eclipse-paho / paho.mqtt.m2mqtt

Eclipse Public License 1.0
521 stars 303 forks source link

X509 Authentication with IoT Hub & C# not working #53

Closed trbenning closed 3 years ago

trbenning commented 7 years ago

I'm trying the following code, but no messages are ever posted to IoT Hub

var deviceId = "2c8540ee-85df-4f1a-b35f-00124e1d3c4a";

var caCert = new X509Certificate2("c:\\certs\\iothub_ca.crt");   // From https://github.com/Azure/azure-iot-sdk-c/blob/master/certs/certs.c
var clientCert = new X509Certificate2("C:\\certs\\device.pfx");

var client = new MqttClient(
    "my-iot-hub.azure-devices.net", 
    MqttSettings.MQTT_BROKER_DEFAULT_SSL_PORT, true,
    caCert,
    clientCert,
    MqttSslProtocols.TLSv1_2);

client.Connect(deviceId);

client.Publish($"devices/{deviceId}/messages/events/", Encoding.UTF8.GetBytes("Hello"));

I've verified that my device.pfx file works with the IoT Hub Device SDK, but nothing I try with MqttClient is working.

Additionally, there appears to be some sort of resource leak because my cpu creeps up every time I call client.Publish, but never comes back down.

JStuve commented 7 years ago

Couple things I recommend fixing/trying:

  1. Fix the caCert from "c:\" to "C:\" for the sake of consistency.
  2. clientCert = new X509Certificate(fileName, password). Using X509Certificate instead of X509Certificate2
  3. clientCert may be looking for a password. I used this merge for my clientCert using OpenSSL: pkcs12 -export -out YOURPFXFILE.pfx -inkey -private.pem.key -in -certificate.pem.crt
xingzhougmu commented 7 years ago

@JStuve @trbenning I also have SSL issue. Not idea what's happening.

I have similar issue. my broker is talking over ssl. On server side (broker side) I used self-signed cert signed by self-signed CA. On client side, I install the CA cert in the trusted authority. However, I always get the generic uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException in .net. I can connect to the broker via MQTT.fx.

{uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException: Exception of type 'uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException' was thrown. at uPLibrary.Networking.M2Mqtt.MqttClient.SendReceive(Byte[] msgBytes, Int32 timeout) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, String willTopic, String willMessage, Boolean cleanSession, UInt16 keepAlivePeriod) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password)

The code to create the client is as below:

X509Certificate2 caCert = new X509Certificate2(Directory.GetCurrentDirectory() + "/Certs/Development/RootCA.crt");
                MqttClient client = new MqttClient(brokerHostName, 443, true, caCert, null, MqttSslProtocols.TLSv1_2);
string clientId = Guid.NewGuid().ToString();
client.Connect(clientId, userName, password);

By checking the network trace, it seems the SSL channel has been established. However, after some time (few seconds) the connection is failed with communication error.

MetSystem commented 6 years ago

I also have SSL issue. Not idea what's happening.

sivshan commented 6 years ago

Guys, Is there a resolution to the above problem? I'm receiving the same error

trbenning commented 6 years ago

I don't think this package is being maintained anymore. I ended up converting my app to .net core, and I'm using the Microsoft.Azure.Devices package to communicate with iot hub. If .net core isn't an option, you could consider using the amqp protocol instead, and using the amqpnetlite package, which I believe is still actively supported.

JTrotta commented 6 years ago

Move to https://github.com/chkr1011/MQTTnet

xingzhougmu commented 6 years ago

Be sure that the mqtt version you set for the client is the same as what has been configured in the broker side.

xing zhou 邮箱:zhouxingapply@163.com

签名由 网易邮箱大师 定制

On 01/21/2018 14:27, sivshan wrote:

Guys, Is there a resolution to the above problem? I'm receiving the same error

ex {uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException: Exception of type 'uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException' was thrown.

at uPLibrary.Networking.M2Mqtt.MqttClient.SendReceive(Byte[] msgBytes, Int32 timeout) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, String willTopic, String willMessage, Boolean cleanSession, UInt16 keepAlivePeriod) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId) at AWSIoT.Program.d__8.MoveNext() in C:\Personal\Paydatum\AWSIoT\AWSIoT\Program.cs:line 88} System.Exception {uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException}

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

sivshan commented 6 years ago

Xing,

Thanks for the response. I'm using AWS MQTT as the device gateway. How do I find out that the MQTT Version for client is same as the server?

