Re: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a ce

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate

From: Hitesh Pratyush V <hiteshpratyush@xxxxxxxxx>
Date: Wed, 30 May 2018 15:46:21 +0530
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

The problem is that you haven't included the client.key and client.crt in the keystore or the certificates are wrong. You can check the validity of certificates using the mosquitto_pub and mosquitto_sub client included on mosquitto-clients package.

On Wed 30 May, 2018, 3:37 PM shekhar singhal, <shekhar.2709@xxxxxxxxx> wrote:

Hi,
Please suggest.
Client jar mqttv31.1.0.jar(eclipse.paho)
mosquitto version 1.4.8
When using client auth getting error - ssl3_get_client_certificate:peer did not return a certificate.
Below is my mosquitto.conf file and java client details:
mosquitto.conf
cafile /etc/mosquitto/ca_certificates/ca.pem
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.pem
require_certificate true
use_identity_as_username true
port 8883
java client
          client = new MqttClient("ssl://localhost:8883", "Session_3");
	connOpt = new MqttConnectOptions();
	connOpt.setCleanSession(true);
	
        Properties sslProperties = new Properties();
	
	sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORE, "/home/KeyStore.jks");
	sslProperties.put(SSLSocketFactoryFactory.TRUSTSTOREPWD, "123456");
           sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORETYPE, "JKS");
           sslProperties.put(SSLSocketFactoryFactory.CLIENTAUTH, true);
    
    sslProperties.put(SSLSocketFactoryFactory.KEYSTORE, "/home/clientStore.jks");
    sslProperties.put(SSLSocketFactoryFactory.KEYSTOREPWD, "123456");
    sslProperties.put(SSLSocketFactoryFactory.KEYSTORETYPE, "JKS");
    
    
    connOpt.setSSLProperties(sslProperties);

	client.connect(connOpt);
	
	client.subscribe("sample_T");
	
	client.setCallback( new MQTTSampleSubscriber() );
Getting error
MQTT Con: Session_3, READ: TLSv1.2 Alert, length = 2
MQTT Con: Session_3, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
MQTT Con: Session_3, called closeSocket()
MQTT Con: Session_3, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
MQTT Con: Session_3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
MQTT Con: Session_3, called close()
MQTT Con: Session_3, called closeInternal(true)
MqttException (0) - javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:664)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1779)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1156)
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1266)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1178)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:93)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:650)
... 1 more
mosquitto log says :
1527668974: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
1527668974: Socket error on client , disconnecting.
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

Follow-Ups:
- Re: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate
  - From: shekhar singhal

References:
- [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate
  - From: shekhar singhal

Prev by Date: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate
Next by Date: Re: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate
Previous by thread: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate
Next by thread: Re: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate
Index(es):
- Date
- Thread

Breadcrumbs