Rokasbarasa1
commented
1 year ago I noticed in the windowsLog it was using the latest version of openssl. I have made a new trace with the same version of openssl as the Linux executable. WindowsLog.txt
Open Rokasbarasa1 opened 1 year ago
Rokasbarasa1
commented
1 year ago I noticed in the windowsLog it was using the latest version of openssl. I have made a new trace with the same version of openssl as the Linux executable. WindowsLog.txt
ekawai
commented
1 year ago I am having the same problem. MingW 7.3.0, paho.mqtt.c v1.3.12, OpenSSL 1.1.1j
No progress yet.
icraggs
commented
1 year ago The error in each of the logs is "unknown CA". It seems the server has a problem with the client certificate being presented.
As you are using the MingW environment on Windows, perhaps the certificate file isn't in the right format? I'm not sure whether in this case it should be formatted for Windows or Linux. (On Windows I use the native environment, so I don't know what MingW expects).
Having said that, I presume it would fail to load if in an unexpected format, and the failure would come earlier. But it looks to me likely as a problem with the client certificate files.
jumoog
commented
1 year ago Well ubuntu 20.04 has the ca-certificatespackages and loads trusted CAs.
Under Windows you have to provide your own CA Certs or load the Windows Certs. I made a patch https://github.com/jumoog/paho.mqtt.c/commit/cb3070371ec9b562e96006f9cf919a9a4fa64b2c
Rokasbarasa1
commented
1 year ago Thank you for the responses and your help.
@icraggs Sorry for my lack of technical knowledge in this area... Do you mean where the compiler is getting environment variables from? I have installed MinGW with chocolatey and have not really changed anything, the path was added by chocolatey. This is what I can find related to this:
I am not providing my own certificates in the application, but I will try to do this in the future after I do some reaserch.
@jumoog I have run the patch you made and it is working well. This is the output from it: WindowsFixedLog.txt Is this a patch that will be applied in the new releases of paho.mqtt.c? Should I still try providing my own certificate to overcome this issue?
jumoog
commented
1 year ago @Rokasbarasa1 No I closed my PR #924 . I don't have a good test case for this patch and since I need my own fork anyway I'll just maintain the patch at my fork.
icraggs
commented
1 year ago @jumoog I'm interested in adding your PR, or my version of it for the 1.4 or greater release, as I have a bunch of TLS-related issues and PRs I want to look at and include.
Well ubuntu 20.04 has the
ca-certificatespackages and loads trusted CAs. Under Windows you have to provide your own CA Certs or load the Windows Certs. I made a patch jumoog@cb30703
I didn't realize that these were already added on Ubuntu. Do we call an API to load these, or is it somehow automatic? I'll look at the code and check but it sounds like you know the answer already.
jumoog
commented
1 year ago Yes it happens automatic. ca-certificates installs to /etc/ssl/certs and creates a symbolic link to /usr/lib/ssl/certs
openssl version -a
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
built on: Mon Feb 6 17:57:17 2023 UTC
platform: debian-amd64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-hnAO60/openssl-3.0.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-3"
MODULESDIR: "/usr/lib/x86_64-linux-gnu/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0x7ef8320b078bffff:0x400004219c91a9i made a new PR #1353
Hello, I have a problem with the paho.mqtt.c library with SSL on windows.
Describe the bug I cannot get the library connect to an authenticated MQTT broker (azure iothub) from an executable compiled and run on windows 10. The exact same code works when compiled and run on wsl ubuntu 20.04 with the same credentials. I would like your help to know what I am doing wrong.
To Reproduce A trace of both applications is provided in the log files section, otherwise here are the steps without the variables to reproduce the issue:
Install needed dependencies. MingW 9.4.0, paho.mqtt.c v1.3.12, OpenSSL 1.1.1f
Specify in cmake to use dependencies: ` set(PAHO_WITH_SSL ON) set(PAHO_ENABLE_TESTING OFF) add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/../Modules/paho.mqtt.c paho)
find_package(OpenSSL REQUIRED)
file(GLOB_RECURSE SRC_FILES ${CMAKE_CURRENT_SOURCE_DIR}/Src/*cpp)
add_executable(Simulator ./main.cpp ${SRC_FILES}) target_include_directories(Simulator PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/Include)
target_link_libraries(Simulator PUBLIC paho-mqtt3cs OpenSSL::SSL ) `
MQTTClient_create(&client_, address, client_id, MQTTCLIENT_PERSISTENCE_NONE, NULL);Establish connection using the client: ` MQTTClient_SSLOptions mqtt_ssl_options = MQTTClient_SSLOptions_initializer; mqtt_ssl_options.verify = 1; mqtt_ssl_options.enableServerCertAuth = 1;
MQTTClient_connectOptions mqtt_connect_options = MQTTClient_connectOptions_initializer; mqtt_connect_options.username = username; mqtt_connect_options.password = password; mqtt_connect_options.cleansession = false; // Set to false so can receive any pending messages. mqtt_connect_options.keepAliveInterval = 240; mqtt_connect_options.ssl = &mqtt_ssl_options; mqtt_connect_options.MQTTVersion = MQTTVERSION_3_1_1;
MQTTClientconnect(client, &mqtt_connect_options); `
cmake -G "MinGW Makefiles" -DMQTT_C_CLIENT_TRACE=ON -DMQTT_C_CLIENT_TRACE_LEVEL=PROTOCOL -DPAHO_WITH_SSL=on -DPAHO_ENABLE_TESTING=off -DPAHO_BUILD_STATIC=off -DPAHO_BUILD_SHARED=on ../../Src/App -Wno-dev && make -s && Simulator.exeExpected behavior I would expect the windows version of the library to function in the same way as the Linux one.
Screenshots If it helps here is what I tracked on wireshark of the two different executables:
Log files Trace logs for both os applications WindowsLog.txt LinuxLog.txt
Environment (please complete the following information):
Additional context I am running this on a company laptop that might have certain restrictions by Windows defender that might affect this, but since the wsl one worked it shouldn't be a problem.