Forcing TLS insecure mode with the AWS IoT device SDK for Python for development

Originally posted on 2020-11-05

NOTE: This is only for development! DO NOT DO THIS IN PRODUCTION!

Have you ever had to work with self-signed certificates or certificates for a system without a DNS name? If a certificate's X509v3 Subject Alternative Name field isn't populated with the IP addresses of the system you're connecting to and/or you don't have the signing CA's certificate set up on your system you'll run into problems.

If you're using the AWS IoT device SDK for Python there is a workaround though. The code block below includes the basic setup and the final line of the code turns off hostname and CA verification.

#!/usr/bin/env python3

from AWSIoTPythonSDK.MQTTLib import AWSIoTMQTTClient

mqttc = AWSIoTMQTTClient("thing")
mqttc.configureEndpoint("IP_ADDRESS", 8883)
mqttc.configureCredentials(
    "./rootca.pem",
    "./thing.key",
    "./thing.crt"
)

mqttc._mqtt_core._internal_async_client._paho_client._tls_insecure = True