I hope this is the proper mailing list for
this issue. I looked for a users list but couldn't find one. Let
me know if this belongs elsewhere.
Having a problem trying to use X25519 with
mosquitto broker. A client device (Tasmota) has been configured
with a certificate that contains an X25519 public key, and an
RSA signature. The broker is configured with "cafile" matching
the signature on the device certificate.
A Wireshark capture of the initial TLS
connection looks okay with Client and Server Hello packets, but
I don't have the expertise to do a deep dive into these packets
to say for certain that all is okay. However, I do see the
device's Client Hello packet advertising the expected cipher
suite (ECDHE_RSA_WITH_AES_128_GCM_SHA256),
and the expected public key type (X25519).
The Mosquitto broker logs a message "New
connection from <ip address> on port 8883".
For some reason the
Client-Hello/Server-Hello exchange happens twice, and then
Mosquitto prints this error from the OpenSSL library:
tls_process_cert_verify: signature for
non signing certificate
My only guess here is that the error happens
because X25519 cannot be used for signing -- only key
exchange...but the actual signature on the certificate is an RSA
signature from a self-signed root CA that is configured into the
broker via "cafile".
Can anyone help me with this? I can provide
the broker log text and Wireshark pcap files it that will help
any...