| Re: [mosquitto-dev] MQTT connection using opens s_client |
Hi Praveen. On 2018-03-31 00:43, Praveen Badsheshi wrote: > This question seems to be a silly question, but I would like to know if A bit silly yes, but also technically interesting. > it is possible to connect to MQTT broker using openssl s_client ? > Idea is, I do not want to connect using mosquitto_connect. So I am > looking for any other option to establish the MQTT connection. You don't disclose the intention behind doing this. This makes it a bit hard to advise properly. What do you want to achieve by not being dependent on libmosquitto's mosquitto_connect()? Are you testing broker connectivity and intend just to make a TCP connection to reach the broker, or do you actually need to create a MQTT session on the broker and maybe even use it afterwards? The first is easily achived by using plain telnet, netcat or openssl s_client without sending any data. Depending on the broker's logging capabilities and level you'll probably see a log error message saying that a client attempted to connect but didn't adhere to the MQTT protocol. Using netcat: $ nc -z localhost 1883 The Mosquitto broker on localhost 1883 configured with "log_type debug" will emit in its "log_dest file" log: 1522681207: New connection from 127.0.0.1 on port 1883. 1522681207: Socket error on client <unknown>, disconnecting. Taking it a bit further as MQTT is a binary protocol you'll need some fiddling to actually talk to the broker on the command line. It is not as straight forward as HTTP/SMTP and other text oriented protocols. Establishing the first interaction between a client and broker, ie. client sending the CONNECT control packet[1] and receiving a CONNACK[2] reply, can be done on the command line as follows using netcat. This is again to an unencrypted broker, the client identifying itself with ClientId "a" asking for CleanSession=0. $ echo -en "\x10\x0d\x00\x04MQTT\x04\x00\x00\x00\x00\x01a" |nc localhost 1883|hd 00000000 20 02 01 00 | ...| 00000004 Request and reply being binary it is not obvious to see what is going on unless you are familiar with the details of the protocol (for starters, first byte indicates control packet type, where 0x10 in request is CONNECT, 0x20 in reply is CONNACK). Mosquitto broker log from this exchange, showing the broker accepting the "a" client: 1522681274: New connection from 127.0.0.1 on port 1883. 1522681274: Client a disconnected. 1522681274: New client connected from 127.0.0.1 as a (c0, k0). 1522681274: Sending CONNACK to a (1, 0) 1522681274: Socket error on client a, disconnecting. This can also be done on encrypted endpoints using openssl s_client (somehow s_client stdout doesn't behave well when piped, so redirect to tempfile, and s_client needs to be manually terminated using ctrl-c): $ echo -en "\x10\x0d\x00\x04MQTT\x04\x00\x00\x00\x00\x01a" |openssl s_client -quiet -connect test.mosquitto.org:8883 >out depth=1 C = GB, ST = United Kingdom, L = Derby, O = Mosquitto, OU = CA, CN = mosquitto.org, emailAddress = roger@xxxxxxxxxx verify error:num=19:self signed certificate in certificate chain ^C $ hd out 00000000 20 02 01 00 | ...| 00000004 Hope this was helpful, -- Mikkel [1] http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Ref363033523 [2] http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Ref362964779
Attachment:
signature.asc
Description: OpenPGP digital signature