Closed DavidHill0809 closed 1 year ago
hi @DavidHill0809!
Thank you for reporting this. I will get back to you once I am able to reproduce the issue with the steps you did and will have the fix ready.
hi @DavidHill0809,
Unfortunately, I was not able to reproduce the issue.
I have generated certificates using easy-rsa for both the server and client and used the same config in docker-compose file.
Could you pls let me know what version of mosquitto cli you are using? Maybe the reason is there if you have an older version of mosquitto.
dlandiak@dlandiak:~$ mosquitto_sub --help mosquitto_sub is a simple mqtt client that will subscribe to a set of topics and print all messages it receives. mosquitto_sub version 2.0.15 running on libmosquitto 2.0.15.
dlandiak@dlandiak:~$ mosquitto_pub --help mosquitto_pub is a simple mqtt client that will publish a message on a single topic and exit. mosquitto_pub version 2.0.15 running on libmosquitto 2.0.15.
Hi Dima,
@.***
I'm not sure how to proceed. I could give you access to the VM if it would help.
Regards, David
From: Dima Landiak @.> Sent: Tuesday, July 25, 2023 3:26 PM To: thingsboard/tbmq @.> Cc: David Hill @.>; Mention @.> Subject: Re: [thingsboard/tbmq] [Bug] (Issue #54)
You don't often get email from @.**@.>. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification
Caution: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know that the content is safe. Use the "Report Phishing" button if you suspect the email is suspicious.
hi @DavidHill0809https://github.com/DavidHill0809,
Unfortunately, I was not able to reproduce the issue.
I have generated certificates using easy-rsa for both the server and client and used the same config in docker-compose file.
[image]https://user-images.githubusercontent.com/10978307/255912033-fabd71bf-165a-491a-b044-aa46558c4af1.png [image]https://user-images.githubusercontent.com/10978307/255912072-d9a2c4c7-9a11-468e-9541-baee166102d9.png
Could you pls let me know what version of mosquitto cli you are using? Maybe the reason is there if you have an older version of mosquitto.
@.***:~$ mosquitto_sub --help mosquitto_sub is a simple mqtt client that will subscribe to a set of topics and print all messages it receives. mosquitto_sub version 2.0.15 running on libmosquitto 2.0.15.
@.***:~$ mosquitto_pub --help mosquitto_pub is a simple mqtt client that will publish a message on a single topic and exit. mosquitto_pub version 2.0.15 running on libmosquitto 2.0.15.
- Reply to this email directly, view it on GitHubhttps://github.com/thingsboard/tbmq/issues/54#issuecomment-1649844801, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AR3RMSCHFO64Z56CJ6LXBU3XR7COVANCNFSM6AAAAAA2SYUWHU. You are receiving this because you were mentioned.Message ID: @.**@.>>
The solution David found:
"I think I have found the issue.
mosquitto_sub -h [hostname] -p 8883 --cafile ca.crt --cert tbmq-cpa-gateway-0001.crt --key tbmq-cpa-gateway-0001.key -t "a/2/3" -d –insecure
When I use –insecure then it connects. I need to rebuild my server certificate to match the hostname correctly."
Closing the issue as resolved.
@DavidHill0809, pls reopen in case of anything else you face regarding this topic.
Describe the bug Java error when using X.509 certificate based TLS authentication
Your Server Environment
Your Client Environment Ubuntu 22.04.2LTS, OpenSSL 3.0.2
No real device, just created certificates to authenticate on tbmq
$ mosquitto_pub -h dx-prod-mqtt1.nec.xon.co.za -p 8883 --cafile ./ca.crt --cert ./tbmq-cpa-gateway-0001.crt --key ./tbmq-cpa-gateway-0001.key -q 1 -t "tb/mqtt-integration-tutorial/sensors/SN-001/temperature" -m '{"value":25.1}' Error: A TLS error occurred.
$ openssl x509 -noout -subject -in tbmq-cpa-gateway-0001.crt subject=CN = tbmq-cpa-gateway-0001
To Reproduce I have created X.509 certificates for OpenVPN and MQTT TLS authentication. The certiifcates are working fine with OpenVPN but they give this error when connecting to tbmq. Google shows that the error, which is:
2023-07-21 12:13:32,325 [nioEventLoopGroup-5-7] WARN o.t.m.b.server.MqttSessionHandler - [c124bdc8-0600-47d1-976a-785fcf3f8358] Exception on SSL handshake. Reason - Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
Is a JVM error and has been resolved in later versions of Java.
I have configured (in the tbmq docker compose file:
LISTENER_SSL_ENABLED: true LISTENER_SSL_PROTOCOL: TLSv1.2 LISTENER_SSL_CREDENTIALS_TYPE: PEM LISTENER_SSL_PEM_CERT: /data/ssl/dx-prod-tb-mqtt-vpn1.crt LISTENER_SSL_PEM_KEY: /data/ssl/dx-prod-tb-mqtt-vpn1.key SECURITY_MQTT_AUTH_STRATEGY: single SECURITY_MQTT_SSL_ENABLED: true
The docker log shows no error when loading the certificate and key listen in the configuration and the tbmq GUI shows TLS Listener enabled and X.509 certificate authentication enabled.
Steps to reproduce the behavior:
create certificates for server and client using OpenSSL/easy-rsa. Install the server certificates on tbmq and use mosquitto_pub to publish to port 8883.