search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
367 stars 132 forks source link

Using protocol MQTTS trigger a protocol error on server side #498

Open vulcainman opened 8 months ago

vulcainman commented 8 months ago

Bug description

When the script is used to check a MQTTS server, it works as expected but, an error is logged on broker side indicating a protocol error:

1705416973: New connection from 10.83.86.20:55972 on port 8883.
1705416973: Client <unknown> disconnected due to protocol error.

Steps to reproduce

Call the script against a mosquitto server:

check_ssl_cert -P mqtts -H my.host.com -p 8883

Expected behavior

The script should indicate if the SSL certificate is OK and, it should init and close the connection with the MQTT broker properly.

System:

matteocorti commented 6 months ago

We send a CONNECT control packet as client a

\x10\x0d\x00\x04MQTT\x04\x00\x00\x00\x00\x01a

but we don't close.

matteocorti commented 6 months ago

I am not an expert: if someone has an example of the payload to close cleanly, please post it.