Client cannot connect with generated certificates from mosquitto-tls-7
This bug report was converted into a question: question #243445: Client cannot connect with generated certificates from mosquitto-tls-7 .
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mosquitto |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hi,
i followed the instructions for creating certificates from mosquitto-tls-7. Somehow I cannot connect with the client:
mosquitto_sub -h example.org -t "#" -d --cafile /etc/mosquitto/
Client mosqsub/
OpenSSL Error: error:1408F10B:SSL routines:
Following errors show in mosquitto.log:
1391023277: New connection from xxx.xxx.xxx.xxx on port 1883.
1391023277: OpenSSL Error: error:1409442E:SSL routines:
1391023277: OpenSSL Error: error:140940E5:SSL routines:
The ca.crt is created via
openssl req -new -x509 -days <duration> -extensions v3_ca -keyout ca.key -out ca.crt
In the ca.crt it says:
openssl x509 -text -in ca.crt
Certificate:
Data:
Version: 3 (0x2)
...
The server.crt is created via
openssl genrsa -des3 -out server.key 2048
openssl genrsa -out server.key 2048
openssl req -out server.csr -key server.key -new
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration>
and in the server.crt:
openssl x509 -text -in server.crt
Certificate:
Data:
Version: 1 (0x0)
...
The SSL version of the protocolls do not match. But I think they should. Is it a bug in the man?
mosquitto version 1.2.3 (build date 2014-01-06 11:53:51+0000)
OpenSSL 1.0.1e 11 Feb 2013
Let me know if there is something I can provide.
Greetings,
dabozz
You're definitely using mosquitto_sub from 1.2 or newer? Previous
versions would use TLSv1 only. You could try specifying the version of
TLS to use on the mosquitto_sub command line and/or in the mosquitto
configuration file.
It certainly should work!
On Wed, Jan 29, 2014 at 8:04 PM, dabozz <email address hidden> wrote: ca_certificates /ca.crt 21114-raspberry sending CONNECT SSL3_GET_ RECORD: wrong version number SSL3_READ_ BYTES:tlsv1 alert protocol version SSL3_READ_ BYTES:ssl handshake failure /bugs.launchpad .net/bugs/ 1274272 /bugs.launchpad .net/mosquitto/ +bug/1274272/ +subscriptions
> Public bug reported:
>
> Hi,
> i followed the instructions for creating certificates from mosquitto-tls-7. Somehow I cannot connect with the client:
>
> mosquitto_sub -h example.org -t "#" -d --cafile /etc/mosquitto/
> Client mosqsub/
> OpenSSL Error: error:1408F10B:SSL routines:
>
> Following errors show in mosquitto.log:
>
> 1391023277: New connection from xxx.xxx.xxx.xxx on port 1883.
> 1391023277: OpenSSL Error: error:1409442E:SSL routines:
> 1391023277: OpenSSL Error: error:140940E5:SSL routines:
>
>
> The ca.crt is created via
> openssl req -new -x509 -days <duration> -extensions v3_ca -keyout ca.key -out ca.crt
>
> In the ca.crt it says:
> openssl x509 -text -in ca.crt
> Certificate:
> Data:
> Version: 3 (0x2)
> ...
>
> The server.crt is created via
> openssl genrsa -des3 -out server.key 2048
> openssl genrsa -out server.key 2048
> openssl req -out server.csr -key server.key -new
> openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration>
>
> and in the server.crt:
> openssl x509 -text -in server.crt
> Certificate:
> Data:
> Version: 1 (0x0)
> ...
>
> The SSL version of the protocolls do not match. But I think they should. Is it a bug in the man?
> mosquitto version 1.2.3 (build date 2014-01-06 11:53:51+0000)
> OpenSSL 1.0.1e 11 Feb 2013
>
> Let me know if there is something I can provide.
>
> Greetings,
> dabozz
>
> ** Affects: mosquitto
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are subscribed to
> mosquitto.
> https:/
>
> Title:
> Client cannot connect with generated certificates from mosquitto-tls-7
>
> To manage notifications about this bug go to:
> https:/