Can I NOT key-in client.key PEM pass phrase when launching mosquitto_pub / mosquitto_sub
Hi,
I have created a ca cert, server cert, client cert, server key and client key by following the instructions at http://
I have a broker instance up and running using ca.crt, server.crt and server.key. In mosquitto.conf, require_certificate is set to false.
I am able to connect successfully to pub / sub messages to/from this broker using mosquitto_pub and mosquitto_sub by supplying --cafile ca.crt --cert client.crt --key client.key
Here is my instructions:
mosquitto_sub -h 10.5.161.76 -p 8883 --cafile ca.crt --cert client.crt --key client.key -t topic
mosquitto_pub -h 10.5.161.76 -p 8883 --cafile ca.crt --cert client.crt --key client.key -t topic -m "hello topic"
My question is when launching mosquitto_pub / mosquitto_sub. I need to enter PEM pass phrase then.
Is it possible to provide PEM pass phrase on other ways(not stdin) ?
Zoe
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- mosquitto Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- ZoeSu
- Solved:
- Last query:
- Last reply:
Revision history for this message
|
#1 |
I'm afraid this isn't possible with mosquitto_
It is fairly trivial to add in yourself though. You just need to create a password callback function something like:
int pw_callback(char *buf, int size, int rwflag, void *userdata)
{
char *pw;
pw = get_password();
strncpy(buf, pw, size);
buf[size-1] = '\0';
return strlen(buf);
}
And then pass that as the final argument to mosquitto_
Revision history for this message
|
#2 |
Hi Roger,
Thanks for your response. That solved my question.
Revision history for this message
|
#3 |
Hi guys,
I have same problem.
I applied your suggestions @Roger
I'm trying to communicate using SSL between my mosquitto c++ client and mosquitto broker.
Yeah mosquitto_
But in my c++ client i could not succeed although i created static pw_callback function and passed to it mosquitto_tls method.
Im getting below error from broker side.
May 24 18:57:53 ubuntu mosquitto[11998]: OpenSSL Error: error:140940E5:SSL routines:
May 24 18:57:53 ubuntu mosquitto[11998]: Socket error on client (null), disconnecting.
Here is my pseudo codes
bool MyClass:
{
int sslresult = tls_set(
"/home/
"/home/
"/home/
"/home/
findpw);
int result = connect(this->host, this->port, this->keepalive);
if(result == MOSQ_ERR_SUCCESS && sslresult == MOSQ_ERR_SUCCESS)
return true;
else
return false;
}
static int findpw(char* buf, int size, int rwflag, void* userdata)
{
char *pw;
pw = "test"; //here is my client.key phrase. No problem this is just for testing certs.
strncpy(buf, pw,size);
buf[size-1] = '\0';
return strlen(buf);
}
Is there any suggestion guys ?
Thank you.
Revision history for this message
|
#4 |
It looks like wrong coding in findpw()
Please refer
http://
You can try this and check if it work ?
static int findpw(char* buf, int size, int rwflag, void* userdata)
{
char pw[4] = "test";
strncpy(buf, pw, size);
buf[size-1] = '\0';
return strlen(buf);
}
Revision history for this message
|
#5 |
Hi ZoeSu;
i tried that one
static int findpw(char* buf, int size, int rwflag, void* userdata)
{
char pw[5] = "test";
strncpy(
buf[size-1] = '\0';
return strlen(buf);
}
pw[4] returns error initializer-string for array of chars is too long. so then i set to 5 char and tried.
Unfortunately Result is the same. {ssl handshke fail.}
by the way as you see i passed the method findpw to (pw_callback) function pointer.
But i could not see any call for this pointer in mosuqitto.c file.
size variable is not set i guess.
interesting things are rwflag and userdata are also not used ?
Revision history for this message
|
#6 |
Hi emin inal,
1) To avoid the IOT issues, please check mosquitto client/server version is the same or not ? for example, mosquitto server/client version in my end:
mosquitto version 1.1.3
mosquitto_pub version 1.1.3
2) You must initial struct "mosquittopp_test" before tls_set. Do you have this initialization ?
struct mosquittopp_test *mosq;
BRs,
Revision history for this message
|
#7 |
Hi ZoeSu;
Yes i have defined a pointer to my KAConnection class instance in my main.cpp.
