Closed mpfj closed 8 months ago
So I've now added some extra debug and the CONNACK reply is coming back as:-
20 02 00 05
The reason code is [0x05 Connection Refused, not authorized] which is very confusing as the mosquitto test uses the same username & password but that works !!
Interestingly I don't get reason code 0x04 "Connection Refused, bad user name or password" so I'm guessing the login is correct. Does that point to a certificate issue ?
Finally worked it out from this link
HiveMQ requires the TLS SNI extension to be used so before BIO_do_connect(), I added the following:-
res = SSL_set_tlsext_host_name(ssl, szHost);
if(res != 1)
return FALSE;
Hope that helps someone else!!
@mpfj Can you show detail where to fix this issue, i think i have the same problem with openssl and mbedtls
This fix was done in my own application, not in the MQTT code itself. So I used to have...
BIO_set_conn_hostname(m_pBIO, szHost);
BIO_set_conn_port(m_pBIO, szPort);
BIO_do_connect(m_pBIO);
... which didn't work. But when I changed it to...
BIO_set_conn_hostname(m_pBIO, szHost);
BIO_set_conn_port(m_pBIO, szPort);
SSL_set_tlsext_host_name(ssl, szHost);
BIO_do_connect(m_pBIO);
... it worked.
Using the MQTTC code, I can successfully connect the openssl_publisher to the "default" broker at test.mosquitto.org.
Using the mosquitto_pub tool, I can also publish a message to the HiveMQ broker using:-
Note that there's no need to provide a CA file ... it all works fine without specify either a CA file or an key files.
So I have then commented out the "CA file" lines in openssl_publisher.[ch] and hardcoded the username and password. Try to connect to HiveMQ as follows:-
So it appears to connect to the server but when the topic is published, the socket is closed. The username & password are correct (as proved by the mosquitto_pub tool). And not needing any certificate files is also confirmed (again by the mosquityo tool).
Can anyone shed light on what might be wrong ?