Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"

From: Roger Light <roger@xxxxxxxxxx>
Date: Tue, 16 Sep 2014 11:54:37 +0100
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Hi Chris,

> mosquitto_sub --cafile /home/myuser/CA/all-ca.crt --key
> /home/myuser/CA/client.key --cert /home/myuser/CA/client.crt  -h 10.0.134.44
> -p 8883 -t 'tbbtb' --tls-version tlsv1.2  -d
> Unable to connect (8).
>
>
> Broker side:
>
> 1410848100: New connection from 10.0.1.44 on port 8883.
> 1410848100: OpenSSL Error: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3
> alert certificate unknown
> 1410848100: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl
> handshake failure
> 1410848100: Socket error on client (null), disconnecting.

It looks like the client certificate you are providing isn't
recognised as valid by the broker. Are you sure you have all of the CA
certificates set correctly on the broker as well? You've set
"require_certificate false" but are still sending a client certificate
- is this what you intend?

I presume you're just using it for testing, but if not I should point
out that the files generated by test/ssl/gen.sh are only intended for
the post-compilation tests. They are weak key length and certainly
don't match your details :)

Cheers,

Roger

Follow-Ups:
- Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: leduke4223

References:
- [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: leduke4223
- Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: Roger Light
- Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
  - From: leduke4223

Prev by Date: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
Next by Date: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
Previous by thread: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
Next by thread: Re: [mosquitto-dev] Unable to get SSL working: "routines:SSL3_GET_RECORD:wrong version number"
Index(es):
- Date
- Thread

Breadcrumbs