search

njouanin / hbmqtt

MQTT client/broker using Python asynchronous I/O
MIT License
800 stars 188 forks source link

Mosquitto CA test file expired? #230

Closed HerrMuellerluedenscheid closed 3 years ago

HerrMuellerluedenscheid commented 3 years ago

Hey @njouanin, I ran the nosetests locally and ran into an SSL error:

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA certificate key too weak (_ssl.c:1051)
asyncio: ERROR: SSL error in data received
protocol: <asyncio.sslproto.SSLProtocol object at 0x7ff59855fba8>
transport: <_SelectorSocketTransport closing fd=150 read=idle write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "/home/marius/.pyenv/versions/3.7.1/lib/python3.7/asyncio/sslproto.py", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/home/marius/.pyenv/versions/3.7.1/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/home/marius/.pyenv/versions/3.7.1/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA certificate key too weak (_ssl.c:1051)
hbmqtt.client: WARNING: MQTT connection failed: SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA certificate key too weak (_ssl.c:1051)')

Does the tests/mosquitto.org.crt maybe need to be renewed?

Best regards Marius

HerrMuellerluedenscheid commented 3 years ago

I can confirm that the certificate is expired. I'm going to open a MR that downloads the certificate on the fly.

HerrMuellerluedenscheid commented 3 years ago

232 resolves this issue. Thus, closing.