Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] Paho C client with TLS/SSL on mosquitto broker

Hi Andreas,

there are some async SSL tests in test/test5.c, that may be a good place to start with some examples.

You don't need to set the serverURIs connect option at all, if you are only connecting to one server/IP address.  serverURIs is just for when you have a backup broker/server as well as a primary.

Ian


On 06/16/2015 02:43 PM, Andreas Sturm wrote:
Hello!

I am trying to set up a mosquitto mqtt broker which communicates with a Paho client. The Paho client is cross-compiled from the C-library (Async-C-Library V. 1.0.3) for an ARMv7 machine which runs a debian linux and the mosquitto broker (V. 1.4.2) is from the PPA. So I hope they are both up to date.
The unencrypted communication works fine, but I have problems to use SSL. I created a self-signed certificate on the server with OpenSSL and using the mosquitto sub/pub functions on my local machine worked just fine. Unfortunately the Paho Client doesn't work. Here are some lines from my source code:


MQTTAsync_connectOptions conn_opts = MQTTAsync_connectOptions_initializer;
MQTTAsync_SSLOptions ssl_opts = MQTTAsync_SSLOptions_initializer;

char uri[] = "ssl://10.10.10.10:8883";
char** connections = &uri;                        // I'm actually not sure if this is correct..

ssl_opts.enableServerCertAuth = FALSE;        // Just for testing?!
ssl_opts.trustStore = "/etc/paho/mqtt_srv.pem";
ssl_opts.enabledCipherSuites = "TLSv1.2";

conn_opts.ssl = &ssl_opts;
conn_opts.serverURIs = connections;
conn_opts.serverURIcount = 1;

MQTTAsync_create(&client, "ssl://10.10.10.10:8883", CLIENTID, MQTTCLIENT_PERSISTENCE_NONE, NULL);

if ((rc = MQTTAsync_connect(client, &conn_opts)) != MQTTASYNC_SUCCESS)
{
    printf("Failed to start connect, return code %d\n", rc);
}


When I start my program there are no log entries on the server, but I get the following log messages on the client (previously set export MQTT_C_CLIENT_TRACE=ON and export MQTT_C_CLIENT_TRACE_LEVEL=PROTOCOL):
20150616 130748.006 getaddrinfo failed for addr ssl://10.10.10.10 with rc -2
20150616 130748.006 ssl://10.10.10.10 is not a valid IP address
and my program enters the connection-failure callback function.

By the way, I also tried to connect to test.mosquitto.org on port 8883 (of course with the provided certificate), which also does not work on my Paho client, but with the mosquitto_pub/sub methods.

I would be very grateful for a working example code or a little hint.

Best regards,
Andreas

PS: I dont know if this might be interesting for you, but here are the commands for the OpenSSL certificate generation:
openssl req -new -x509 -days 3650 -keyout mqtt_ca.key -out mqtt_ca.crt
openssl genrsa -des3 -out mqtt_srv.key 1024
openssl req -out mqtt_srv.csr -key mqtt_srv.key -new
openssl x509 -req -in mqtt_srv.csr -CA mqtt_ca.crt -CAkey mqtt_ca.key -CAcreateserial -out mqtt_srv.crt -days 3650

and the settings I changed in the mosquitto.conf:
port 8883
cafile ../sslcerts/certs/new/mqtt_ca.crt
certfile ../sslcerts/certs/new/mqtt_srv.crt
keyfile ../sslcerts/certs/new/mqtt_srv.key



--
AUTARCON GmbH
Franz-Ulrich-Straße 18 f
34117 Kassel
Germany
Telefon: +49 (0)561 - 506 186 890
FAX:     +49 (0)561 - 506 186 899
E-Mail:  sturm@xxxxxxxxxxxx
Web:     http://www.autarcon.com
Ausgewählter Ort Land der Ideen 2011

Amtsgericht Kassel,HRB 15086
Geschäftsführung: Florian Benz, Alexander Goldmaier


_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev

-- 
Ian Craggs                          
icraggs@xxxxxxxxxx                 IBM United Kingdom
Paho Project Lead; Committer on Mosquitto


Back to the top