MQTT over TLS support

[Egglestron]

Hi and thank you for this amazing software!

I'd like to be able to use it over the Internet by exposing the MQTT socket. However, I'd like to be able to do so using the MQTT over TLS of the Home Assistant Mosquitto broker (on port 8883).

Would it be possible to implement support of MQTT over TLS?

[jimmyeao]

this should work if you adjust the port:

I'll set up a public broker so i can test if this isn't working for you :)

[Egglestron]

Hi! I can confirm that it doesn't work over TLS, port 8883.

Teams2HA logs:

2024-02-13 09:32:41.668 +01:00 [DBG] CheckMqttConnection: MQTT Client Not Connected. Attempting reconnection. 2024-02-13 09:32:41.668 +01:00 [INF] Attempting to connect to MQTT (Attempt 1/5) 2024-02-13 09:32:41.676 +01:00 [DBG] Failed to connect to MQTT broker: Error while authenticating. Connection closed. 2024-02-13 09:32:43.677 +01:00 [INF] Attempting to connect to MQTT (Attempt 2/5) 2024-02-13 09:32:43.683 +01:00 [DBG] Failed to connect to MQTT broker: Error while authenticating. Connection closed. 2024-02-13 09:32:45.691 +01:00 [INF] Attempting to connect to MQTT (Attempt 3/5) 2024-02-13 09:32:45.696 +01:00 [DBG] Failed to connect to MQTT broker: Error while authenticating. Connection closed. 2024-02-13 09:32:47.712 +01:00 [INF] Attempting to connect to MQTT (Attempt 4/5) 2024-02-13 09:32:47.719 +01:00 [DBG] Failed to connect to MQTT broker: Error while authenticating. Connection closed. 2024-02-13 09:32:49.723 +01:00 [INF] Attempting to connect to MQTT (Attempt 5/5) 2024-02-13 09:32:49.729 +01:00 [DBG] Failed to connect to MQTT broker: Error while authenticating. Connection closed. 2024-02-13 09:32:51.739 +01:00 [ERR] Failed to connect to MQTT broker after several attempts.

On the MQTT broker side:

2024-02-13 09:31:47: New connection from 192.168.1.22:60542 on port 8883. 2024-02-13 09:31:47: OpenSSL Error[0]: error:1408F10B:SSL routines:ssl3_get_record:wrong version number 2024-02-13 09:31:47: Client disconnected: Protocol error. 2024-02-13 09:31:49: Client connection from 192.168.1.22 failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number.

[jimmyeao]

That's very useful, thanks, I'll try and work on this over the next few days

[jimmyeao]

are you using username/password or ssh keys on mosquitto?

[jimmyeao]

Should be fixed now, please restart the app - it should auto update - and let me know :)

[Egglestron]

Hi! Got some fresh logs for you with the new version (1.1.0.248)!

Teams2HA logs:

2024-02-14 17:50:21.022 +01:00 [INF] MQTT Client Created with TLS on port 8883. 2024-02-14 17:50:21.022 +01:00 [INF] Attempting to connect to MQTT (Attempt 1/5) 2024-02-14 17:50:21.022 +01:00 [DBG] SaveSettings_Click: MQTT Settings Changed and initialze called 2024-02-14 17:50:21.033 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-14 17:50:23.035 +01:00 [INF] Attempting to connect to MQTT (Attempt 2/5) 2024-02-14 17:50:23.049 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-14 17:50:25.064 +01:00 [INF] Attempting to connect to MQTT (Attempt 3/5) 2024-02-14 17:50:25.081 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-14 17:50:27.093 +01:00 [INF] Attempting to connect to MQTT (Attempt 4/5) 2024-02-14 17:50:27.103 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-14 17:50:29.111 +01:00 [INF] Attempting to connect to MQTT (Attempt 5/5) 2024-02-14 17:50:29.131 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-14 17:50:31.133 +01:00 [ERR] Failed to connect to MQTT broker after several attempts. 2024-02-14 17:50:31.135 +01:00 [INF] Error during MQTT subscribe: The client is not connected.

On the MQTT broker side:

2024-02-14 17:51:05: New connection from 192.168.1.22:57595 on port 8883. 2024-02-14 17:51:05: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate 2024-02-14 17:51:05: Client closed its connection.

BTW, I did not activate enforcement of client certificate validation on the broker. Seems that Teams2HA tries to validate the server certificate, without success.

[jimmyeao]

are you using self signed certs?

[jimmyeao]

New version pushed with option to ignore cert errors

[Egglestron]

Hi! I'm using self-signed certs, yes. However, even with "Ignore Cert Errors", doesn't seem to be ignored:

2024-02-16 11:50:41.513 +01:00 [DBG] SaveSettings_Click: Save Settings ClickedSystem.Func`1[System.String] 2024-02-16 11:50:41.515 +01:00 [DBG] SetStartupAsync: Startup set 2024-02-16 11:50:41.516 +01:00 [INF] MQTT Client Created with TLS on port 8883. 2024-02-16 11:50:41.516 +01:00 [INF] Attempting to connect to MQTT (Attempt 1/5) 2024-02-16 11:50:41.527 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-16 11:50:43.527 +01:00 [INF] Attempting to connect to MQTT (Attempt 2/5) 2024-02-16 11:50:43.549 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-16 11:50:45.550 +01:00 [INF] Attempting to connect to MQTT (Attempt 3/5) 2024-02-16 11:50:45.565 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-16 11:50:47.578 +01:00 [INF] Attempting to connect to MQTT (Attempt 4/5) 2024-02-16 11:50:47.602 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-16 11:50:49.610 +01:00 [INF] Attempting to connect to MQTT (Attempt 5/5) 2024-02-16 11:50:49.619 +01:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-02-16 11:50:51.630 +01:00 [ERR] Failed to connect to MQTT broker after several attempts.

[jimmyeao]

can you share your mqtt server config please? Im struggling to replicate this issue :(

[Egglestron]

Sure! I can send the server details privately by email (or anything else that suits you). 😃

[jimmyeao]

thanks!

[Egglestron]

Works perfectly now! Thanks Jimmy!

[Egglestron]

Hi Jimmy,

The certificate errors are back on version 1.1.0.572, even though Ignore Cert Errors is checked:

2024-04-12 10:27:47.904 +02:00 [INF] Attempting to connect to MQTT (Attempt 1/2) 2024-04-12 10:27:47.926 +02:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-04-12 10:27:48.929 +02:00 [INF] Attempting to connect to MQTT (Attempt 2/2) 2024-04-12 10:27:48.942 +02:00 [DBG] Failed to connect to MQTT broker: The remote certificate was rejected by the provided RemoteCertificateValidationCallback. 2024-04-12 10:27:49.955 +02:00 [ERR] Failed to connect to MQTT broker after several attempts.

Are you aware of any software regression?

Thanks, Maxime

[jimmyeao]

Hi, ill look at this over the weekend, nothing should have been regressed

[jimmyeao]

just to keep you updated, I think I have a fix, its in testing now to make sure nothing else is broken

[jimmyeao]

New version pushed, I have tested with TLS over websockets using a valid cert, and TLS over 8883 using a self signed cert as well as with no TLS at all. This should fix it for you, but please note the topics are now all Lower case, you may have to adjust any automations etc,

[Egglestron]

Fixed for me, thanks Jimmy!

[jimmyeao]

Another minor bugfix pushed, please update when you can :)