Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)

From: 백영곤<tommybee@xxxxxxxxx>
Date: Sat, 21 Apr 2018 01:04:55 +0900
Delivered-to: mosquitto-dev@xxxxxxxxxxx
Importance: normal
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Hi,

Did your broker have a configuration with the same cert file?

For example,

cafile /etc/lora-app-server/certs/CAcert.crt

certfile /etc/lora-app-server/certs/CAcert.crt

keyfile /etc/lora-app-server/certs/CAcert.key

If so, what is your system architecture?

Have a good day.

-----Original Message-----
From: "Cedric VIVES"<cvives@xxxxxxxxxxxxxxxx>
To: <mosquitto-dev@xxxxxxxxxxx>;
Cc:
Sent: 2018-04-20 (금) 17:37:27
Subject: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)

Hi,

I have installed a LoRa Server with the following services :
- MQTT Broker (1.4.15-0mosquitto1~xenial1)
- LoRa-Server
- LoRa-App-Server

On the other side, A raspberry Pi (with raspbian) send data with the LoRa-Gateway-Bridge.

When the connection is unencrypted (tcp://@server on the LoRa-Gateway-Bridge.toml), it works !

However, in ssl :

The client is connected :

1524211792: New connection from xxx.xxx.xxx.xxx on port 8883.
1524211792: New client connected from xxx.xxx.xxx.xxx as 96240ae6-28cb-446c-8dd2-0d2d9f045487 (c1, k30).

But it the server doesn't receive anything because :

mosquitto_sub -h FQDN_OF_MY_SERVER -p 8883 -t "#" --cafile /etc/lora-app-server/certs/CAcert.crt

=> Unable to connect (A TLS error occurred.)

The mosquitto logs shows :

1524212646: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
1524212646: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure

For information, it is an official certificate with CN = name of the FQDN of the server.
When i check it by openssl :

openssl s_client -connect FQDN_OF_MY_SERVER:8883 -CAfile /etc/lora-gateway-bridge/certs/CECert.crt

=> Verify return code: 0 (ok)

I have seen in the archive that the same problem occured with older versions but not resolved...have you any advices to fix this issue ?

Thanks.

Regards,
Cédric

-- 
Cédric VIVES
Pôle Infrastructures Informatiques et Télécommunication 
Centre de Services Numériques
Tél. : +33 (0)5 61 55 93 72
cedric.vives@xxxxxxxxxxxxxxxx
INSA Toulouse 
135 avenue de Rangueil 
31077 Toulouse CEDEX 04
France
www.insa-toulouse.fr

Follow-Ups:
- Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)
  - From: Cedric VIVES

References:
- [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)
  - From: Cedric VIVES

Prev by Date: [mosquitto-dev] log complete message
Next by Date: [mosquitto-dev] exclude topic of acl checking.
Previous by thread: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)
Next by thread: Re: [mosquitto-dev] Mosquitto SSL Error : Unable to connect (A TLS error occurred.)
Index(es):
- Date
- Thread

Breadcrumbs