search

php-mqtt / laravel-client

An MQTT client library for Laravel.
MIT License
185 stars 19 forks source link

SSL/TLS connection configuration #42

Closed StevenFV closed 1 year ago

StevenFV commented 1 year ago

I try to connect my Laravel web application to a MQTT broker with SSL/TLS. I have configure the .env file in my web application:

MQTT_HOST=//mosquitto
MQTT_PORT=8883
MQTT_TLS_ENABLED=true
MQTT_TLS_ALLOW_SELF_SIGNED_CERT=true
MQTT_TLS_CA_FILE=/usr/local/share/ca-certificates/ca.crt
MQTT_TLS_CLIENT_CERT_FILE=/usr/local/share/ca-certificates/client.crt
MQTT_TLS_CLIENT_CERT_KEY_FILE=/usr/local/share/ca-certificates/client.key

It seems to have an issue because I get this error when the app try to connect: image PhpMqtt\Client\Exceptions\ConfigurationInvalidException Certificate Authority file setting must contain the path to a regular file.

I have try to add quotes, double quotes and curly brakets but nothing works. I have triple check the pathname and all is good.

When I dump and die the env variable I get the good path: image image

It have something I doing wrong or is an issue with the package?

Namoshek commented 1 year ago

Does the user (which is used to run the PHP web server or CLI script) have read permissions to the certificates? And can you give the output of ls -lsa /usr/local/share/ca-certificates?

StevenFV commented 1 year ago

Yes, the user have the read permission to the certificates. This is the ouput for ls -lsa /usr/local/share/ca-certificates:

image

image

Namoshek commented 1 year ago

Thanks, then another check: php -r "var_dump(is_file('/usr/local/share/ca-certificates/ca.crt'));"

And are you sure that the Laravel configuration is not cached? Your check above did query the env() directly, but the MQTT client uses the Laravel configuration system which may be cached.

StevenFV commented 1 year ago

Ok thank you very much for your help, I understood what the error was. With the php -r "var_dump(is_file('/usr/local/share/ca-certificates/ca.crt'));" command I understood that the php docker did not have access to the file. So I moved it to a place where the docker has access and now that I no longer have this error.

Instead, I have this one [2000] Establishing a connection to the MQTT broker failed: TLS error [UNKNOWN:1]: Unknown error. According to you for this error, it is the certification which is not correct or the authentication?

Namoshek commented 1 year ago

The error is actually the most accurate one can give, PHP literally gives no info in some cases. My best guess is that MQTT_HOST=//mosquitto is wrong and the // are the issue. However, if removing the slashes doesn't help, you might want to try to connect without TLS first, in order to rule out other issues (network, firewall, etc.).

StevenFV commented 1 year ago

Ok thanks for your help and your time it's very appreciated. I'm now able to connect without SSL/TLS so my problem is now more at the level of my MQTT broker. I will continue my research at this level. Thanks