rumqttc - How to connect to Mosquitto test broker with TLS

[FinitelyFailed]

Expected Behavior

When using the given ca-cert being able to connect to a broker which is setup with TLS.

Current Behavior

I'm trying to connect to mosquitto test brokers (https://test.mosquitto.org/), and when I try to connect to one listed as: "8883 : MQTT, encrypted, unauthenticated". Which states that I shall use the ca-cert file provided by mosquitto (mosquitto.org.crt). But when do try I get: "I/O: invalid peer certificate: Other(OtherError(UnsupportedCertVersion))".

Context

• Operating System: Kubuntu 22.04
• Toolchain version: Cargo 1.76.0, rumqttc 0.24.0

[swanandx]

Hey, it looks like the ca-cert's version isn't supported by rustls ( maybe it's X509 older versions? ).

Can you try with older version of rumqttc as well as latest main branch? Just to verify if it's newly included or something that rustls never supported, thanks

[FinitelyFailed]

Thanks, I'll try an older version.

This is the cert I'm trying to use:

$ openssl x509 -in mosquitto.org.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:8d:61:94:21:af:76:3e:0d:84:15:e4:67:fb:8b:51:93:48:2c:0c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = GB, ST = United Kingdom, L = Derby, O = Mosquitto, OU = CA, CN = mosquitto.org, emailAddress = roger@atchoo.org
        Validity
            Not Before: Jun  9 11:06:39 2020 GMT
            Not After : Jun  7 11:06:39 2030 GMT
        Subject: C = GB, ST = United Kingdom, L = Derby, O = Mosquitto, OU = CA, CN = mosquitto.org, emailAddress = roger@atchoo.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c1:34:1c:a9:88:cd:f4:ce:c2:42:8b:4f:74:c7:
                    1d:ef:8e:6d:d8:b3:6a:63:e0:51:99:83:eb:84:df:
                    df:32:5d:35:e6:06:62:7e:02:11:76:f2:3f:a7:f2:
                    de:d5:9c:f1:2d:9b:a1:6e:9d:ce:b1:fc:49:d1:5f:
                    f6:ea:37:db:41:89:03:d0:7b:53:51:56:4d:ed:f1:
                    75:af:cb:9b:72:45:7d:a1:e3:91:6c:3b:8c:1c:1c:
                    6a:e4:19:8e:91:88:34:76:a9:1d:19:69:88:26:6c:
                    aa:e0:2d:84:e8:31:5b:d4:a0:0e:06:25:1b:31:00:
                    b3:4e:a9:90:41:62:33:0f:aa:0d:f2:e8:fe:cc:45:
                    28:1e:af:42:51:5e:90:c7:82:ca:68:cb:09:b3:70:
                    3c:9c:aa:ca:11:66:3d:6c:22:a3:f3:c3:32:bb:81:
                    4f:33:c7:dd:c8:a8:06:7a:c9:58:a5:dc:dc:e8:d7:
                    74:b1:85:24:e7:e3:ee:93:f4:8f:f7:6b:d8:b1:fb:
                    d9:e4:af:bf:73:d0:40:59:7d:d0:26:4f:16:1a:c2:
                    51:c4:47:49:2c:68:13:ac:a3:18:e7:67:cf:b7:fa:
                    3e:f7:8b:20:1e:7b:e2:44:0e:47:0b:7c:78:f9:f4:
                    ca:27:6b:4c:2d:62:72:d8:a4:10:3d:e7:1d:88:4c:
                    50:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F5:55:EB:10:54:14:F8:86:28:3C:A8:E5:5D:FE:1D:B8:78:37:D6:12
            X509v3 Authority Key Identifier: 
                F5:55:EB:10:54:14:F8:86:28:3C:A8:E5:5D:FE:1D:B8:78:37:D6:12
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        66:bd:91:2d:b5:37:bd:13:84:ce:bf:1e:3f:43:ee:66:d5:c4:
        a2:c1:8d:55:9e:d9:33:ec:19:f6:e5:de:b1:03:7d:9f:8e:29:
        16:76:8f:a0:02:ea:be:e3:6f:84:d9:3b:77:73:17:6a:7a:76:
        06:eb:95:4e:f5:63:fe:0a:d1:37:73:22:34:63:dd:c4:37:29:
        29:b8:d4:9b:d4:43:48:59:fd:cd:38:88:60:e0:ff:15:9f:fa:
        9a:79:f2:77:cf:01:8c:2e:7a:ba:ee:3c:d5:a6:95:2b:56:01:
        77:f4:51:3a:91:b6:0e:21:40:35:81:b9:41:43:25:3b:96:ba:
        e0:6f:11:7b:9d:cf:be:1e:87:fc:0a:b0:cc:1f:bb:51:c5:be:
        3c:b9:67:48:8c:0d:4f:0f:50:37:a9:8d:5a:25:38:2b:9e:f5:
        ab:21:95:2e:04:07:92:04:09:d4:91:d9:32:2d:9c:02:22:23:
        08:a6:c7:cd:fd:2d:d5:1d:46:e7:5a:7c:cb:b9:4f:95:e6:6b:
        5f:36:38:2d:3f:bb:fc:51:94:49:be:b6:f2:86:1a:67:c5:70:
        dd:29:8a:a5:65:f0:ea:d2:3c:18:08:95:bf:b5:20:a2:44:9b:
        f5:eb:89:6a:ff:0a:ae:21:fc:97:c1:ec:d4:ec:7b:35:6c:96:
        09:01:6a:85