Open FinitelyFailed opened 2 months ago
Hey, it looks like the ca-cert's version isn't supported by rustls ( maybe it's X509 older versions? ).
Can you try with older version of rumqttc as well as latest main branch? Just to verify if it's newly included or something that rustls never supported, thanks
Thanks, I'll try an older version.
This is the cert I'm trying to use:
$ openssl x509 -in mosquitto.org.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
05:8d:61:94:21:af:76:3e:0d:84:15:e4:67:fb:8b:51:93:48:2c:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = GB, ST = United Kingdom, L = Derby, O = Mosquitto, OU = CA, CN = mosquitto.org, emailAddress = roger@atchoo.org
Validity
Not Before: Jun 9 11:06:39 2020 GMT
Not After : Jun 7 11:06:39 2030 GMT
Subject: C = GB, ST = United Kingdom, L = Derby, O = Mosquitto, OU = CA, CN = mosquitto.org, emailAddress = roger@atchoo.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c1:34:1c:a9:88:cd:f4:ce:c2:42:8b:4f:74:c7:
1d:ef:8e:6d:d8:b3:6a:63:e0:51:99:83:eb:84:df:
df:32:5d:35:e6:06:62:7e:02:11:76:f2:3f:a7:f2:
de:d5:9c:f1:2d:9b:a1:6e:9d:ce:b1:fc:49:d1:5f:
f6:ea:37:db:41:89:03:d0:7b:53:51:56:4d:ed:f1:
75:af:cb:9b:72:45:7d:a1:e3:91:6c:3b:8c:1c:1c:
6a:e4:19:8e:91:88:34:76:a9:1d:19:69:88:26:6c:
aa:e0:2d:84:e8:31:5b:d4:a0:0e:06:25:1b:31:00:
b3:4e:a9:90:41:62:33:0f:aa:0d:f2:e8:fe:cc:45:
28:1e:af:42:51:5e:90:c7:82:ca:68:cb:09:b3:70:
3c:9c:aa:ca:11:66:3d:6c:22:a3:f3:c3:32:bb:81:
4f:33:c7:dd:c8:a8:06:7a:c9:58:a5:dc:dc:e8:d7:
74:b1:85:24:e7:e3:ee:93:f4:8f:f7:6b:d8:b1:fb:
d9:e4:af:bf:73:d0:40:59:7d:d0:26:4f:16:1a:c2:
51:c4:47:49:2c:68:13:ac:a3:18:e7:67:cf:b7:fa:
3e:f7:8b:20:1e:7b:e2:44:0e:47:0b:7c:78:f9:f4:
ca:27:6b:4c:2d:62:72:d8:a4:10:3d:e7:1d:88:4c:
50:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:55:EB:10:54:14:F8:86:28:3C:A8:E5:5D:FE:1D:B8:78:37:D6:12
X509v3 Authority Key Identifier:
F5:55:EB:10:54:14:F8:86:28:3C:A8:E5:5D:FE:1D:B8:78:37:D6:12
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
66:bd:91:2d:b5:37:bd:13:84:ce:bf:1e:3f:43:ee:66:d5:c4:
a2:c1:8d:55:9e:d9:33:ec:19:f6:e5:de:b1:03:7d:9f:8e:29:
16:76:8f:a0:02:ea:be:e3:6f:84:d9:3b:77:73:17:6a:7a:76:
06:eb:95:4e:f5:63:fe:0a:d1:37:73:22:34:63:dd:c4:37:29:
29:b8:d4:9b:d4:43:48:59:fd:cd:38:88:60:e0:ff:15:9f:fa:
9a:79:f2:77:cf:01:8c:2e:7a:ba:ee:3c:d5:a6:95:2b:56:01:
77:f4:51:3a:91:b6:0e:21:40:35:81:b9:41:43:25:3b:96:ba:
e0:6f:11:7b:9d:cf:be:1e:87:fc:0a:b0:cc:1f:bb:51:c5:be:
3c:b9:67:48:8c:0d:4f:0f:50:37:a9:8d:5a:25:38:2b:9e:f5:
ab:21:95:2e:04:07:92:04:09:d4:91:d9:32:2d:9c:02:22:23:
08:a6:c7:cd:fd:2d:d5:1d:46:e7:5a:7c:cb:b9:4f:95:e6:6b:
5f:36:38:2d:3f:bb:fc:51:94:49:be:b6:f2:86:1a:67:c5:70:
dd:29:8a:a5:65:f0:ea:d2:3c:18:08:95:bf:b5:20:a2:44:9b:
f5:eb:89:6a:ff:0a:ae:21:fc:97:c1:ec:d4:ec:7b:35:6c:96:
09:01:6a:85
Expected Behavior
When using the given ca-cert being able to connect to a broker which is setup with TLS.
Current Behavior
I'm trying to connect to mosquitto test brokers (https://test.mosquitto.org/), and when I try to connect to one listed as: "8883 : MQTT, encrypted, unauthenticated". Which states that I shall use the ca-cert file provided by mosquitto (mosquitto.org.crt). But when do try I get: "I/O: invalid peer certificate: Other(OtherError(UnsupportedCertVersion))".
Context