search

dotnet / MQTTnet

MQTTnet is a high performance .NET library for MQTT based communication. It provides a MQTT client and a MQTT server (broker). The implementation is based on the documentation from http://mqtt.org/.
MIT License
4.51k stars 1.07k forks source link

ASP.Net Core 3.0+Linux+Dokcer+TLS #994

Closed zhaopeiym closed 4 years ago

zhaopeiym commented 4 years ago

environment

error

 {
        "Depth": 0,
        "ClassName": "",
        "Message": "Authentication failed, see inner exception.",
        "Source": "MQTTnet",
        "StackTraceString": "   at MQTTnet.Adapter.MqttChannelAdapter.WrapException(Exception exception)\n   at MQTTnet.Adapter.MqttChannelAdapter.ConnectAsync(TimeSpan timeout, CancellationToken cancellationToken)\n   at MQTTnet.Client.MqttClient.ConnectAsync(IMqttClientOptions options, CancellationToken cancellationToken)\n   at MQTTnet.Client.MqttClient.ConnectAsync(IMqttClientOptions options, CancellationToken cancellationToken)\n   at MQTTnet.Extensions.ManagedClient.ManagedMqttClient.ReconnectIfRequiredAsync()",
        "RemoteStackTraceString": "",
        "RemoteStackIndex": -1,
        "HResult": -2146233088,
        "HelpURL": null
      },
      {
        "Depth": 1,
        "ClassName": "",
        "Message": "Authentication failed, see inner exception.",
        "Source": "System.Private.CoreLib",
        "StackTraceString": "   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)\n   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)\n   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)\n   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)\n   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)\n--- End of stack trace from previous location where exception was thrown ---\n   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)\n   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)\n--- End of stack trace from previous location where exception was thrown ---\n   at MQTTnet.Implementations.MqttTcpChannel.ConnectAsync(CancellationToken cancellationToken)\n   at MQTTnet.Implementations.MqttTcpChannel.ConnectAsync(CancellationToken cancellationToken)\n   at MQTTnet.Internal.MqttTaskTimeout.WaitAsync(Func`2 action, TimeSpan timeout, CancellationToken cancellationToken)\n   at MQTTnet.Adapter.MqttChannelAdapter.ConnectAsync(TimeSpan timeout, CancellationToken cancellationToken)",
        "RemoteStackTraceString": "",
        "RemoteStackIndex": -1,
        "HResult": -2146233087,
        "HelpURL": null
      },
      {
        "Depth": 2,
        "ClassName": "",
        "Message": "SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.",
        "Source": "System.Net.Security",
        "StackTraceString": "   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)\n   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)",
        "RemoteStackTraceString": "",
        "RemoteStackIndex": -1,
        "HResult": -2146233088,
        "HelpURL": null
      },
      {
        "Depth": 3,
        "ClassName": "",
        "Message": "error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure",
        "Source": null,
        "StackTraceString": null,
        "RemoteStackTraceString": "",
        "RemoteStackIndex": -1,
        "HResult": 336151568,
        "HelpURL": null
      }

It's been bothering me for a long time , Ask for help !!! thank you !!!

zhaopeiym commented 4 years ago

已解决,两种方案实现TLS连接:

1、通过WebSocket 
var mqttClientOptions = new MqttClientOptionsBuilder()
             .WithClientId(clientID)
             .WithWebSocketServer("broker.hivemq.com:443/mqtt")
             .WithCredentials(userName, password)
             .WithTls();

2、只需要导入client.pfx,不需要ca.crt
var clientCert = new X509Certificate2(AppConfig.MqttPfxFile); 
var mqttClient = new MqttFactory().CreateManagedMqttClient();
var mqttClientOptions = new MqttClientOptionsBuilder()
             .WithClientId(clientID)
             .WithTcpServer(address, port)
             .WithCredentials(userName, password)
             .WithTls(new MqttClientOptionsBuilderTlsParameters()
             {
                 UseTls = true,
                 SslProtocol = System.Security.Authentication.SslProtocols.Tls12,
                 CertificateValidationHandler = (o) =>
                 {
                     return true;
                 },
                 Certificates = new []{                                      
                     clientCert,
                 }
             });

生成pfx:openssl pkcs12 -export -in client.crt -inkey client.key -out client.pfx