问题
I am trying to connect with mosquitto broker using m2mqtt c# client version 4.3.0 library via SSL/TLS. Below is the code I have tried
static void Main(string[] args)
{
// create client instance
MqttClient client = new MqttClient(IPAddress.Parse("127.0.0.1"), 8883, true,
new X509Certificate2("C:\\Users\\hp\\Desktop\\certificate\\ca.crt"),
new X509Certificate2("C:\\Users\\hp\\Desktop\\certificate\\client.crt"),
MqttSslProtocols.TLSv1_2);
// register to message received
client.MqttMsgPublishReceived += client_MqttMsgPublishReceived;
string clientId = "pahoSubscriber2";
client.Connect(clientId);
// subscribe to the topic "hello" with QoS 0
client.Subscribe(new string[] { "hello" }, new byte[] { MqttMsgBase.QOS_LEVEL_AT_MOST_ONCE });
}
static void client_MqttMsgPublishReceived(object sender, MqttMsgPublishEventArgs e)
{
// handle message received
Console.WriteLine(e.Message);
}
but I am getting the exception
A call to SSPI failed, see inner exception.
and the inner exception says
the message received was unexpected or badly formatted
For information I can successfully connect with broker without SSL/TLS. Also using Paho Java client via both with or without SSL/TLS I can connect with the broker. This exception is happen only when I am trying to connect using m2mqtt C# client library via SSL/TLS. Any help or sample implementation will be appriciated.
回答1:
Finally found the solution. To use SSL certificate inside Dot.Net framework we need to provide both certificate and its corresponding private key together. To achieve this we need to use p12(.pfx) file which combined this two. In my project, I have used self-signed certificate using OpenSSL so I used below command to combine certificate and private key
pkcs12 -export -out ca.pfx -inkey ca.key -in ca.crt
pkcs12 -export -out client.pfx -inkey client.key -in client.crt
which will create p12(.pfx) file for each certificate. Then I have used them into my code like below
static void Main(string[] args)
{
// create client instance
MqttClient client = new MqttClient(IPAddress.Parse("127.0.0.1"), 8883, true,
new X509Certificate2("C:\\Users\\hp\\Desktop\\certificate\\ca.pfx"),
new X509Certificate2("C:\\Users\\hp\\Desktop\\certificate\\client.pfx"),
MqttSslProtocols.TLSv1_2);
// register to message received
client.MqttMsgPublishReceived += client_MqttMsgPublishReceived;
string clientId = "pahoSubscriber2";
client.Connect(clientId);
// subscribe to the topic "hello" with QoS 0
client.Subscribe(new string[] { "hello" }, new byte[] { MqttMsgBase.QOS_LEVEL_AT_MOST_ONCE });
}
static void client_MqttMsgPublishReceived(object sender, MqttMsgPublishEventArgs e)
{
// handle message received
Console.WriteLine(e.Message);
}
回答2:
As what I experienced key point was installing certificate in local machine as root certificate! If 'ca.crt' file installed you can you use null value for your both argument => caCert , clientCert. this link helped me after afew hours of confusing!
static void Main(string[] args){
// create client instance
MqttClient client = new MqttClient(IPAddress.Parse("127.0.0.1"), 8883, true, null, null, MqttSslProtocols.TLSv1_2);
// register to message received
client.MqttMsgPublishReceived += client_MqttMsgPublishReceived;
string clientId = "pahoSubscriber2";
client.Connect(clientId);
// subscribe to the topic "hello" with QoS 0
client.Subscribe(new string[] { "hello" }, new byte[] { MqttMsgBase.QOS_LEVEL_AT_MOST_ONCE });
}
static void client_MqttMsgPublishReceived(object sender, MqttMsgPublishEventArgs e)
{
// handle message received
Console.WriteLine(e.Message);
}
来源:https://stackoverflow.com/questions/43993106/a-call-to-sspi-failed-see-inner-exception-paho-m2mqtt-dot-netc-client-ssl-tl