mosquitto-users team mailing list archive

[Sharon Ben-Asher <Sharon.Ben-Asher@xxxxxxx>]

Hi Roger,

My tests for today:

1) set use_identity_as_username to false
Invoked
mosquitto_sub -v -p 1883 --cafile etc/ca.crt -t \$SYS/#
successfully.

2) set require_certificate and use_identity_as_username to true
Invoked
mosquitto_sub -v -p 1883 --cafile etc/ca.crt -t \$SYS/#
got "Unable to connect (8)" and server produced 
OpenSSL Error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
I guess this is as expected.

3) Invoked
mosquitto_sub -v -p 1883 --cafile etc/ca.crt --cert etc/client.crt --key etc/client.key -t \$SYS/#
at the prompt, entered PEM passphrase
got " Error: Protocol error" and server produced
OpenSSL Error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

This is NOT as expected...

Sharon 

-----Original Message-----
From: mosquitto-users-bounces+sharon.ben-asher=avg.com@xxxxxxxxxxxxxxxxxxx [mailto:mosquitto-users-bounces+sharon.ben-asher=avg.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Roger Light
Sent: Monday, October 22, 2012 2:34 PM
To: mosquitto-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Mosquitto-users] SSL connection from Java client to mosquitto broker: "no certificate returned"

Hi Sharon,

> The mosquito process is gone !

You've discovered a hole in my tests! This crash is down to mosquitto assuming that clients do actually pass a certificate when use_identity_as_username is set to true and that isn't necessarily the case. I've pushed a fix in this changeset:
https://bitbucket.org/oojah/mosquitto/changeset/04fc71f0d19c15a88338977dddaa2666c38de322

Setting use_identity_as_username to false is a quick workaround when working with 1.0.4 or previous versions.

Cheers,

Roger

--
Mailing list: https://launchpad.net/~mosquitto-users
Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~mosquitto-users
More help   : https://help.launchpad.net/ListHelp