search

eclipse / mosquitto

Eclipse Mosquitto - An open source MQTT broker
https://mosquitto.org
Other
8.67k stars 2.34k forks source link

TPM works on openssl as valid endine for OPENSSL, mosquitto fails #2828

Open fariz-muradov-inno2grid opened 1 year ago

fariz-muradov-inno2grid commented 1 year ago

I have installed TPM library and it is visible in openssl engine -t -c tpm2tss


/mosquitto/certs # openssl engine -t -c tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
 [RSA, RAND]
     [ available ]

But this command is failing to read TSS Header file. mosquitto_sub --cafile ca.crt --cert client.crt --key client.key --tls-engine tpm2tss --keyform engine -d -h h1bbbbc8.emqx.cloud -p 8883 -t ttt

ERROR

/mosquitto/certs #  mosquitto_sub  --cafile ca.crt --cert client.crt   --key client.key --tls-engine tpm2tss --keyform engine  -d -h h1
bbbbc8.emqx.cloud -p 8883 -t ttt 
Error: Problem setting TLS engine, is tpm2tss a valid engine?

Version: eclipse-mosquitto:2.0.13-openssl

rickvargas commented 7 months ago

I think you are facing a problem with OSSL compatibility on the lib name. Take a look at https://github.com/tpm2-software/tpm2-tss-engine/issues/6 .

For quickly testing it, you can just create a symlink of tpm2tss.so to libtpm2tss.so on your OSSL engine path (ENGINESDIR). My case I have OSSL3:

lrwxrwxrwx 1 root root 13 Jul 25  2019 /usr/lib/engines-3/tpm2tss.so -> libtpm2tss.so

My results without the simlink:

~# mosquitto_sub  --cert mycert.crt --key mykey.pem --tls-engine tpm2tss --keyform engine -d -h bbbbc8.emqx.cloud -p 8883 -t ttt 
Error: Problem setting TLS engine, is tpm2tss a valid engine?

with the simlink (I expect it to fail on DNS as it is not a public domain):

~# mosquitto_sub  --cert mycert.crt --key mykey.pem --tls-engine tpm2tss --keyform engine -d -h bbbbc8.emqx.cloud -p 8883 -t ttt 
Unable to connect (Lookup error.).