Closed krishnaTORQUE closed 1 month ago
I have no idea what is coded in mosquitto. But the source code is available if you want to look: https://github.com/eclipse/mosquitto
This library calls the upstream Paho C library, which uses OpenSSL for the secure sockets. The enable_server_cert_auth()
just comes down to a single call (SSLSocket.c:724):
if (opts->enableServerCertAuth)
SSL_CTX_set_verify(net->ctx, SSL_VERIFY_PEER, NULL);
Full details are available here: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html
Thanks
That is absolutely correct.
Confusion is this command working.
mosquitto_sub -h mqtt.example.com -p 8883 -u user -P pass -t '#' --cafile ca.crt -d
While mqtt paho for rust not working.
let ssl_opt: SslOptions = SslOptionsBuilder::new()
.ca_path("/path/to/ca.crt")
.map_err(|e| error!("Mqtt ca.crt error: {}", e))
.unwrap()
.finalize()
Error
[-1] TCP/TLS connect failure
Changing from ca_path
to trust_store
resolved the issue.
Is
enable_server_cert_auth
same as--insecure
?Is this equivalent to
mosquitto_sub --insecure --cafile ca.crt -h mqtt.example.com -p 8883
?