[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [paho-dev] How to use Android Paho java client to create SSL/TLS connection to mosquitto
|
Hi,
I have been using
org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
to test SSL/TLS connection to mosquitto. The connection always fail,
the log on the mosquitto broker side is:
1411985829: New connection from xx.xx.xx.xx on port 8883.
1411985829: OpenSSL Error: error:1408A10B:SSL
routines:SSL3_GET_CLIENT_HELLO:wrong version number
But I could use the following mosquitto_sub command line to successfully
connect to the mosquitto broker (8883):
# mosquitto_sub -c -d -h xxx.xxx.xxx.xxx -p 8883 --cafile ca.crt -i
myclientid -q 1 -t mytopic -v
Below is the listener config of my mosquitto broker:
# Default listener
bind_address xxx.xxx.xxx.xxx
port 8883
max_connections -1
cafile /etc/mosquitto/ca.crt
certfile /etc/mosquitto/server.crt
keyfile /etc/mosquitto/server.key
tls_version tlsv1.2
Below is my modification to ClientConnections.java:
diff --git
a/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
b/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
index c3133c5..a6af9a6 100644
---
a/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
+++
b/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
@@ -238,6 +238,20 @@ public class ClientConnections extends ListActivity {
Log.e("SSLConnection", "Doing an SSL Connect");
uri = "ssl://";
+ try {
+ SSLContext context;
+ KeyStore ts = KeyStore.getInstance("bks");
+ ts.load(getResources().openRawResource(R.raw.ca),
"123456".toCharArray());
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
+ tmf.init(ts);
+ TrustManager[] tm = tmf.getTrustManagers();
+ context = SSLContext.getInstance("TLSv1.2");
+ context.init(null, tm, null);
+ SocketFactory factory = context.getSocketFactory();
+ conOpt.setSocketFactory(factory);
+ } catch (Exception e) {
+ // TODO: handle exception
+ }
}
else {
uri = "tcp://";
I used the following command to convert ca.crt (generated by openssl) to
ca.bks:
keytool -importcert -keystore C:\Users\shengli\Desktop\ca.bks -file
C:\Users\shengli\Desktop\ca.crt -storetype BKS -provider
org.bouncycastle.jce.provider.BouncyCastleProvider
Passphrase of the bks is set to 123456.
Any idea?
Thanks
Romu
On 2014/9/25 17:41, Romu Hu wrote:
Hi,
I've been trying to use Android Paho java client to create SSL/TLS
connection to mosquitto. My mosquitto broker has two TLS listeners,
one requires client certificate, the other one does not.
How to connect to the listener that requires client certificate? How
to connect to the one that does not? The ca certificate, client
certificate and client key are stored in the Android device. Any
third-party java libraries needed? Any code examples?
Thanks
Romu
