[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [paho-dev] How to use Android Paho java client to create SSL/TLS connection to mosquitto
|
Romu,
I'm not sure about the details of connecting with mutual auth and TLS,
but looking at the android service tests (AndroidServiceTest.java) there
are a couple of tests there that test connecting via SSL, it seems they
are only for server cert authentication but it would probably be good to
see if you can get that going first then try to extend it with mutual
auth, hopefully the test material can be helpful.
Al
On 29/09/14 11:22, Romu Hu wrote:
Hi,
I have been using
org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
to test SSL/TLS connection to mosquitto. The connection always fail,
the log on the mosquitto broker side is:
1411985829: New connection from xx.xx.xx.xx on port 8883.
1411985829: OpenSSL Error: error:1408A10B:SSL
routines:SSL3_GET_CLIENT_HELLO:wrong version number
But I could use the following mosquitto_sub command line to successfully
connect to the mosquitto broker (8883):
# mosquitto_sub -c -d -h xxx.xxx.xxx.xxx -p 8883 --cafile ca.crt -i
myclientid -q 1 -t mytopic -v
Below is the listener config of my mosquitto broker:
# Default listener
bind_address xxx.xxx.xxx.xxx
port 8883
max_connections -1
cafile /etc/mosquitto/ca.crt
certfile /etc/mosquitto/server.crt
keyfile /etc/mosquitto/server.key
tls_version tlsv1.2
Below is my modification to ClientConnections.java:
diff --git
a/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
b/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
index c3133c5..a6af9a6 100644
---
a/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
+++
b/org.eclipse.paho.android.service/org.eclipse.paho.android.service.sample/src/org/eclipse/paho/android/service/sample/ClientConnections.java
@@ -238,6 +238,20 @@ public class ClientConnections extends ListActivity {
Log.e("SSLConnection", "Doing an SSL Connect");
uri = "ssl://";
+ try {
+ SSLContext context;
+ KeyStore ts = KeyStore.getInstance("bks");
+ ts.load(getResources().openRawResource(R.raw.ca),
"123456".toCharArray());
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
+ tmf.init(ts);
+ TrustManager[] tm = tmf.getTrustManagers();
+ context = SSLContext.getInstance("TLSv1.2");
+ context.init(null, tm, null);
+ SocketFactory factory = context.getSocketFactory();
+ conOpt.setSocketFactory(factory);
+ } catch (Exception e) {
+ // TODO: handle exception
+ }
}
else {
uri = "tcp://";
I used the following command to convert ca.crt (generated by openssl) to
ca.bks:
keytool -importcert -keystore C:\Users\shengli\Desktop\ca.bks -file
C:\Users\shengli\Desktop\ca.crt -storetype BKS -provider
org.bouncycastle.jce.provider.BouncyCastleProvider
Passphrase of the bks is set to 123456.
Any idea?
Thanks
Romu
On 2014/9/25 17:41, Romu Hu wrote:
Hi,
I've been trying to use Android Paho java client to create SSL/TLS
connection to mosquitto. My mosquitto broker has two TLS listeners,
one requires client certificate, the other one does not.
How to connect to the listener that requires client certificate? How
to connect to the one that does not? The ca certificate, client
certificate and client key are stored in the Android device. Any
third-party java libraries needed? Any code examples?
Thanks
Romu
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
