Hi Andreas,
I had a similar setup and also similar issues. So here is my working code. - What is really needed and what not I am not sure of.
Chris
MQTTAsync client;
MQTTAsync_connectOptions conn_opts = MQTTAsync_connectOptions_initializer;
MQTTAsync_disconnectOptions disc_opts = MQTTAsync_disconnectOptions_initializer;
MQTTAsync_message pubmsg = MQTTAsync_message_initializer;
MQTTAsync_token token;
MQTTAsync_SSLOptions sslopts = MQTTClient_SSLOptions_initializer;
MQTTAsync_create(&client, ADDRESS, CLIENT_ID, MQTTCLIENT_PERSISTENCE_NONE, NULL);
MQTTAsync_setCallbacks(client, NULL, connlost, msgarrvd, NULL);
conn_opts.keepAliveInterval = 20;
conn_opts.cleansession = 1;
conn_opts._onSuccess_ = onConnect;
conn_opts._onFailure_ = onConnectFailure;
conn_opts.context = client;
conn_opts.username = "username";
conn_opts.password = "users_pwd";
//read the names for the certificate pem-file (keyStore) and the private key into the variables
...
sslopts.trustStore="mqtt-ca.pem";
sslopts.keyStore=keyStore;
sslopts.privateKey=privateKey;
//This can be changed when there is a Certificate for the broker that can be validated
sslopts.enableServerCertAuth = 0;
//In case of connection problem with the broker that can be activated according to the TLS Version chosen at the broker
//Note: TLSv1 is in this setup the only usable combination for the combined usage of Python and C (other TLS Versions require newer Python)
// sslopts.enabledCipherSuites="TLSv1";
conn_opts.ssl = &sslopts;
if ((rc = MQTTAsync_connect(client, &conn_opts)) != MQTTASYNC_SUCCESS)
{
printf("Failed to start connect, return code %d\n", rc);
exit(-1);
}
Date: Wed, 17 Jun 2015 15:12:36 +0100
From: icraggs@xxxxxxxxxxxxxxxxxxxxxxx
To: paho-dev@xxxxxxxxxxx
Subject: Re: [paho-dev] Paho C client with TLS/SSL on mosquitto broker
Hi Andreas,
there are some async SSL tests in test/test5.c, that may be a good
place to start with some examples.
You don't need to set the serverURIs connect option at all, if you
are only connecting to one server/IP address. serverURIs is just
for when you have a backup broker/server as well as a primary.
Ian
On 06/16/2015 02:43 PM, Andreas Sturm
wrote:
Hello!
I am trying to set up a mosquitto mqtt broker which communicates
with a Paho client. The Paho client is cross-compiled from the
C-library (Async-C-Library V. 1.0.3) for an ARMv7 machine which
runs a debian linux and the mosquitto broker (V. 1.4.2) is from
the PPA. So I hope they are both up to date.
The unencrypted communication works fine, but I have problems to
use SSL. I created a self-signed certificate on the server with
OpenSSL and using the mosquitto sub/pub functions on my local
machine worked just fine. Unfortunately the Paho Client doesn't
work. Here are some lines from my source code:
MQTTAsync_connectOptions conn_opts =
MQTTAsync_connectOptions_initializer;
MQTTAsync_SSLOptions ssl_opts = MQTTAsync_SSLOptions_initializer;
char uri[] = "ssl://10.10.10.10:8883";
char** connections = &uri; // I'm
actually not sure if this is correct..
ssl_opts.enableServerCertAuth = FALSE; // Just for
testing?!
ssl_opts.trustStore = "/etc/paho/mqtt_srv.pem";
ssl_opts.enabledCipherSuites = "TLSv1.2";
conn_opts.ssl = &ssl_opts;
conn_opts.serverURIs = connections;
conn_opts.serverURIcount = 1;
MQTTAsync_create(&client, "ssl://10.10.10.10:8883", CLIENTID,
MQTTCLIENT_PERSISTENCE_NONE, NULL);
if ((rc = MQTTAsync_connect(client, &conn_opts)) !=
MQTTASYNC_SUCCESS)
{
printf("Failed to start connect, return code %d\n", rc);
}
When I start my program there are no log entries on the server,
but I get the following log messages on the client (previously set
export MQTT_C_CLIENT_TRACE=ON and export
MQTT_C_CLIENT_TRACE_LEVEL=PROTOCOL):
20150616 130748.006 getaddrinfo failed for addr ssl://10.10.10.10
with rc -2
20150616 130748.006 ssl://10.10.10.10 is not a valid IP address
and my program enters the connection-failure callback function.
By the way, I also tried to connect to test.mosquitto.org on port
8883 (of course with the provided certificate), which also does
not work on my Paho client, but with the mosquitto_pub/sub
methods.
I would be very grateful for a working example code or a little
hint.
Best regards,
Andreas
PS: I dont know if this might be interesting for you, but here are
the commands for the OpenSSL certificate generation:
openssl req -new -x509 -days 3650 -keyout mqtt_ca.key -out
mqtt_ca.crt
openssl genrsa -des3 -out mqtt_srv.key 1024
openssl req -out mqtt_srv.csr -key mqtt_srv.key -new
openssl x509 -req -in mqtt_srv.csr -CA mqtt_ca.crt -CAkey
mqtt_ca.key -CAcreateserial -out mqtt_srv.crt -days 3650
and the settings I changed in the mosquitto.conf:
port 8883
cafile ../sslcerts/certs/new/mqtt_ca.crt
certfile ../sslcerts/certs/new/mqtt_srv.crt
keyfile ../sslcerts/certs/new/mqtt_srv.key
--
AUTARCON GmbH
Franz-Ulrich-Straße 18 f
34117 Kassel
Germany
Amtsgericht Kassel,HRB 15086
Geschäftsführung: Florian Benz, Alexander Goldmaier
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
--
Ian Craggs
icraggs@xxxxxxxxxx IBM United Kingdom
Paho Project Lead; Committer on Mosquitto
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev