Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)

Hi,


Yes it's weird...


root@srv-lora:~# ps -ef|grep mosquitto
mosquit+ 21919     1  0 11:50 ?        00:00:06 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
root     28376 28354  0 17:17 pts/0    00:00:00 grep --color=auto mosquitto


root@srv-lora:~# netstat -an|grep 8883
tcp        0      0 0.0.0.0:8883            0.0.0.0:*               LISTEN
tcp        0      0 MYIP_SERVER:8883       IP-GW:57098     ESTABLISHED
tcp        0      0 MYIP_SERVER:8883       MYIP_SERVER:60172      ESTABLISHED
tcp        0      0 MYIP_SERVER:60172      MYIP_SERVER:8883       ESTABLISHED
tcp6       0      0 :::8883                 :::*                    LISTEN


No problem detected ... the connection seem to work ... but with the error TLS, no traffic received by MQTT (mosquitto_sub)...

Regards,
Cédric


Le 24/04/2018 à 16:47, 백영곤 a écrit :

Okey, That is very weird situation.

 

Can i ask two basic question?

 

Did you check the broker running by ps command?

ps -ef|grep mosquitto

 

Did you confirm the broker waiting on 8883 by netstat command?

netstat -an|grep 8883

 

 

-----Original Message-----
From: "Cedric VIVES"<cvives@xxxxxxxxxxxxxxxx>
To: "General development discussions for the mosquitto project"<mosquitto-dev@xxxxxxxxxxx>; "백영곤"<tommybee@xxxxxxxxx>;
Cc:
Sent: 2018-04-24 (화) 15:54:12
Subject: Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)
 

Hi,


Yes, without secure connection, the connection works between Client and MQTT Broker on the LoRa-Server.

I already have tested with an other certificate "auto-generated" but it's the same problem, when I try to decrypt message with mosquitto_sub, still the same error :


/etc/mosquitto/conf.d/local.conf :

allow_anonymous true
#listener 1883 localhost

listener 8883
protocol mqtt

# Certificat Auto-genere pour tests
certfile /etc/mosquitto/certs/FQDN_SERVER.crt
cafile /etc/mosquitto/certs/ca.crt
keyfile /etc/mosquitto/certs/
FQDN_SERVER.key

require_certificate false


root@srv-lora:~# mosquitto_sub -h FQDN_SERVER -p 8883 -t "#"  --cafile /etc/mosquitto/certs/ca.crt
Unable to connect (A TLS error occurred.).

Thanks.


Regards,
Cédric


Le 24/04/2018 à 02:22, 백영곤 a écrit :

Hi,

 

Was it okey for testing between LoRa Server with client and Mosquitto broker with client without secure connection?

client <--> LoRa

client <--> Mosquitto

client <--> LoRa <--> Mosquitto

 

I have seen the message when the certification was not matching  between client and server.

 

I made my own cert and test the cases as i described with open ssl.

 

https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh 

 

 

 

-----Original Message-----
From: "Cedric VIVES"<cvives@xxxxxxxxxxxxxxxx>
To: "General development discussions for the mosquitto project"<mosquitto-dev@xxxxxxxxxxx>; "Stefan May"<stefan.may@xxxxxxx>;
Cc:
Sent: 2018-04-23 (월) 21:47:56
Subject: Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)
 

Hi,

My client mail add the slash for the italic...my corrections beside :

Le 23/04/2018 à 14:27, Stefan May a écrit :
>
> On 04/20/2018 10:37 AM, Cedric VIVES wrote:
>> Hi,
>>
>> I have installed a LoRa Server with the following services :
>> - MQTT Broker (*1.4.15*-0mosquitto1~xenial1)
>> - LoRa-Server
>> - LoRa-App-Server
>>
>> On the other side, A raspberry Pi (with raspbian) send data with the
>> LoRa-Gateway-Bridge.
>>
>> When the connection is unencrypted (tcp://@server on the
>> LoRa-Gateway-Bridge.toml), it works !
>>
>> However, in ssl :
>>
>> The client is connected :
>>
>> /1524211792: New connection from xxx.xxx.xxx.xxx on port 8883.//
>> //1524211792: New client connected from xxx.xxx.xxx.xxx as
>> 96240ae6-28cb-446c-8dd2-0d2d9f045487 (c1, k30)./
>>
>> But it the server doesn't receive anything because :
>>
>> /mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#"  --cafile
>> /etc/lora-app-server/certs/CAcert.crt/
>
> Did you recognize the slash (/) after the certificate?

The command used is :
mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#"  --cafile
/etc/lora-app-server/certs/DigiCertCA.crt

=> Unable to connect (A TLS error occurred.)
>
>>
>> /*=> Unable to connect (A TLS error occurred.)*/
>>
>> The mosquitto logs shows :
>>
>> /*1524212646: OpenSSL Error: error:14094418:SSL
>> routines:ssl3_read_bytes:tlsv1 alert unknown ca*//*
>> *//*1524212646: OpenSSL Error: error:140940E5:SSL
>> routines:ssl3_read_bytes:ssl handshake failure*/
>>
>> For information, it is an official certificate with CN = name of the
>> FQDN of the server.
>> When i check it by openssl :
>>
>> /openssl s_client -connect //FQDN_OF_MY_SERVER//:8883 -CAfile
>> /etc/lora-gateway-bridge/certs/CECert.crt/
>
> Same here and here it is called CECert.crt with an E?
I made a mistake in the mail but no in my config, it is :
openssl s_client -connect FQDN_OF_MY_SERVER:8883 -CAfile
/etc/lora-gateway-bridge/certs/DigiCertCA.crt
>
>>
>> */=> Verify return code: 0 (ok)/*
>>
>> I have seen in the archive that the same problem occured with older
>> versions but not resolved...have you any advices to fix this issue ?
>>
>> Thanks.
>>
>> Regards,
>> Cédric
>>
>> --
>> Cédric VIVES
>> Pôle Infrastructures Informatiques et Télécommunication
>> Centre de Services Numériques
>> Tél. : +33 (0)5 61 55 93 72
>> cedric.vives@xxxxxxxxxxxxxxxx
>> INSA Toulouse
>> 135 avenue de Rangueil
>> 31077 Toulouse CEDEX 04
>> France
>> www.insa-toulouse.fr
>>
>>
>>
>> _______________________________________________
>> mosquitto-dev mailing list
>> mosquitto-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or
>> unsubscribe from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>
>

--
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse
135 avenue de Rangueil
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

-- 
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication 
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse 
135 avenue de Rangueil 
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr

-- 
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication 
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse 
135 avenue de Rangueil 
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr

Back to the top