Facing Error while using TLS with mosquitto

守給你的承諾、 提交于 2019-12-13 02:50:21

问题


I am trying to use TLS for communicating over mqtt. I have ubuntu installed in my system. For using TLS, I have created certificates using the below link:

http://www.embedded101.com/Blogs/PaoloPatierno/entryid/366/mqtt-over-ssl-tls-with-the-m2mqtt-library-and-the-mosquitto-broker

I am able to create certificates. But when I give value to bind_address property in the mosquitto_m2mqtt.conf file and start mosquitto using the command mosquitto -c mosquitto_m2mqtt.conf, I get error as given in the subject of the question; i.e., Error: cannot assign requested address. Please let me know how to resolve this.

Below is the content of config file:

port 8883
bind_address iothdp02
cafile /etc/mosquitto/m2mqtt_ca.crt
certfile /etc/mosquitto/m2mqtt_srv.crt
keyfile /etc/mosquitto/m2mqtt_srv.key
tls_version tlsv1

When I run the command mosquitto -c mosquitto_m2mqtt.conf -v, I am getting as error as:

1551089294: mosquitto version 1.4.8 (build date 2016-09-21 11:21:45+0530) starting
1551089294: Config loaded from mosquitto_m2mqtt.conf.
1551089294: Opening ipv4 listen socket on port 8883.
1551089294: Error: Cannot assign requested address

Edit 1:

I have removed bind_address from config file and starting mosquitto with the new config file with 'mosquitto -c mosquitto_m2mqtt.conf -v'. Mosquitto starts, but when I run mosquitto_sub command, I am getting error as below:

mosquitto -c mosquitto_m2mqtt.conf -v 1551172930: mosquitto version 1.4.8 (build date 2016-09-21 11:21:45+0530) starting 1551172930: Config loaded from mosquitto_m2mqtt.conf. 1551172930: Opening ipv4 listen socket on port 8883. 1551172930: Opening ipv6 listen socket on port 8883. Enter PEM pass phrase: 1551172960: New connection from 127.0.0.1 on port 8883. 1551172960: OpenSSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown 1551172960: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure 1551172960: Socket error on client <unknown>, disconnecting.

In the window that I am subscribing, I am getting error as below:

mosquitto_sub -p 8883 -q 1 -t sensor/temp --cafile /etc/mosquitto/m2mqtt_srv.crt --tls-version tlsv1 -d Unable to connect (A TLS error occurred.).


回答1:


If you pass a hostname to the bind_address argument it must resolve to a valid IP address, this is not necessarily the same as the output from hostname.

This has nothing to do with the TLS/certificate setup it is purely how mosquitto identifies which address to bind to.

You have a few choices on how to fix this:

  1. remove the bind_address line, this will cause mosquitto to listen on all available addresses
  2. ensure that what ever you use in the bind_address field resolves to an IP address bound to an interface on the machine the broker is running. This might mean using the fully qualified domain name (you probably should have used that in the broker's certificate CN as well)
  3. replace the hostname with the ip address for the interface you want mosquitto to listen on.


来源:https://stackoverflow.com/questions/54863408/facing-error-while-using-tls-with-mosquitto

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!