Hi Andreas,
there are some async SSL tests in test/test5.c, that may be a good
place to start with some examples.
You don't need to set the serverURIs connect option at all, if you
are only connecting to one server/IP address. serverURIs is just
for when you have a backup broker/server as well as a primary.
Ian
On 06/16/2015 02:43 PM, Andreas Sturm
wrote:
Hello!
I am trying to set up a mosquitto mqtt broker which communicates
with a Paho client. The Paho client is cross-compiled from the
C-library (Async-C-Library V. 1.0.3) for an ARMv7 machine which
runs a debian linux and the mosquitto broker (V. 1.4.2) is from
the PPA. So I hope they are both up to date.
The unencrypted communication works fine, but I have problems to
use SSL. I created a self-signed certificate on the server with
OpenSSL and using the mosquitto sub/pub functions on my local
machine worked just fine. Unfortunately the Paho Client doesn't
work. Here are some lines from my source code:
MQTTAsync_connectOptions conn_opts =
MQTTAsync_connectOptions_initializer;
MQTTAsync_SSLOptions ssl_opts = MQTTAsync_SSLOptions_initializer;
char uri[] = "ssl://10.10.10.10:8883";
char** connections = &uri; // I'm
actually not sure if this is correct..
ssl_opts.enableServerCertAuth = FALSE; // Just for
testing?!
ssl_opts.trustStore = "/etc/paho/mqtt_srv.pem";
ssl_opts.enabledCipherSuites = "TLSv1.2";
conn_opts.ssl = &ssl_opts;
conn_opts.serverURIs = connections;
conn_opts.serverURIcount = 1;
MQTTAsync_create(&client, "ssl://10.10.10.10:8883", CLIENTID,
MQTTCLIENT_PERSISTENCE_NONE, NULL);
if ((rc = MQTTAsync_connect(client, &conn_opts)) !=
MQTTASYNC_SUCCESS)
{
printf("Failed to start connect, return code %d\n", rc);
}
When I start my program there are no log entries on the server,
but I get the following log messages on the client (previously set
export MQTT_C_CLIENT_TRACE=ON and export
MQTT_C_CLIENT_TRACE_LEVEL=PROTOCOL):
20150616 130748.006 getaddrinfo failed for addr ssl://10.10.10.10
with rc -2
20150616 130748.006 ssl://10.10.10.10 is not a valid IP address
and my program enters the connection-failure callback function.
By the way, I also tried to connect to test.mosquitto.org on port
8883 (of course with the provided certificate), which also does
not work on my Paho client, but with the mosquitto_pub/sub
methods.
I would be very grateful for a working example code or a little
hint.
Best regards,
Andreas
PS: I dont know if this might be interesting for you, but here are
the commands for the OpenSSL certificate generation:
openssl req -new -x509 -days 3650 -keyout mqtt_ca.key -out
mqtt_ca.crt
openssl genrsa -des3 -out mqtt_srv.key 1024
openssl req -out mqtt_srv.csr -key mqtt_srv.key -new
openssl x509 -req -in mqtt_srv.csr -CA mqtt_ca.crt -CAkey
mqtt_ca.key -CAcreateserial -out mqtt_srv.crt -days 3650
and the settings I changed in the mosquitto.conf:
port 8883
cafile ../sslcerts/certs/new/mqtt_ca.crt
certfile ../sslcerts/certs/new/mqtt_srv.crt
keyfile ../sslcerts/certs/new/mqtt_srv.key
--
AUTARCON GmbH
Franz-Ulrich-Straße 18 f
34117 Kassel
Germany
Amtsgericht Kassel,HRB 15086
Geschäftsführung: Florian Benz, Alexander Goldmaier
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
--
Ian Craggs
icraggs@xxxxxxxxxx IBM United Kingdom
Paho Project Lead; Committer on Mosquitto
|