Hi,
Was it okey for testing between LoRa Server with client and Mosquitto broker with client without secure connection?
client <--> LoRa
client <--> Mosquitto
client <--> LoRa <--> Mosquitto
I have seen the message when the certification was not matching between client and server.
I made my own cert and test the cases as i described with open ssl.
https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh
-----Original Message-----
From: "Cedric VIVES"<cvives@xxxxxxxxxxxxxxxx>
To: "General development discussions for the mosquitto project"<mosquitto-dev@xxxxxxxxxxx>; "Stefan May"<stefan.may@xxxxxxx>;
Cc:
Sent: 2018-04-23 (월) 21:47:56
Subject: Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)
Hi,
My client mail add the slash for the italic...my corrections beside :
Le 23/04/2018 à 14:27, Stefan May a écrit :
>
> On 04/20/2018 10:37 AM, Cedric VIVES wrote:
>> Hi,
>>
>> I have installed a LoRa Server with the following services :
>> - MQTT Broker (*1.4.15*-0mosquitto1~xenial1)
>> - LoRa-Server
>> - LoRa-App-Server
>>
>> On the other side, A raspberry Pi (with raspbian) send data with the
>> LoRa-Gateway-Bridge.
>>
>> When the connection is unencrypted (tcp://@server on the
>> LoRa-Gateway-Bridge.toml), it works !
>>
>> However, in ssl :
>>
>> The client is connected :
>>
>> /1524211792: New connection from xxx.xxx.xxx.xxx on port 8883.//
>> //1524211792: New client connected from xxx.xxx.xxx.xxx as
>> 96240ae6-28cb-446c-8dd2-0d2d9f045487 (c1, k30)./
>>
>> But it the server doesn't receive anything because :
>>
>> /mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#" --cafile
>> /etc/lora-app-server/certs/CAcert.crt/
>
> Did you recognize the slash (/) after the certificate?
The command used is :
mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#" --cafile
/etc/lora-app-server/certs/DigiCertCA.crt
=> Unable to connect (A TLS error occurred.)
>
>>
>> /*=> Unable to connect (A TLS error occurred.)*/
>>
>> The mosquitto logs shows :
>>
>> /*1524212646: OpenSSL Error: error:14094418:SSL
>> routines:ssl3_read_bytes:tlsv1 alert unknown ca*//*
>> *//*1524212646: OpenSSL Error: error:140940E5:SSL
>> routines:ssl3_read_bytes:ssl handshake failure*/
>>
>> For information, it is an official certificate with CN = name of the
>> FQDN of the server.
>> When i check it by openssl :
>>
>> /openssl s_client -connect //FQDN_OF_MY_SERVER//:8883 -CAfile
>> /etc/lora-gateway-bridge/certs/CECert.crt/
>
> Same here and here it is called CECert.crt with an E?
I made a mistake in the mail but no in my config, it is :
openssl s_client -connect FQDN_OF_MY_SERVER:8883 -CAfile
/etc/lora-gateway-bridge/certs/DigiCertCA.crt
>
>>
>> */=> Verify return code: 0 (ok)/*
>>
>> I have seen in the archive that the same problem occured with older
>> versions but not resolved...have you any advices to fix this issue ?
>>
>> Thanks.
>>
>> Regards,
>> Cédric
>>
>> --
>> Cédric VIVES
>> Pôle Infrastructures Informatiques et Télécommunication
>> Centre de Services Numériques
>> Tél. : +33 (0)5 61 55 93 72
>> cedric.vives@xxxxxxxxxxxxxxxx
>> INSA Toulouse
>> 135 avenue de Rangueil
>> 31077 Toulouse CEDEX 04
>> France
>>
www.insa-toulouse.fr>>
>>
>>
>> _______________________________________________
>> mosquitto-dev mailing list
>> mosquitto-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or
>> unsubscribe from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
>>
>
--
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse
135 avenue de Rangueil
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev
