search

eclipse / paho.mqtt.python

paho.mqtt.python
Other
2.19k stars 723 forks source link

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1123) #705

Closed byronbonkers closed 2 months ago

byronbonkers commented 1 year ago 
import time
import logging
import paho.mqtt.client as mqtt
from OpenSSL import SSL
import os
import ssl

log = logging.getLogger('RemoTV.hardware.l298n')

logging.basicConfig(level=logging.DEBUG)

sleeptime = 0.2
rotatetimes = 0.4

StepPinForward = None
StepPinBackward = None
StepPinLeft = None
StepPinRight = None

def setup(robot_config):
    global StepPinForward
    global StepPinBackward
    global StepPinLeft
    global StepPinRight
    global sleeptime
    global rotatetimes

    sleeptime = robot_config.getfloat('l298n', 'sleeptime')
    rotatetimes = robot_config.getfloat('l298n', 'rotatetimes')

    log.debug("GPIO mode : %s", str(GPIO.getmode()))

    GPIO.setwarnings(False)
    GPIO.cleanup()

    if robot_config.getboolean('tts', 'ext_chat'):  # ext_chat enabled, add motor commands
        extended_command.add_command('.set_rotate_time', set_rotate_time)
        extended_command.add_command('.set_sleep_time', set_sleep_time)

    # TODO passing these as tuples may be unnecessary, it may accept lists as well.
    StepPinForward = tuple(map(int, robot_config.get('l298n', 'StepPinForward').split(',')))
    StepPinBackward = tuple(map(int, robot_config.get('l298n', 'StepPinBackward').split(',')))
    StepPinLeft = tuple(map(int, robot_config.get('l298n', 'StepPinLeft').split(',')))
    StepPinRight = tuple(map(int, robot_config.get('l298n', 'StepPinRight').split(',')))

def on_message(client, userdata, message):
    payload = message.payload.decode('utf-8')

    GPIO.setmode(GPIO.BOARD)
    GPIO.setup(12, GPIO.OUT)
    GPIO.setup(11, GPIO.OUT)
    GPIO.setup(15, GPIO.OUT)
    GPIO.setup(16, GPIO.OUT)
    GPIO.setup(36, GPIO.OUT)
    GPIO.setup(35, GPIO.OUT)

    if payload == 'f':
        GPIO.output(12, GPIO.HIGH)
        time.sleep(sleeptime)
        GPIO.output(12, GPIO.LOW)
    if payload == 'b':
        GPIO.output(11, GPIO.HIGH)
        time.sleep(sleeptime)
        GPIO.output(11, GPIO.LOW)
    if payload == 'l':
        GPIO.output(15, GPIO.HIGH)
        time.sleep(sleeptime * rotatetimes)
        GPIO.output(15, GPIO.LOW)
    if payload == 'r':
        GPIO.output(16, GPIO.HIGH)
        time.sleep(sleeptime * rotatetimes)
        GPIO.output(16, GPIO.LOW)
    if payload == 'z':
        GPIO.output(36, GPIO.HIGH)
        time.sleep(sleeptime * rotatetimes)
        GPIO.output(36, GPIO.LOW)
    if payload == 'x':
        GPIO.output(35, GPIO.HIGH)
        time.sleep(sleeptime * rotatetimes)
        GPIO.output(35, GPIO.LOW)

ca_cert_path = "fullchain1.pem"
client = mqtt.Client()

# Set the TLS/SSL parameters for the client
client.tls_set(
    ca_certs=ca_cert_path,
    certfile='cert1.pem',
    keyfile='privkey1.pem',
    cert_reqs=ssl.CERT_REQUIRED,
    tls_version=SSL.SSLv23_METHOD
)

client.username_pw_set(username="not posting my passwd", password="lol ahah")

# client.tls_insecure_set(False)

client.on_message = on_message

client.connect('clawclan.co.uk',8083)

client.subscribe("clawmachine/controls")

client.loop_forever()

Thats the python code that I'm using to connect to my mqtt broker, I have been through multiple issues as tlsv1.3 isn't supported by pyopenssl or something, I have spent days trying to get this code to work and fixing issues, and this one has been making me lose my mind hahahahahahahahah.

My mosquitto config:

allow_anonymous false
password_file /home/pi/claw/passwordfile.txt

listener 1883 localhost

listener 8883
certfile /home/pi/claw/cert1.pem
cafile /home/pi/claw/chain1.pem
keyfile /home/pi/claw/privkey1.pem

listener 8083
protocol websockets
certfile /home/pi/claw/cert1.pem
cafile /home/pi/claw/chain1.pem
keyfile /home/pi/claw/privkey1.pem

This is the error I'm getting when I run the .py file

pi@raspberrypi:~/claw $ python3 cac.py
Traceback (most recent call last):
  File "/home/pi/claw/cac.py", line 102, in <module>
    client.connect('clawclan.co.uk', 8083)
  File "/home/pi/.local/lib/python3.9/site-packages/paho/mqtt/client.py", line 914, in connect
    return self.reconnect()
  File "/home/pi/.local/lib/python3.9/site-packages/paho/mqtt/client.py", line 1073, in reconnect
    sock.do_handshake()
  File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1123)

If u want me to add anything, just ask, as I will be just checking for responses, for the rest of the day

MattBrittan commented 9 months ago

Sorry for the huge delay in responding (note that you are more likely to get a quick answer to this kind of question on stackoverflow). You may well have resolved this in the interim but, if not, can you please run "openssl.exe s_client -connect clawclan.co.uk:443" to verify the broker certificate setup.

MattBrittan commented 2 months ago

Closing due to inactivity/age (took a long time for the initial response on our side!).