← Back to team overview

mosquitto-users team mailing list archive

Re: SSL connection from Java client to mosquitto broker: "no certificate returned"

 

Roger,

There seem to be network problems in AWS.  So far I managed to get the following info:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.1 LTS
Release:        12.04
Codename:       precise

$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Tue Aug 21 05:18:48 UTC 2012
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"


-----Original Message-----
From: mosquitto-users-bounces+sharon.ben-asher=avg.com@xxxxxxxxxxxxxxxxxxx [mailto:mosquitto-users-bounces+sharon.ben-asher=avg.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Roger Light
Sent: Tuesday, October 23, 2012 5:00 PM
To: mosquitto-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Mosquitto-users] SSL connection from Java client to mosquitto broker: "no certificate returned"

Hi Sharon,

> 3) Invoked
> mosquitto_sub -v -p 1883 --cafile etc/ca.crt --cert etc/client.crt 
> --key etc/client.key -t \$SYS/# at the prompt, entered PEM passphrase 
> got " Error: Protocol error" and server produced OpenSSL Error: 
> error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate 
> returned
>
> This is NOT as expected...

Agreed! Could you please let me know some details of the system you are running on? Distro version and openssl version would be the best if you have them.

If you run "make test" in the mosquitto source directory does it complete successfully? It needs Python 2.7 to run the SSL tests (Python 2.6 SSL support is poor) and also runs Python client tests with Python 3.x. If you don't have Python 3.x installed, it will fail at this point although they are the last set of tests to run.

If the above tests work, could you try re-running your scenario above, but using the certificate and key files from the test/ssl/ directory?
Use test-ca.crt as the CA certificate, server.crt and server.key for the server and client.crt and client.key for the mosquitto_sub client.

Cheers,

Roger

--
Mailing list: https://launchpad.net/~mosquitto-users
Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~mosquitto-users
More help   : https://help.launchpad.net/ListHelp


References