Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Proxy and tls settings not working

Hi Mark,

Thanks for the report, I hope you'll be relieved to hear that it's not
you that's at fault. The problem was that TLS was getting configured
before SOCKS, which meant the SOCKS connection didn't work.

I've made a change on the fixes branch, if you're able to test it I'd
appreciate the feedback. Let me know if you need any help with that.



On Mon, 14 Jan 2019 at 18:56, Mark Oeltjenbruns
<mark.oeltjenbruns@xxxxxxxxx> wrote:
> I have a working TLS setup to my custom mosquitto broker.  I can connect just fine over TLS without any issues.  I'm using mosquittopp in my app.  When I tried to add proxy support things don't work.  I thought it was something in my setup, but nothing I changed in my code or at the server seemed to make a difference, although sometimes the errors would change slightly.
> My next test was to use the mosquitto_pub command, using the same certs as my application, which worked as expected.  When I added "--proxy socks5h://localhost:8080" it immediately responds "Error: A TLS error occurred."
> For the socks5 proxy, I'm doing something simple like "ssh -D 8080 -N <name>:localhost -v -v -v"
> I don't see anything from mosquitto_pub hitting the proxy.  I can use the proxy with firefox and curl with the same settings, so I don't think it is a proxy setup issue, but rather something with mosquitto_pub(or mosquitopp).
> I've tried all sorts of combinations to figure out what I'm doing wrong, including not using a FQDN but ip address for the host, thinking maybe the dns was not working correctly.  I can view https connections via firefox and curl without issues, so I don't think it is some weird TLS thing.  I've also tried to allow 'insecure' and not require certificates on the broker, although it doesn't look like it is even getting that far.  It does seem to work if I don't use TLS in mosquitto_pub, which makes me think something is messed up with the proxy/tls support, or my certs are somehow incorrect, even though passing --insecure and not enforcing needing matching certs in the chain(require_certificate false).  I've also set allow_anonymous true.
> The broker is version 1.4, however, my understanding is that using a proxy shouldn't require a different mosquitto broker version as it should be transparent if I'm connecting to it via TLS or via TLS/Socks5.  The mosquitto_pub is V 1.4.12.  Although I'm using tls, I'm only listening on port 1883, which I've specified in the mosquitto_pub command.
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Back to the top