Below is my source code. I'm getting error in the bold line. Am I missing anything here?

             private const string IotEndpoint = "

a2vf6ihlpxlxf6.iot.us-east-2.amazonaws.com"; ///

/// TLS1.2 port used by AWS IoT /// private const int BrokerPort = 8883; /// /// this must match - partially - what the subscribed is subscribed too /// nicksthings = the THING i created in AWS IoT /// t1/t555 is just an arbitary topic that i'm publishing to. (It needs 2 parts for the rule I'm using to work) /// private const string Topic = "GaneshM2MQTT/#"; var clientCert = new X509Certificate2("C:\Personal\Paydatum\AWSIoT\AWSIoT\YOURPFXFILE.pfx", "XXXX#");

            var caCert =

X509Certificate.CreateFromSignedFile("C:\Personal\Paydatum\AWSIoT\amazonrootca.pem");

            // create the client
            var client = new MqttClient(IotEndpoint, BrokerPort, true,

caCert, clientCert, MqttSslProtocols.TLSv1_2); //message to publish - could be anything var message = "ganesh plz work"; string clientId = Guid.NewGuid().ToString(); //client naming has to be unique if there was more than one publisher

Thanks, Siva Manickam

On Mon, Jan 22, 2018 at 2:49 AM, xing zhou notifications@github.com wrote:

Be sure that the mqtt version you set for the client is the same as what has been configured in the broker side.

xing zhou 邮箱:zhouxingapply@163.com

签名由 网易邮箱大师 定制

On 01/21/2018 14:27, sivshan wrote:

Guys, Is there a resolution to the above problem? I'm receiving the same error

ex {uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException: Exception of type 'uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException' was thrown.

at uPLibrary.Networking.M2Mqtt.MqttClient.SendReceive(Byte[] msgBytes, Int32 timeout) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, String willTopic, String willMessage, Boolean cleanSession, UInt16 keepAlivePeriod) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId) at AWSIoT.Program.d__8.MoveNext() in C:\Personal\Paydatum\AWSIoT\AWSIoT\Program.cs:line 88} System.Exception {uPLibrary.Networking.M2Mqtt.Exceptions. MqttCommunicationException}

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/eclipse/paho.mqtt.m2mqtt/issues/53#issuecomment-359359006, or mute the thread https://github.com/notifications/unsubscribe-auth/AGJ60vfOdz6NHkC_XYzDhWhOAG3iOzDGks5tNEuUgaJpZM4N5HXN .

-- Thanks Siva Manickam 312-800-3083

dgotrik commented 6 years ago

When using self-signed certificates, you will need to change

var client = new MqttClient(IotEndpoint, BrokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2);

to

var client = new MqttClient(IotEndpoint, BrokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2, client_RemoteCertificateValidationCallback);

with the callback looking like

bool client_RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors){     
// logic for validation here
}

This will fix your TLS connection issues.

lyte99 commented 4 years ago

When using self-signed certificates, you will need to change

var client = new MqttClient(IotEndpoint, BrokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2);

to

var client = new MqttClient(IotEndpoint, BrokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2, client_RemoteCertificateValidationCallback);

with the callback looking like

bool client_RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors){     
// logic for validation here
}

This will fix your TLS connection issues.

This worked for me. Thanks.

trbenning commented 3 years ago

It doesn't seem that there's anything left to do here, so I'm closing this issue.

EmilioTaimingo commented 2 years ago

client_RemoteCertificateValidationCallback

y como lo agregaste al codigo me puedes ayudar tengo el mismo problema