Connecting Mosquitto to the new Azure MQTT backend

假装没事ソ 提交于 2019-12-11 11:06:39

问题


Recently Microsoft Azure has added a MQTT backend to its' services. This service uses TLS do encrypt its traffic. I can't connect between Mosquitto and the Microsoft Azure Cloud.

I downloaded the server certificate with

echo -n | openssl s_client -connect mytarget.azure-devices.net:8883 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/test.cert

And then tried to connect with mosquitto_sub

mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t devices/Device1/messages/events -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=snip&sig=snip&skn=snip"  --cafile /tmp/test.pem --insecure

However, the connection is never built. Mosquitto outputs:

Client Device1 sending CONNECT Error: A TLS error occurred.

I have previously successfully connected mosquitto over ssl to the Amazon cloud (although I got a certificate and Private Key for that). So I tried with adding client certificate/key, which I got from AWS, hopingg the error is that mosquitto does need those files too.

mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t devices/Device1/messages/events -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=snip&sig=snip&skn=snip"  --cafile /tmp/test.pem --cert certificate.pem.crt --key -private.pem.key --insecure --insecure

However, this didn't help and didn't change the error message.

I then looked in to the mosquitto code at github and found that the error is probably caused on this line by SSL_connect, which seems to be a openssl function.

Has anybody made mosquitto connect to the Microsoft Azure cloud or has any pointers where to look next?

edit:

I seem to be able to publish by tunneling the SSL over socat:

socat openssl-connect:mytarget.azure-dices.net:8883,verify=0 tcp-l:8884,reuseaddr,fork

And then connection on mosquitto to -h localhost instead of azure gets me:

Client Device1 sending CONNECT
Client Device1 received CONNACK
Client Device1 sending PUBLISH (d0, q0, r0, m1, 'devices/Device1/messages/events', ... (4 bytes))
Client Device1 sending DISCONNECT

It might be that something from the Azure Host is throwing of mosquitto. Subscribing like this with mosquitto also works.

The problem with this approach is that the ssl-connection seems to be destroyed after the first (few) packet(s) and socat subsequentally complains with

E SSL_write(): Broken pipe

回答1:


For anyone else searching for this. We finally managed to get it working with mosquitto_sub/pub:

mosquitto_sub -h mytarget.azure-devices.net -p 8883 -t "devices/Device1/messages/devicebound/#" -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=mytarget.azure-devices.net&sig=snip&skn=snip" --capath /etc/ssl/certs/ --tls-version tlsv1 -d -V mqttv311 -q 1

and for publishing:

mosquitto_pub -h mytarget.azure-devices.net -p 8883 -t "devices/Device1/messages/events/" -i Device2 -u "mytarget.azure-devices.net/Device2" -P "SharedAccessSignature sr=bbvgathering.azure-devices.net&sig=snip&se=snip&skn=snip" --capath /etc/ssl/certs/ --tls-version tlsv1 -d -V mqttv311 -q 1 -m "{\"key\": \"value\"}"

Important You have to send JSON-Data, everything else will get rejected (at least on our setup)!

Note Be adviced that you (seemingly) can't directly send from one device to the other. As this is contra the Cloud way. You'll have to configure a Connection in the cloud



来源:https://stackoverflow.com/questions/35863841/connecting-mosquitto-to-the-new-azure-mqtt-backend

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!