I called connection-
By the way; These are my versions;
mosquitto Broker: mosquitto version 1.3.1 (build date 2014-03-25 00:22:28+0000)
mosuqittopp client version 1.3.1
----main.cpp----
class KAConnection *connection;
int rc;
mosqpp::lib_init();
connection = new KAConnection(
clientAddres
serverAddres
broadcastAdd
url.c_str(),
port);
-------
-my default constructor-
-------
KAConnection:
, const char * broadcastTopic
, const char * host, int port) : mosquittopp(id)
{
this->keepalive = 60;
this->id = id;
this->port = port;
this->host = host;
this->
this->
this->
this->
this->bufferSize = 2550;
};
-------
-and my openSession method-
-------
bool KAConnection:
{
int sslresult = tls_set(
"/home/
"/home/
"/home/
"/home/
findpw);
int result = connect(this->host, this->port, this->keepalive);
if(result == MOSQ_ERR_SUCCESS && sslresult == MOSQ_ERR_SUCCESS)
return true;
else
return false;
}
static int findpw(char* buf, int size, int rwflag, void* userdata)
{
char pw[5] = "test";
strncpy(
buf[size-1] = '\0';
return strlen(buf);
}
-------
I think the problem is my client.key phrases not parsed and set truly.
Because i can also communicate without SSL with no problem.
Revision history for this message
|
#8 |
mosquitto_
Revision history for this message
|
#9 |
I've just pushed a test for this to the 1.4 branch on bitbucket, could
you try that?
https:/
It works fine for me.
You wouldn't expect the callback to be used in mosquitto directly, it
is an openssl call.
Cheers,
Roger
On Mon, May 26, 2014 at 11:56 AM, emin inal
<email address hidden> wrote:
> Question #230287 on mosquitto changed:
> https:/
>
> emin inal posted a new comment:
> Hi ZoeSu;
>
> Yes i have defined a pointer to my KAConnection class instance in my main.cpp.
> I called connection-
>
> By the way; These are my versions;
> mosquitto Broker: mosquitto version 1.3.1 (build date 2014-03-25 00:22:28+0000)
> mosuqittopp client version 1.3.1
>
> ----main.cpp----
>
> class KAConnection *connection;
> int rc;
> mosqpp::lib_init();
> connection = new KAConnection(
> clientAddress.
> serverAddress.
> broadcastAddres
> url.c_str(),
> port);
> -------
>
>
> -my default constructor-
> -------
> KAConnection:
> , const char * broadcastTopic
> , const char * host, int port) : mosquittopp(id)
> {
> this->keepalive = 60;
> this->id = id;
> this->port = port;
> this->host = host;
> this->subscribe
> this->broadcast
> this->published
> this->reveivedM
> this->bufferSize = 2550;
> };
> -------
>
>
> -and my openSession method-
> -------
> bool KAConnection:
> {
> int sslresult = tls_set(
> "/home/
> "/home/
> "/home/
> "/home/
> findpw);
> int result = connect(this->host, this->port, this->keepalive);
> if(result == MOSQ_ERR_SUCCESS && sslresult == MOSQ_ERR_SUCCESS)
> return true;
> else
> return false;
> }
>
> static int findpw(char* buf, int size, int rwflag, void* userdata)
> {
> char pw[5] = "test";
> strncpy(
> buf[size-1] = '\0';
> return strlen(buf);
> }
> -------
>
> I think the problem is my client.key phrases not parsed and set truly.
>
> Because i can also communicate without SSL with no problem.
>
> --
> You received this question notification because you are a member of
> Mosquitto PPA, which is an answer contact for mosquitto.
Revision history for this message
|
#10 |
Hi @Roger
I downloaded 1.4 branch.
the server.crt and server.key are signed by all-ca.crt.
and client-
But how should I configure to the mosquitto broker ? i did this configuration on my local mosquitto broker;
-------
bind_address 0.0.0.0
port 1883
max_connections -1
cafile /home/emin/
capath /home/emin/
certfile /home/emin/
keyfile /home/emin/
require_certificate true
persistence true
persistence_
log_dest syslog
-------
However I notice that under the below folder
~/test/lib/cpp$
"08-ssl-
What should you suggest ?
BRs.
Revision history for this message
|
#11 |
Try "make test" from the source directory. If it doesn't give an error,
everything worked fine.
On May 26, 2014 6:36 PM, "emin inal" <email address hidden>
wrote:
> Question #230287 on mosquitto changed:
> https:/
>
> emin inal posted a new comment:
> Hi @Roger
>
> I downloaded 1.4 branch.
