mosquitto-users team mailing list archive

[ನಾಗೇಶ್ ಸುಬ್ರಹ್ಮಣ್ಯ (Nagesh S) <nageshblore@xxxxxxxxx>]

Hi,
With s_client in OpenSSL, I am able to connect successfully. When I use the
same parameters with mosquitto_pub, I get the SSL3_GET_SERVER_CERTIFICATE
error. What am I missing ?

s_client -host a.mqtt.broker -port 16105 -CAfile
/home/user/trusted-CA/serverCA.crt -cert /home/user/certs/client01.pem -key
/home/user/certs/client01Key.pem
OpenSSL> s_client -host a.mqtt.broker -port 16105 -CAfile
/home/user/trusted-CA/serverCA.crt -cert /home/user/certs/client01.pem -key
/home/user/certs/client01Key.pem
Enter pass phrase for /home/user/certs/client01Key.pem:
CONNECTED(00000003)
depth=1 C = YY, ST = YY, L = FooBar Land, O = FooBar Ltd, OU = FooBar
Security, CN = FooBar CA
verify return:1
depth=0 C = AB, ST = AB, L = FooBar Land, O = FooBar Ltd, OU = FooBar
Security, CN = mqttBroker
verify return:1
---
Certificate chain
 0 s:/C=AB/ST=AB/L=FooBar Land/O=FooBar Ltd/OU=FooBar Security/CN=mqttBroker
   i:/C=YY/ST=YY/L=FooBar Land/O=FooBar Ltd/OU=FooBar Security/CN=FooBar CA
 1 s:/C=YY/ST=YY/L=FooBar Land/O=FooBar Ltd/OU=FooBar Security/CN=FooBar CA
   i:/C=YY/ST=YY/L=FooBar Land/O=FooBar Ltd/OU=FooBar Security/CN=FooBar CA
---

user@host:~$ mosquitto_pub -d -h a.mqtt.broker -p 16105 -i CLIENT01
--cafile /home/user/trusted-CA/serverCA.crt --cert
/home/user/certs/client01.pem --key /home/user/certs/client01Key.pem -t
/a/b/c -l
Enter PEM pass phrase:
Client CLIENT01 sending CONNECT
OpenSSL Error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

N