[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[mosquitto-dev] cannot get Android mosquitto client to connect with TLS
|
Hello,
My apologies if you consider this too long, but I've tried to anticipate questions people might have and provided the details.
I've built Mosquitto 1.4.11 for Ubuntu 16.04 and have also built it for Android N. The broker works on both systems and I can communicate between the 2 systems. The one problem I'm having is when trying to use TLS. Everything works except a client on Android, regardless of whether I run the broker on the Android device or on the Ubuntu box.
For my testing, I'm starting with the "simple" case of not requiring client certs - just the broker has a cert. I use the same certificates for the broker when I run it on the Android device or the Ubuntu box. When running the broker on Android, clients on the Ubuntu box can successfully negotiate a TLS connection and publish/subscribe. In no case am I able to get an Android client to successfully negotiate (I'm simply using the pub/sub examples that come in the Mosquitto package for my tests); this is true regardless of whether the broker is on the Android device or the Ubuntu box. All attempts to connect the Android client to the broker result in certificate error:
Here's the attempt to run the client on the Android device:
# sub_client -p 8883 -t test --cafile /etc/mosquitto/certs/ca.crt -h 192.168.1.5
Error: A TLS error occurred.
Here's the output from the broker when it's running on that same Android device:
1321019832: New connection from 192.168.1.5 on port 8883.
1321019832: OpenSSL Error: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE
1321019832: OpenSSL Error: error:100000d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE
1321019832: Socket error on client <unknown>, disconnecting.
As I indicated, when the client is run on Ubuntu it is able to connect. Its command line is:
$ mosquitto_sub -p 8883 -t test --cafile ./tls/ca.crt -h 192.168.1.5
If I instead run the broker on the Ubuntu box (IP 192.168.1.2) and try to run the client on Android, I get a similar error:
# sub_client -p 8883 -t test --cafile /etc/mosquitto/certs/ca.crt -h 192.168.1.2
Error: A TLS error occurred.
The bróker on Ubuntu reports a similar-looking (but worded slightly differently) error:
1321020478: New connection from 192.168.1.2 on port 8883.
1321020537: OpenSSL Error: error:100000d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE
1321020537: Socket error on client <unknown>, disconnecting.
1321020539: New connection from 192.168.1.2 on port 8883.
The "simple" answer is that there's a problem with the "ca.crt" file on the Android device. The problem with that answer is that the file is identical to the file that works on the Ubuntu box.
I've run out of ideas on what to try.
-------------
Best regards,
Kirk Bailey
**************************************************************************************** Note: If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ****************************************************************************************
