Closed bnuzhouwei closed 9 months ago
You need to set up an SSL context, and supply that to connect()
code fragments from my application:
def __sslClientSetup(self) -> int:
"""
Initializse self.client SSL context, must be called after self.client is instantiated.
return port number for connection.
"""
if self.o['broker'].url.scheme[-1] == 's':
port = 8883
logger.info('tlsRigour: %s' % self.o['tlsRigour'])
self.o['tlsRigour'] = self.o['tlsRigour'].lower()
if self.o['tlsRigour'] == 'lax':
self.tlsctx = ssl.create_default_context()
self.tlsctx.check_hostname = False
self.tlsctx.verify_mode = ssl.CERT_NONE
elif self.o['tlsRigour'] == 'strict':
self.tlsctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
self.tlsctx.options |= ssl.OP_NO_TLSv1
self.tlsctx.options |= ssl.OP_NO_TLSv1_1
self.tlsctx.check_hostname = True
self.tlsctx.verify_mode = ssl.CERT_REQUIRED
self.tlsctx.load_default_certs()
# TODO Find a way to reintroduce certificate revocation (CRL) in the future
# self.tlsctx.verify_flags = ssl.VERIFY_CRL_CHECK_CHAIN
# https://github.com/MetPX/sarracenia/issues/330
elif self.o['tlsRigour'] == 'normal':
self.tlsctx = ssl.create_default_context()
else:
self.logger.warning(
"option tlsRigour must be one of: lax, normal, strict")
self.client.tls_set_context(self.tlsctx)
else:
port = 1883
if self.o['broker'].url.port:
port = self.o['broker'].url.port
return port
then in connect:
self.client.connect( self.o['broker'].url.hostname, port=self.__sslClientSetup(), \
clean_start=False, properties=props )
Closing this as it looks like the question has been answered.
I has a broker that host mqtt server with websockets on https
connect:
got error: