootstrapping.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [socket-handler] - id=0x7f5660006ab0: Socket handler created with max_read_size of 16384
[WARN] [2025-12-04T21:24:55Z] [00007f567e400640] [tls-handler] - id=0x7f566c0130f0: negotiation failed with error Certificate is untrusted (Error encountered in /tmp/build-via-sdist-225wx5hs/awscrt-0.28.1/crt/s2n/tls/s2n_x509_validator.c:229)
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel-bootstrap] - id=0x2810a7b0: tls negotiation result 1029 on channel 0x7f566c001f80
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel] - id=0x7f566c001f80: Channel shutdown is already pending, not scheduling another.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel] - id=0x7f566c001f80: Channel shutdown is already pending, not scheduling another.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel] - id=0x7f566c001f80: beginning shutdown process
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel] - id=0x7f566c001f80: handler 0x7f5660006ab0 shutdown in read dir completed.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [tls-handler] - id=0x7f566c0130f0: Shutting down read direction with error code 1029
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [channel] - id=0x7f566c001f80: handler 0x7f566c0130f0 shutdown in read dir completed.
[DEBUG] [2025-12-04T21:24:55Z] [00007f567e400640] [tls-handler] - id=0x7f566c0130f0: Scheduling delayed write direction shutdown
[DEBUG] [2025-12-04T21:25:14Z] [00007f567e400640] [tls-handler] - id=0x7f566c0130f0: Delayed shut down in write direction
[DEBUG] [2025-12-04T21:25:14Z] [00007f567e400640] [channel] - id=0x7f566c001f80: handler 0x7f566c0130f0 shutdown in write dir completed.
[DEBUG] [2025-12-04T21:25:14Z] [00007f567e400640] [socket] - id=0x7f566c001af0 fd=11: closing
[DEBUG] [2025-12-04T21:25:14Z] [00007f567e400640] [channel] - id=0x7f566c001f80: handler 0x7f5660006ab0 shutdown in write dir completed.
[DEBUG] [2025-12-04T21:25:14Z] [00007f567e400640] [channel-bootstrap] - id=0x2810a7b0: channel 0x7f566c001f80 shutdown with error 1029.
[ERROR] [2025-12-04T21:25:14Z] [00007f567e400640] [http-connection] - static: Client connection failed with error 1029 (AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE).
[ERROR] [2025-12-04T21:25:14Z] [00007f567e400640] [websocket-setup] - id=0x28183cc0: Websocket setup failed to establish HTTP connection, error 1029 (AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE).
[DEBUG] [2025-12-04T21:25:14Z] [00007f567e400640] [channel] - id=0x7f566c001f80: destroying channel.
Traceback (most recent call last):
File "XXX/test.py", line 27, in <module>
[DEBUG] [2025-12-04T21:25:14Z] [00007f567e400640] [channel-bootstrap] - id=0x2810a7b0: releasing bootstrap reference
connect_future.result()
File "/var/lang/lib/python3.12/concurrent/futures/_base.py", line 456, in result
return self.__get_result()
^^^^^^^^^^^^^^^^^^^
File "/var/lang/lib/python3.12/concurrent/futures/_base.py", line 401, in __get_result
raise self._exception
awscrt.exceptions.AwsCrtError: AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed
[DEBUG] [2025-12-04T21:25:14Z] [00007f5680f41b80] [mqtt-client] - id=0x282c6c50: user called disconnect.
[ERROR] [2025-12-04T21:25:14Z] [00007f5680f41b80] [mqtt-client] - id=0x282c6c50: Connection is not open, and may not be closed
[DEBUG] [2025-12-04T21:25:14Z] [00007f5680f41b80] [mqtt-client] - id=0x282c6c50: Last refcount on connection has been released, start destroying the connection.
[DEBUG] [2025-12-04T21:25:14Z] [00007f5680f41b80] [mqtt-client] - id=0x282c6c50: Destroying connection
[DEBUG] [2025-12-04T21:25:14Z] [00007f5680f41b80] [mqtt-topic-tree] - tree=0x282c6fb0: Cleaning up topic tree
[INFO] [2025-12-04T21:25:14Z] [00007f5680f41b80] [connection-manager] - id=0x283c8070: release
[INFO] [2025-12-04T21:25:14Z] [00007f5680f41b80] [connection-manager] - id=0x283c8070: ref count now zero, starting shut down process
[INFO] [2025-12-04T21:25:14Z] [00007f5680f41b80] [connection-manager] - id=0x283c8070: manager release, failing 0 pending acquisitions
[DEBUG] [2025-12-04T21:25:14Z] [00007f5680f41b80] [connection-manager] - id=0x283c8070: snapshot - state=2, idle_connection_count=0, pending_acquire_count=0, pending_settings_count=0, pending_connect_count=0, vended_connection_count=0, open_connection_count=0, ref_count=0
[INFO] [2025-12-04T21:25:14Z] [00007f5680f41b80] [connection-manager] - id=0x283c8070: Destroying self
[DEBUG] [2025-12-04T21:25:14Z] [00007f5680f41b80] [channel-bootstrap] - id=0x2810a7b0: releasing bootstrap reference
aws-crt-python version used
0.28.1
Python version used
3.12
Operating System and version
aws python lambda