mosquitto

Bug #1274272
Comment #3

Comment 3 for bug 1274272

Revision history for this message

dabozz (dabozz7) wrote on 2014-01-31:

Hi,
I have
mosquitto_sub version 1.2.3 running on libmosquitto 1.2.3.

my mosquitto.conf is:

# Place your local configuration in /etc/mosquitto/conf.d/
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d

conf.d/mosquitto.conf:

require_certificate false
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
tls_version tlsv1

The certificates are generated by the man mosquitto-tls-7.
While generating the certificates for the client I changed the CN and Organisational Unit like you described here:
https://<email address hidden>/msg00076.html

mosquitto_sub -h ip-adress -t "#" -d --cafile /etc/mosquitto/ca_certificates/ca.crt --key /etc/mosquitto/client/client.key --cert /etc/mosquitto/client/client.crt --tls-version tlsv1
Enter PEM pass phrase:
Client mosqsub/32020-raspberry sending CONNECT
OpenSSL Error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error: Protocol error

mosquitto_pub -h ip-adress -t "test" -m hello --cafile /etc/mosquitto/ca_certificates/ca.crt --tls-version tlsv1 --key /etc/mosquitto/client/client.key --cert /etc/mosquitto/client/client.crt -d
Enter PEM pass phrase:
Client mosqpub/32030-raspberry sending CONNECT
OpenSSL Error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error: Protocol error

/var/log/mosquitto/mosquitto.log:

1391196703: mosquitto version 1.2.3 (build date 2014-01-06 11:53:51+0000) starting
1391196703: Config loaded from /etc/mosquitto/mosquitto.conf.
1391196703: Opening ipv4 listen socket on port 1883.
1391196703: Opening ipv6 listen socket on port 1883.
1391196703: Warning: Address family not supported by protocol
1391196705: New connection from 95.117.127.121 on port 1883.
1391196707: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1391196707: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1391196707: Socket read error on client (null), disconnecting.
1391196712: New connection from 95.117.127.121 on port 1883.
1391196714: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1391196714: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1391196714: Socket read error on client (null), disconnecting.
1391196728: mosquitto version 1.2.3 terminating
1391196728: Saving in-memory database to /var/lib/mosquitto/mosquitto.db.

That means I sorted out the 'tlsv1 alert protocol version' issue. but now I got a new one, can someone give me hints, please?

dabozz