[mosquitto-dev] issue with PSK and auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[mosquitto-dev] issue with PSK and auth

From: Alexander Grechishkin <alex.grechishkin@xxxxxxxxx>
Date: Thu, 22 Sep 2016 01:58:32 +0300
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Hello, users!
I'm looking for some help with mosquitto and I hope you can help me :)

The problem is I can not write config to use PSK and auth plugin by @jpmens together.

I've tested them separately and both of them work:
1) I could start PSK and TLS encryption but without auth plugin.
2) I also could start auth plugin with mysql, redis and http as backends but without any encryption.

I tried to use snippet from PSK section from https://github.com/jpmens/mosquitto-auth-plugthere
but I'm doing something wrong and still have serious problem with mixing PSK and auth together.
Mosquitto is running but it always have error, it looks like that psk-key can not be found or something...
1473891648: New connection from 127.0.0.1 on port 8883.
1473891648: OpenSSL Error: error:1408B0DF:SSL routines:ssl3_get_client_key_exchange:psk identity not found
1473891648: Socket error on client <unknown>, disconnecting.

Could you help me to configure mosquitto properly or may be some has a working example of mosquitto.conf with PSK+auth?

Mosquitto 1.4.8-1build1 (installed from ubuntu repo)
auth plugin v0.0.7

-- mosquitto.conf can be like this
pid_file /var/run/mosquitto.pid
include_dir /etc/mosquitto/conf.d
persistence true
persistence_location /var/lib/mosquitto/
#
log_dest file /var/log/mosquitto/mosquitto.log
log_dest stderr
log_timestamp true
log_type error
log_type warning
log_type debug
log_type notice
log_type information
log_type all
#
bind_address 127.0.0.1
port 1883
#
allow_anonymous false
auth_plugin /etc/mosquitto/auth-plugin/mysql/auth-plug.so
auth_opt_backends mysql
auth_opt_psk_database mysql
auth_opt_host localhost
auth_opt_port 3306
auth_opt_dbname dbname
auth_opt_user dbuser
auth_opt_pass ******
auth_opt_cacheseconds 300
auth_opt_userquery SELECT ...
auth_opt_aclquery SELECT ...
#
listener 8883
psk_hint easy
use_identity_as_username true

-- auth plugin config.mk
# Select your backends from this list
BACKEND_CDB ?= no
BACKEND_MYSQL ?= yes
BACKEND_SQLITE ?= no
BACKEND_REDIS ?= no
BACKEND_POSTGRES ?= no
BACKEND_LDAP ?= no
BACKEND_HTTP ?= no
BACKEND_JWT ?= no
BACKEND_MONGO ?= no
# Specify the path to the Mosquitto sources here
MOSQUITTO_SRC = /root/temp/mosq-1.4.8_source
# Specify the path the OpenSSL here
OPENSSLDIR = /

I see that be-psk is included while auth-plugin compilation
but it doesn't take care of content of OPENSSLDIR directive, it can be anything.

I don't know, may be this could be a problem...

$ > make
Selected backends:          MySQL -I//include -L//lib -lcrypto
Using mosquitto source dir: /root/temp/mosq-1.4.8_source
OpenSSL install dir:        /

If you changed the backend selection, you might need to 'make clean' first

CFLAGS: -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL -I/usr/include/mysql -fabi-version=2 -fno-omit-frame-pointer -I/src -DDEBUG=1 -I//include
LDFLAGS: -L/root/temp/mosq-1.4.8_source/lib/
LDADD:    -L/usr/lib/i386-linux-gnu -lmysqlclient -lpthread -lz -lm -lrt -ldl -L//lib -lcrypto -lmosquitto

cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o auth-plug.o auth-plug.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o base64.o base64.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o pbkdf2-check.o pbkdf2-check.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o log.o log.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o envs.o envs.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o hash.o hash.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o be-psk.o be-psk.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o backends.o backends.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o cache.o cache.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include   -c -o be-mysql.o be-mysql.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -L/root/temp/mosq-1.4.8_source/lib/ -fPIC -shared -o auth-plug.so auth-plug.o base64.o pbkdf2-check.o log.o envs.o hash.o be-psk.o backends.o cache.o be-mysql.o   `mysql_config --libs` -L//lib -lcrypto -lmosquitto
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include np.c base64.o -o np -L//lib -lcrypto

$ > ldd auth-plug.so
        linux-gate.so.1 => (0xb7724000)
        libmysqlclient.so.20 => /usr/lib/i386-linux-gnu/libmysqlclient.so.20 (0xb7319000)
        libcrypto.so.1.0.2 => /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.2 (0xb713b000)
        libmosquitto.so.1 => /usr/lib/i386-linux-gnu/libmosquitto.so.1 (0xb7128000)
        libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb6f72000)
        libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb6f57000)
        libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xb6f52000)
        libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xb6f35000)
        libstdc++.so.6 => /usr/lib/i386-linux-gnu/libstdc++.so.6 (0xb6dbd000)
        libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xb6d68000)
        libgcc_s.so.1 => /lib/i386-linux-gnu/libgcc_s.so.1 (0xb6d4b000)
        librt.so.1 => /lib/i386-linux-gnu/librt.so.1 (0xb6d42000)
        libssl.so.1.0.0 => /lib/i386-linux-gnu/libssl.so.1.0.0 (0xb6cd8000)
        libcrypto.so.1.0.0 => /lib/i386-linux-gnu/libcrypto.so.1.0.0 (0xb6ad3000)
        libcares.so.2 => /usr/lib/i386-linux-gnu/libcares.so.2 (0xb6abf000)
        /lib/ld-linux.so.2 (0x8003b000)

--

faithfully, Alexander

Prev by Date: Re: [mosquitto-dev] Start a SLACK Channel.
Next by Date: Re: [mosquitto-dev] Configuration per listener or not?
Previous by thread: [mosquitto-dev] Multiple MQTT Connect messages over same TCP/IP transport connection
Next by thread: [mosquitto-dev] Retained message not delivered when reconnecting with persistent session
Index(es):
- Date
- Thread

Breadcrumbs