Hello, users!
I'm looking for some help with mosquitto and I hope you can help me :)
The problem is I can not write config to use PSK and auth plugin by @jpmens together.
I've tested them separately and both of them work:
1) I could start PSK and TLS encryption but without auth plugin.
2) I also could start auth plugin with mysql, redis and http as backends but without any encryption.
I tried to use snippet from PSK section from
https://github.com/jpmens/mosquitto-auth-plugtherebut I'm doing something wrong and still have serious problem with mixing PSK and auth together.
Mosquitto is running but it always have error, it looks like that psk-key can not be found or something...
1473891648: New connection from 127.0.0.1 on port 8883.
1473891648: OpenSSL Error: error:1408B0DF:SSL routines:ssl3_get_client_key_exchange:psk identity not found
1473891648: Socket error on client <unknown>, disconnecting.Could you help me to configure mosquitto properly or may be some has a working example of mosquitto.conf with PSK+auth?
Mosquitto 1.4.8-1build1 (installed from ubuntu repo)
auth plugin v0.0.7
-- mosquitto.conf can be like thispid_file /var/run/mosquitto.pid
include_dir /etc/mosquitto/conf.d
persistence true
persistence_location /var/lib/mosquitto/
#
log_dest file /var/log/mosquitto/mosquitto.log
log_dest stderr
log_timestamp true
log_type error
log_type warning
log_type debug
log_type notice
log_type information
log_type all
#
bind_address 127.0.0.1
port 1883
#
allow_anonymous false
auth_plugin /etc/mosquitto/auth-plugin/mysql/auth-plug.so
auth_opt_backends mysql
auth_opt_psk_database mysql
auth_opt_host localhost
auth_opt_port 3306
auth_opt_dbname dbname
auth_opt_user dbuser
auth_opt_pass ******
auth_opt_cacheseconds 300
auth_opt_userquery SELECT ...
auth_opt_aclquery SELECT ...
#
listener 8883
psk_hint easy
use_identity_as_username true
-- auth plugin config.mk# Select your backends from this list
BACKEND_CDB ?= no
BACKEND_MYSQL ?= yes
BACKEND_SQLITE ?= no
BACKEND_REDIS ?= no
BACKEND_POSTGRES ?= no
BACKEND_LDAP ?= no
BACKEND_HTTP ?= no
BACKEND_JWT ?= no
BACKEND_MONGO ?= no
# Specify the path to the Mosquitto sources here
MOSQUITTO_SRC = /root/temp/mosq-1.4.8_source
# Specify the path the OpenSSL here
OPENSSLDIR = /I see that be-psk is included while auth-plugin compilation
but it doesn't take care of content of OPENSSLDIR directive, it can be anything.
I don't know, may be this could be a problem...
$ > make
Selected backends: MySQL -I//include -L//lib -lcrypto
Using mosquitto source dir: /root/temp/mosq-1.4.8_source
OpenSSL install dir: /
If you changed the backend selection, you might need to 'make clean' first
CFLAGS: -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL -I/usr/include/mysql -fabi-version=2 -fno-omit-frame-pointer -I/src -DDEBUG=1 -I//include
LDFLAGS: -L/root/temp/mosq-1.4.8_source/lib/
LDADD: -L/usr/lib/i386-linux-gnu -lmysqlclient -lpthread -lz -lm -lrt -ldl -L//lib -lcrypto -lmosquitto
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o auth-plug.o auth-plug.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o base64.o base64.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o pbkdf2-check.o pbkdf2-check.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o log.o log.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o envs.o envs.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o hash.o hash.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o be-psk.o be-psk.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o backends.o backends.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o cache.o cache.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -c -o be-mysql.o be-mysql.c
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include -L/root/temp/mosq-1.4.8_source/lib/ -fPIC -shared -o auth-plug.so auth-plug.o base64.o pbkdf2-check.o log.o envs.o hash.o be-psk.o backends.o cache.o be-mysql.o `mysql_config --libs` -L//lib -lcrypto -lmosquitto
cc -I/root/temp/mosq-1.4.8_source/src/ -I/root/temp/mosq-1.4.8_source/lib/ -fPIC -Wall -Werror -DBE_MYSQL `mysql_config --cflags` -I/src -DDEBUG=1 -I//include np.c base64.o -o np -L//lib -lcrypto
$ > ldd auth-plug.so
linux-gate.so.1 => (0xb7724000)
libmysqlclient.so.20 => /usr/lib/i386-linux-gnu/libmysqlclient.so.20 (0xb7319000)
libcrypto.so.1.0.2 => /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.2 (0xb713b000)
libmosquitto.so.1 => /usr/lib/i386-linux-gnu/libmosquitto.so.1 (0xb7128000)
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb6f72000)
libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb6f57000)
libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xb6f52000)
libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xb6f35000)
libstdc++.so.6 => /usr/lib/i386-linux-gnu/libstdc++.so.6 (0xb6dbd000)
libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xb6d68000)
libgcc_s.so.1 => /lib/i386-linux-gnu/libgcc_s.so.1 (0xb6d4b000)
librt.so.1 => /lib/i386-linux-gnu/librt.so.1 (0xb6d42000)
libssl.so.1.0.0 => /lib/i386-linux-gnu/libssl.so.1.0.0 (0xb6cd8000)
libcrypto.so.1.0.0 => /lib/i386-linux-gnu/libcrypto.so.1.0.0 (0xb6ad3000)
libcares.so.2 => /usr/lib/i386-linux-gnu/libcares.so.2 (0xb6abf000)
/lib/ld-linux.so.2 (0x8003b000)
--
faithfully, Alexander