mosquitto-users team mailing list archive

[Sharon Ben-Asher <Sharon.Ben-Asher@xxxxxxx>]

Roger,

These are the tests I did today

1) configured the mosquitto broker with the certs from the test/ssl directory.
Run the mosquito_sub with the client certs from the test/ssl directory - successfully.
Run my client Java program with the client certs from the test/ssl directory - successfully!
At last I know my code works correctly!
Would like me to post it somewhere for posterity?

2) generated a new set of certs without encryption. 
mosquito_sub fails to connect with these certs.
I attach all the certs used.

3) I cannot build the mosquito test project. It requires c compiler which is not installed.

Sharon 

-----Original Message-----
From: Sharon Ben-Asher 
Sent: Tuesday, October 23, 2012 6:05 PM
To: mosquitto-users@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Mosquitto-users] SSL connection from Java client to mosquitto broker: "no certificate returned"

Roger,

There seem to be network problems in AWS.  So far I managed to get the following info:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.1 LTS
Release:        12.04
Codename:       precise

$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Tue Aug 21 05:18:48 UTC 2012
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"


-----Original Message-----
From: mosquitto-users-bounces+sharon.ben-asher=avg.com@xxxxxxxxxxxxxxxxxxx [mailto:mosquitto-users-bounces+sharon.ben-asher=avg.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Roger Light
Sent: Tuesday, October 23, 2012 5:00 PM
To: mosquitto-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Mosquitto-users] SSL connection from Java client to mosquitto broker: "no certificate returned"

Hi Sharon,

> 3) Invoked
> mosquitto_sub -v -p 1883 --cafile etc/ca.crt --cert etc/client.crt 
> --key etc/client.key -t \$SYS/# at the prompt, entered PEM passphrase 
> got " Error: Protocol error" and server produced OpenSSL Error:
> error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate 
> returned
>
> This is NOT as expected...

Agreed! Could you please let me know some details of the system you are running on? Distro version and openssl version would be the best if you have them.

If you run "make test" in the mosquitto source directory does it complete successfully? It needs Python 2.7 to run the SSL tests (Python 2.6 SSL support is poor) and also runs Python client tests with Python 3.x. If you don't have Python 3.x installed, it will fail at this point although they are the last set of tests to run.

If the above tests work, could you try re-running your scenario above, but using the certificate and key files from the test/ssl/ directory?
Use test-ca.crt as the CA certificate, server.crt and server.key for the server and client.crt and client.key for the mosquitto_sub client.

Cheers,

Roger

--
Mailing list: https://launchpad.net/~mosquitto-users
Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~mosquitto-users
More help   : https://help.launchpad.net/ListHelp

Attachment: ca.crt
Description: ca.crt

Attachment: ca.key
Description: ca.key

Attachment: ca.srl
Description: ca.srl

Attachment: client.crt
Description: client.crt

Attachment: client.key
Description: client.key

Attachment: server.crt
Description: server.crt

Attachment: server.key
Description: server.key