SSL/TLS Support (Suggested Change)

bluerhinos / phpMQTT

a simple php class to connect/publish/subscribe to a MQTT broker

Other

770 stars 461 forks source link

SSL/TLS Support (Suggested Change) #40

Open ghost opened 7 years ago

ghost commented 7 years ago

Hi,

Thanks for the great script. I see in the issues that SSL/TLS support has been mentioned a few times. Would the following change not implement SSL/TLS?

Changing the following line $this->socket = fsockopen($address, $this->port, $errno, $errstr, 60);

to $this->socket = stream_socket_client('ssl://'.$address.':'.$this->port,$errno,$errstr);

I have tested this and the connection is successful without any SSL errors thrown and message is received by the broker. My question is is this actually a valid TLS connection? When testing on localhost I get:

routines:ssl3_get_server_certificate:certificate verify failed

Would this suggest the working connection is then truly encrypted?

wirelessmundi commented 6 years ago

did you solve your issue?

for me the solution was change the option "cafile" to "capath" in $socketContext options. The connect string i use:

$mqtt = new phpMQTT($server, $port, $client_id, "/etc/ssl/certs");

using php7.0

Hope it helps.

apicquot commented 6 years ago

I am unable to connect to a mosquitto server running TLSv1. I am using php5. I added the CA certificate in the directory and passes it in parameter: $mqtt = new phpMQTT($server, $port, $client_id, "ca.crt"); I am getting the error "unable to connect tls://locahost:8883 (error unknown)". I supsect there is some option to set properly in the socket context ?

Thank you for any help.

techdada commented 6 years ago

I had the same issue and solved it for me (with tls v1.2) by changing the line $this->socket = stream_socket_client("tls://" . $this->address . ":" . $this->port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $socketContext); to $this->socket = stream_socket_client("tlsv1.2://" . $this->address . ":" . $this->port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $socketContext); within phpMQTT.php.

A cleaner way would be to make it configurable as a constructor parameter: $mqtt = new phpMQTT($server, $port, $client_id, "ca.crt", "tlsv1.1");

YashPahwa commented 4 years ago

Thanks @bluerhinos for this simple and great php script. I was working on integrating SSL enabled MQTT client based on PHP, your script helped me greatly!

Keep the good work up!