Unable to run PubSub MQTT with TLS

[tassoeloy]

Description

I'm currently working on enabling MQTT with TLS. I started running most of the examples available in order to understand the stack and so on. Finally I came to the tutorial_pubsub_mqtt_publish.c example.

Everything seems to work fine when publishing to a local broker in the port 1883 (without TLS). However, when it comes to follow the steps described in the tutorial for publishing to test.mosquitto.org:8883 or even to a localhost:8883, I get errors from both the Debug Console and the mosquitto broker.

Is there any other CMake options that has to be enabled? Any other configuration that I am not aware of?

I'm facing challenges and would appreciate some guidance from the community.

Background Information / Reproduction Steps

Used CMake options:

cmake -DUA_ENABLE_PUBSUB=ON -DUA_ENABLE_MQTT=ON   ..

I also uncommented and adjusted some part of the .c code:

// Uncomment the following line to enable MQTT via TLS for the example
//#define BROKER_ADDRESS_URL           "opc.mqtt://127.0.0.1:8883"
#define BROKER_ADDRESS_URL           "opc.mqtt://test.mosquitto.org:8883"
#define EXAMPLE_USE_MQTT_TLS
#define CA_FILE_PATH                    "/mnt/c/certs/external/mosquitto.org.crt"

    int connectionOptionIndex = 0;
    UA_KeyValuePair connectionOptions[3];

    UA_String mqttClientId = UA_STRING(MQTT_CLIENT_ID);
    connectionOptions[connectionOptionIndex].key = UA_QUALIFIEDNAME(0, CONNECTIONOPTION_NAME);
    UA_Variant_setScalar(&connectionOptions[connectionOptionIndex++].value, &mqttClientId, &UA_TYPES[UA_TYPES_STRING]);

#ifdef EXAMPLE_USE_MQTT_TLS
    connectionOptions[connectionOptionIndex].key = UA_QUALIFIEDNAME(0, USE_TLS_OPTION_NAME);
    UA_Boolean mqttUseTLS = true;
    UA_Variant_setScalar(&connectionOptions[connectionOptionIndex++].value, &mqttUseTLS, &UA_TYPES[UA_TYPES_BOOLEAN]);

    connectionOptions[connectionOptionIndex].key = UA_QUALIFIEDNAME(0, MQTT_CA_FILE_PATH_OPTION_NAME);
    UA_String mqttCaFile = UA_STRING(CA_FILE_PATH);
    UA_Variant_setScalar(&connectionOptions[connectionOptionIndex++].value, &mqttCaFile, &UA_TYPES[UA_TYPES_STRING]);
#endif

Console while connecnt to test.mosquitto.org

[2024-02-08 13:18:33.484 (UTC+0100)] info/eventloop     Starting the EventLoop
[2024-02-08 13:18:33.484 (UTC+0100)] debug/eventloop    Interrupt       | Starting the InterruptManager
[2024-02-08 13:18:33.484 (UTC+0100)] warn/server        AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-02-08 13:18:33.484 (UTC+0100)] info/server        AccessControl: Anonymous login is enabled
[2024-02-08 13:18:33.484 (UTC+0100)] warn/server        x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-02-08 13:18:33.491 (UTC+0100)] debug/pubsub       DataSet ns=1;i=2        | MetaData creation: Found DataType UtcTime
[2024-02-08 13:18:33.491 (UTC+0100)] debug/network      TCP     | Open a connection to "test.mosquitto.org" on port 8883
[2024-02-08 13:18:33.746 (UTC+0100)] info/network       TCP 4   | New connection to "test.mosquitto.org" on port 8883
[2024-02-08 13:18:33.746 (UTC+0100)] debug/network      MQTT-TCP 4      | Network callback
[2024-02-08 13:18:33.746 (UTC+0100)] debug/network      MQTT-TCP 4      | Created broker connection
[2024-02-08 13:18:33.746 (UTC+0100)] warn/server        Maximum SecureChannels count not enough for the maximum Sessions count
[2024-02-08 13:18:33.746 (UTC+0100)] info/network       TCP     | Listening on all interfaces
[2024-02-08 13:18:33.746 (UTC+0100)] info/network       TCP 6   | Creating server socket for "0.0.0.0" on port 4840
[2024-02-08 13:18:33.746 (UTC+0100)] info/network       TCP 7   | Creating server socket for "::" on port 4840
[2024-02-08 13:18:33.747 (UTC+0100)] info/network       TCP 8   | Creating server socket for "127.0.1.1" on port 4840
[2024-02-08 13:18:33.786 (UTC+0100)] debug/network      TCP 4   | Activity on the socket
[2024-02-08 13:18:33.786 (UTC+0100)] debug/network      TCP 4   | Opening a new connection
[2024-02-08 13:18:33.786 (UTC+0100)] debug/network      MQTT-TCP 4      | Network callback
[2024-02-08 13:18:33.786 (UTC+0100)] info/network       MQTT 4001       | Created connection publishing on topic "customTopic"
[2024-02-08 13:18:34.246 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:34.246 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:34.246 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:34.246 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:34.746 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:34.746 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:34.746 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:35.246 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:35.246 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:35.246 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:35.746 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:35.746 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:35.746 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:36.246 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:36.246 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:36.246 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:36.746 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:36.746 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:36.746 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:37.246 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:37.246 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:37.246 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:37.746 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:37.746 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:37.746 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:38.246 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:38.246 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:38.246 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:38.746 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:38.746 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:38.746 (UTC+0100)] debug/network      TCP 4   | Attempting to send
[2024-02-08 13:18:39.246 (UTC+0100)] debug/pubsub       WriterGroup ns=1;i=3    | Publish Callback
[2024-02-08 13:18:39.246 (UTC+0100)] debug/network      MQTT 4001       | Publishing on topic "customTopic" a message with 39 bytes
[2024-02-08 13:18:39.246 (UTC+0100)] error/pubsub       WriterGroup ns=1;i=3    | Sending NetworkMessage failed

Feedback from local mosquitto broker

1707393160: New connection from 127.0.0.1:59459 on port 8883.
1707393161: OpenSSL Error[0]: error:0A00010B:SSL routines::wrong version number
1707393161: Client <unknown> disconnected: protocol error.

Checklist

Please provide the following information:

• [x] open62541 Version (release number or git tag): master
• [x] Other OPC UA SDKs used (client or server): tested the certificates with mosquitto_pub and mosquitto_sub
• [x] Operating system: WSL - Ubuntu 22.04
• [ ] Logs (with UA_LOGLEVEL set as low as necessary) attached
• [ ] Wireshark network dump attached
• [ ] Self-contained code example attached
• [ ] Critical issue

[tassoeloy]

As stated here: https://github.com/open62541/open62541/pull/5683

They are moving off the previous MQTT-C library to the more professional libwebsockets, so the mqtt lib is only working on version 1.3.x.