>
> the server.crt and server.key are signed by all-ca.crt.
> and client-
> side.
>
>
> But how should I configure to the mosquitto broker ? i did this
> configuration on my local mosquitto broker;
> -------
> bind_address 0.0.0.0
> port 1883
> max_connections -1
> cafile /home/emin/
> capath /home/emin/
> certfile /home/emin/
> keyfile /home/emin/
> require_certificate true
> persistence true
> persistence_
> log_dest syslog
> -------
>
> However I notice that under the below folder
> ~/test/lib/cpp$
>
> "08-ssl-
> localhost broker at all. I could not see any request on logs ?
>
> What should you suggest ?
>
> BRs.
>
> --
> You received this question notification because you are a member of
> Mosquitto PPA, which is an answer contact for mosquitto.
>
Revision history for this message
|
#12 |
Or do:
cd test/lib
make test-compile
./08-ssl-
The config file listens on port 1888.
On Mon, May 26, 2014 at 7:02 PM, Roger Light
<email address hidden> wrote:
> Question #230287 on mosquitto changed:
> https:/
>
> Roger Light posted a new comment:
> Try "make test" from the source directory. If it doesn't give an error,
> everything worked fine.
> On May 26, 2014 6:36 PM, "emin inal" <email address hidden>
> wrote:
>
>> Question #230287 on mosquitto changed:
>> https:/
>>
>> emin inal posted a new comment:
>> Hi @Roger
>>
>> I downloaded 1.4 branch.
>>
>> the server.crt and server.key are signed by all-ca.crt.
>> and client-
>> side.
>>
>>
>> But how should I configure to the mosquitto broker ? i did this
>> configuration on my local mosquitto broker;
>> -------
>> bind_address 0.0.0.0
>> port 1883
>> max_connections -1
>> cafile /home/emin/
>> capath /home/emin/
>> certfile /home/emin/
>> keyfile /home/emin/
>> require_certificate true
>> persistence true
>> persistence_
>> log_dest syslog
>> -------
>>
>> However I notice that under the below folder
>> ~/test/lib/cpp$
>>
>> "08-ssl-
>> localhost broker at all. I could not see any request on logs ?
>>
>> What should you suggest ?
>>
>> BRs.
>>
>> --
>> You received this question notification because you are a member of
>> Mosquitto PPA, which is an answer contact for mosquitto.
>>
>
> --
> You received this question notification because you are a member of
> Mosquitto PPA, which is an answer contact for mosquitto.
Revision history for this message
|
#13 |
Hi @Roger
make test gave success on 1.4 branch.
Revision history for this message
|
#14 |
But I manually want to test "08-ssl-
then i start mosquitto broker(mosquitto -c 08-ssl-
using "08-ssl-
Firstly is this true conf file for that ?
Because client site returns
1401176525: Client connection from 127.0.0.1 failed: error:140760FC:SSL routines:
Revision history for this message
|
#15 |
Interesting thing is that;
although 08-ssl-
1401178373: New connection from 127.0.0.1 on port 1888.
1401178373: OpenSSL Error: error:140780E5:SSL routines:
1401178373: Socket error on client (null), disconnecting.
mosquitto pub/sub are working with this broker and below certificates. (mosquitto -c 08-ssl-
here is my config.
./mosquitto_sub -h localhost -p 1888 -t "SERVICE_TOPIC" --cafile /home/emin/
key phrase for client-
Revision history for this message
|
#16 |
oh I found the issue. Thats my bad. :(
I execute 08-ssl-
I checked this code. It was trying to read "../ssl/" but i recognize that it should be ."./../ssl"
so then i changed and set exact path for certs and recompiled. with below line.
mosq->tls_
08-ssl-
now i will investigate my code deeply. There is something wrong that im doing now.
Thank you very much guys @Roger @ZoeSu
BRs
-Emin
Revision history for this message
|
#17 |
@guys
I have found the source oft the problem.
It wass about "libssl.so.1.0.0 => /lib/x86_
In my application i was compiled my program as a statically. Now I disabled "ssl.a"
then My client working fine. I think there is a problem on statistically compiled ssl library on ubuntu 12.04 LTE.
Finally i also want to integrate my client to ActiveMQ mqtt broker with SSL support
Do you have any suggestion @guys ? I have some problems about certificates.
here is the link of my question: https:/
Thanks in advance.
My Best Regards
-Emin