Hello!
I am trying to set up a mosquitto mqtt broker which communicates
with a Paho client. The Paho client is cross-compiled from the
C-library (Async-C-Library V. 1.0.3) for an ARMv7 machine which runs
a debian linux and the mosquitto broker (V. 1.4.2) is from the PPA.
So I hope they are both up to date.
The unencrypted communication works fine, but I have problems to use
SSL. I created a self-signed certificate on the server with OpenSSL
and using the mosquitto sub/pub functions on my local machine worked
just fine. Unfortunately the Paho Client doesn't work. Here are some
lines from my source code:
MQTTAsync_connectOptions conn_opts =
MQTTAsync_connectOptions_initializer;
MQTTAsync_SSLOptions ssl_opts = MQTTAsync_SSLOptions_initializer;
char uri[] = "ssl://10.10.10.10:8883";
char** connections = &uri; // I'm
actually not sure if this is correct..
ssl_opts.enableServerCertAuth = FALSE; // Just for testing?!
ssl_opts.trustStore = "/etc/paho/mqtt_srv.pem";
ssl_opts.enabledCipherSuites = "TLSv1.2";
conn_opts.ssl = &ssl_opts;
conn_opts.serverURIs = connections;
conn_opts.serverURIcount = 1;
MQTTAsync_create(&client, "ssl://10.10.10.10:8883", CLIENTID,
MQTTCLIENT_PERSISTENCE_NONE, NULL);
if ((rc = MQTTAsync_connect(client, &conn_opts)) !=
MQTTASYNC_SUCCESS)
{
printf("Failed to start connect, return code %d\n", rc);
}
When I start my program there are no log entries on the server, but
I get the following log messages on the client (previously set
export MQTT_C_CLIENT_TRACE=ON and export
MQTT_C_CLIENT_TRACE_LEVEL=PROTOCOL):
20150616 130748.006 getaddrinfo failed for addr ssl://10.10.10.10
with rc -2
20150616 130748.006 ssl://10.10.10.10 is not a valid IP address
and my program enters the connection-failure callback function.
By the way, I also tried to connect to test.mosquitto.org on port
8883 (of course with the provided certificate), which also does not
work on my Paho client, but with the mosquitto_pub/sub methods.
I would be very grateful for a working example code or a little
hint.
Best regards,
Andreas
PS: I dont know if this might be interesting for you, but here are
the commands for the OpenSSL certificate generation:
openssl req -new -x509 -days 3650 -keyout mqtt_ca.key -out
mqtt_ca.crt
openssl genrsa -des3 -out mqtt_srv.key 1024
openssl req -out mqtt_srv.csr -key mqtt_srv.key -new
openssl x509 -req -in mqtt_srv.csr -CA mqtt_ca.crt -CAkey
mqtt_ca.key -CAcreateserial -out mqtt_srv.crt -days 3650
and the settings I changed in the mosquitto.conf:
port 8883
cafile ../sslcerts/certs/new/mqtt_ca.crt
certfile ../sslcerts/certs/new/mqtt_srv.crt
keyfile ../sslcerts/certs/new/mqtt_srv.key
--
AUTARCON GmbH
Franz-Ulrich-Straße 18 f
34117 Kassel
Germany
Amtsgericht Kassel,HRB 15086
Geschäftsführung: Florian Benz, Alexander Goldmaier
|