问题
Recently Microsoft Azure has added a MQTT backend to its' services. This service uses TLS do encrypt its traffic. I can't connect between Mosquitto and the Microsoft Azure Cloud.
I downloaded the server certificate with
echo -n | openssl s_client -connect mytarget.azure-devices.net:8883 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/test.cert
And then tried to connect with mosquitto_sub
mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t devices/Device1/messages/events -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=snip&sig=snip&skn=snip" --cafile /tmp/test.pem --insecure
However, the connection is never built. Mosquitto outputs:
Client Device1 sending CONNECT Error: A TLS error occurred.
I have previously successfully connected mosquitto over ssl to the Amazon cloud (although I got a certificate and Private Key for that). So I tried with adding client certificate/key, which I got from AWS, hopingg the error is that mosquitto does need those files too.
mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t devices/Device1/messages/events -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=snip&sig=snip&skn=snip" --cafile /tmp/test.pem --cert certificate.pem.crt --key -private.pem.key --insecure --insecure
However, this didn't help and didn't change the error message.
I then looked in to the mosquitto code at github and found that the error is probably caused on this line by SSL_connect, which seems to be a openssl function.
Has anybody made mosquitto connect to the Microsoft Azure cloud or has any pointers where to look next?
edit:
I seem to be able to publish by tunneling the SSL over socat:
socat openssl-connect:mytarget.azure-dices.net:8883,verify=0 tcp-l:8884,reuseaddr,fork
And then connection on mosquitto to -h localhost instead of azure gets me:
Client Device1 sending CONNECT
Client Device1 received CONNACK
Client Device1 sending PUBLISH (d0, q0, r0, m1, 'devices/Device1/messages/events', ... (4 bytes))
Client Device1 sending DISCONNECT
It might be that something from the Azure Host is throwing of mosquitto. Subscribing like this with mosquitto also works.
The problem with this approach is that the ssl-connection seems to be destroyed after the first (few) packet(s) and socat subsequentally complains with
E SSL_write(): Broken pipe
回答1:
For anyone else searching for this. We finally managed to get it working with mosquitto_sub/pub:
mosquitto_sub -h mytarget.azure-devices.net -p 8883 -t "devices/Device1/messages/devicebound/#" -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=mytarget.azure-devices.net&sig=snip&skn=snip" --capath /etc/ssl/certs/ --tls-version tlsv1 -d -V mqttv311 -q 1
and for publishing:
mosquitto_pub -h mytarget.azure-devices.net -p 8883 -t "devices/Device1/messages/events/" -i Device2 -u "mytarget.azure-devices.net/Device2" -P "SharedAccessSignature sr=bbvgathering.azure-devices.net&sig=snip&se=snip&skn=snip" --capath /etc/ssl/certs/ --tls-version tlsv1 -d -V mqttv311 -q 1 -m "{\"key\": \"value\"}"
Important You have to send JSON-Data, everything else will get rejected (at least on our setup)!
Note Be adviced that you (seemingly) can't directly send from one device to the other. As this is contra the Cloud way. You'll have to configure a Connection in the cloud
来源:https://stackoverflow.com/questions/35863841/connecting-mosquitto-to-the-new-azure-mqtt-backend