Roger, These are the tests I did today
1) configured the mosquitto broker with the certs from the test/ssl directory. Run the mosquito_sub with the client certs from the test/ssl directory - successfully. Run my client Java program with the client certs from the test/ssl directory - successfully! At last I know my code works correctly! Would like me to post it somewhere for posterity? 2) generated a new set of certs without encryption. mosquito_sub fails to connect with these certs. I attach all the certs used. 3) I cannot build the mosquito test project. It requires c compiler which is not installed. Sharon -----Original Message----- From: Sharon Ben-Asher Sent: Tuesday, October 23, 2012 6:05 PM To: mosquitto-users@lists.launchpad.net Subject: RE: [Mosquitto-users] SSL connection from Java client to mosquitto broker: "no certificate returned" Roger, There seem to be network problems in AWS. So far I managed to get the following info: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.1 LTS Release: 12.04 Codename: precise $ openssl version -a OpenSSL 1.0.1 14 Mar 2012 built on: Tue Aug 21 05:18:48 UTC 2012 platform: debian-amd64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/usr/lib/ssl" -----Original Message----- From: mosquitto-users-bounces+sharon.ben-asher=avg....@lists.launchpad.net [mailto:mosquitto-users-bounces+sharon.ben-asher=avg....@lists.launchpad.net] On Behalf Of Roger Light Sent: Tuesday, October 23, 2012 5:00 PM To: mosquitto-users@lists.launchpad.net Subject: Re: [Mosquitto-users] SSL connection from Java client to mosquitto broker: "no certificate returned" Hi Sharon, > 3) Invoked > mosquitto_sub -v -p 1883 --cafile etc/ca.crt --cert etc/client.crt > --key etc/client.key -t \$SYS/# at the prompt, entered PEM passphrase > got " Error: Protocol error" and server produced OpenSSL Error: > error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate > returned > > This is NOT as expected... Agreed! Could you please let me know some details of the system you are running on? Distro version and openssl version would be the best if you have them. If you run "make test" in the mosquitto source directory does it complete successfully? It needs Python 2.7 to run the SSL tests (Python 2.6 SSL support is poor) and also runs Python client tests with Python 3.x. If you don't have Python 3.x installed, it will fail at this point although they are the last set of tests to run. If the above tests work, could you try re-running your scenario above, but using the certificate and key files from the test/ssl/ directory? Use test-ca.crt as the CA certificate, server.crt and server.key for the server and client.crt and client.key for the mosquitto_sub client. Cheers, Roger -- Mailing list: https://launchpad.net/~mosquitto-users Post to : mosquitto-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~mosquitto-users More help : https://help.launchpad.net/ListHelp
ca.crt
Description: ca.crt
ca.key
Description: ca.key
ca.srl
Description: ca.srl
client.crt
Description: client.crt
client.key
Description: client.key
server.crt
Description: server.crt
server.key
Description: server.key
-- Mailing list: https://launchpad.net/~mosquitto-users Post to : mosquitto-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~mosquitto-users More help : https://help.launchpad.net/ListHelp
