[SOLVED] TTN v2 Python library broken?

Since Oct 5th 2021 we have not bene able to capture data from TTN V2 using the Python TTN library. Has something changed?

We run a Python program on a linux server which collects the data from TTN and stores it in our local database.

The connection code is:-

def connectToTTN():
    global ttnClient

    logging.info("Connecting to TTN broker")
    try:
        handler = ttn.HandlerClient(app_id, access_key)
        ttnClient = handler.data()
        ttnClient.set_uplink_callback(ttn_callback)
        ttnClient.connect()
        logging.info("Connected to TTN broker")
    except Exception as e:
        logging.info(f"error connecting to TTN broker {e}")

The exception thrown is

E1008 07:29:34.750000000 13812 src/core/tsi/ssl_transport_security.cc:1439] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.

Note this has been working for the past 2/3 years but stopped working this month with no changes to our code.

The access key we are using is like:-

'ttn-account-v2.otr4..........'  # trailing characters removed

We are going to try to migrate one end-device to V3 to see if that works. Needs doing anyway.

Meanwhile, does anyone know how to fix this? Is it a problem with a local security certificate or the server?

The same error occurs when the code is run on a windows 10 PC.

Thanks for any light that can be shed on this.

This sounds like it’s related to the DST Root CA certificate expiration (Google “DST Root CA” for backgound on that). The Things Network has been using Let’s Encrypt certificates, that used to chain to the DST Root CA, but now that this CA has expired, they use the ISRG Root CA certificate.

Since you say you’re on Windows 10, your operating system should happily accept The Things Network’s new certificates, but if you manually configured CA certificates in your application, you should update those.

Thanks for replying.

No, I said the code is running on a linux server BUT I developed it a couple of years back on Windows and , yesterday, checked it again on Windows to find the problem is the same.

I’ll pass your comments to our security whizzkid and see what he says/can do.

On a Linux machine you probably just need to update the ca-certificates package.

Ok, but why doesn’t it work on a windows PC? You said that my PC should accept the new certificates.

I’ll ask our security person to check into that on Linux.

When I created my v3 integrations toolkit I found that Windows needed to have the TTI certificate included in the code to “just work”. Depending on how any machine is updated will dictate if it updates for the new certificates, but for Windows it just never co-operated in the first place.

You may find the toolkit useful for your impending migration from v2 …

Ok, so the toolkit just uses paho and no ttn library, which I read is no longer being worked on anyway.

I’ll attempt to use the toolkit as a template tomorrow (thanks for that) - I’m a bit too tired to do coding tonite.

I have changed my code to use MQTT to connect to TTN instead of the ttn python library, as per the toolkit example. It connects just fine on my Windows PC. I’ll run it for a while before moving it to Linux. Thanks for the info.

It’s working just fine, using MQTT, on my RPi too. Thanks again

@descartes Can you please rename the thread and add [Solved] ?