After upgrade to fix OpenSSL vulnerability websockets have stopped working

[AdamMiltonBarker]

After upgrading to the latest OpenSSL version to fix the recent security vulnerability, I get the following:

[FAILED] Starting Mosquitto MQTT brokerError: Websockets support not available. Error found at /etc/mosquitto/conf.d/mosquitto.conf:42. Error found at /etc/mosquitto/mosquitto.conf:10. Error: Unable to open configuration file.

I have rebuilt Mosquitto 1.4.8 and still the same message despite rebuilding with Websockets = yes. It was previously working before upgrade to latest OpenSSL and was definitely functioning correctly.

Anyone experienced this or know how to get around ? TIA

[johnjore]

This is probably of no help, but I have WebSocket working on 1.4.9 and:

OpenSSL 1.0.1t 3 May 2016

I do have a problem when WebSocket is NOT enabled... Ticket 194.

JJ

[AdamMiltonBarker]

Hi websockcets should be enabled, they were before the upgrade and I have rebuilt again with websockets enabled. They were working before upgrade of OpenSSL

[ralight]

Hi Adam,

The only way you can get the Error: Websockets support not available. message is if websockets support isn't compiled in. You could confirm this another way by running ldd /path/to/mosquitto and looking for presence or absence of a libwebsockets line.

To avoid any doubt, to compile with websockets support do exactly:

make WITH_WEBSOCKETS=yes

Could you try recompiling?

[AdamMiltonBarker]

Hi I understand but in this case this is scenario:

A. Websockets was available and functioning I have made public examples of this, it was 100% working.

B. After upgrading to the latest OpenSSL it failed to work.

C. I have recompiled as mentioned above.

[AdamMiltonBarker]

Can you give me a bit more info on ldd /path/to/mosquitto

As mentioned though I rebuilt twice today and also a few days ago and last week or so when the issue first occurred. Something when upgrading to the latest OpenSSL has messed something up. This is on CentOS

[AdamMiltonBarker]

Here is the video to prove it was working before the upgrade:

https://www.youtube.com/watch?v=H4ZTnab7nSY

[AdamMiltonBarker]

set -e; for d in lib client src; do make -C ${d}; done make[1]: Entering directory/home/###/mosquitto-1.4.8/lib'
make -C cpp
make[2]: Entering directory /home/###/mosquitto-1.4.8/lib/cpp' make[2]: Nothing to be done forall'.
make[2]: Leaving directory /home/###/mosquitto-1.4.8/lib/cpp' make[1]: Leaving directory/home/###/mosquitto-1.4.8/lib'
make[1]: Entering directory /home/###/mosquitto-1.4.8/client' make[1]: Nothing to be done forall'.
make[1]: Leaving directory /home/###/mosquitto-1.4.8/client' make[1]: Entering directory/home/##/mosquitto-1.4.8/src'
make[1]: Nothing to be done for all'. make[1]: Leaving directory/home/###/mosquitto-1.4.8/src'
set -e; for d in man; do make -C ${d}; done
make[1]: Entering directory /home/dcrwslz/mosquitto-1.4.8/man' make[1]: Nothing to be done forall'.
make[1]: Leaving directory /home/dcrwslz/mosquitto-1.4.8/man'

The config.mk had the option set to yes in the first place and I have "make install"ed a few times today, nothing has changed

[AdamMiltonBarker]

sudo make install [sudo] password for ####: set -e; for d in lib client src; do make -C ${d}; done make[1]: Entering directory/home/####/mosquitto-1.4.8/lib'
make -C cpp
make[2]: Entering directory /home/####/mosquitto-1.4.8/lib/cpp' make[2]: Nothing to be done forall'.
make[2]: Leaving directory /home/####/mosquitto-1.4.8/lib/cpp' make[1]: Leaving directory/home/####/mosquitto-1.4.8/lib'
make[1]: Entering directory /home/####/mosquitto-1.4.8/client' make[1]: Nothing to be done forall'.
make[1]: Leaving directory /home/####/mosquitto-1.4.8/client' make[1]: Entering directory/home/####/mosquitto-1.4.8/src'
make[1]: Nothing to be done for all'. make[1]: Leaving directory/home/####/mosquitto-1.4.8/src'
set -e; for d in lib client src; do make -C ${d} install; done
make[1]: Entering directory /home/####/mosquitto-1.4.8/lib' make -C cpp make[2]: Entering directory/home/####/mosquitto-1.4.8/lib/cpp'
make[2]: Nothing to be done for all'. make[2]: Leaving directory/home/####/mosquitto-1.4.8/lib/cpp'
install -d /usr/local/lib/
install -s --strip-program=strip libmosquitto.so.1 /usr/local/lib/libmosquitto.so.1
ln -sf libmosquitto.so.1 /usr/local/lib/libmosquitto.so
install -d /usr/local/include/
install mosquitto.h /usr/local/include/mosquitto.h
make -C cpp install
make[2]: Entering directory /home/####/mosquitto-1.4.8/lib/cpp' install -d /usr/local/lib/ install -s --strip-program=strip libmosquittopp.so.1 /usr/local/lib/libmosquittopp.so.1 ln -sf libmosquittopp.so.1 /usr/local/lib/libmosquittopp.so install -d /usr/local/include/ install mosquittopp.h /usr/local/include/mosquittopp.h make[2]: Leaving directory/home/####/mosquitto-1.4.8/lib/cpp'
make[1]: Leaving directory /home/####/mosquitto-1.4.8/lib' make[1]: Entering directory/home/####/mosquitto-1.4.8/client'
install -d /usr/local/bin
install -s --strip-program=strip mosquitto_pub /usr/local/bin/mosquitto_pub
install -s --strip-program=strip mosquitto_sub /usr/local/bin/mosquitto_sub
make[1]: Leaving directory /home/####/mosquitto-1.4.8/client' make[1]: Entering directory/home/####/mosquitto-1.4.8/src'
install -d /usr/local/sbin
install -s --strip-program=strip mosquitto /usr/local/sbin/mosquitto
install mosquitto_plugin.h /usr/local/include/mosquitto_plugin.h
install -s --strip-program=strip mosquitto_passwd /usr/local/bin/mosquitto_passwd
make[1]: Leaving directory /home/####/mosquitto-1.4.8/src' set -e; for d in man; do make -C ${d} install; done make[1]: Entering directory/home/####/mosquitto-1.4.8/man'
install -d /usr/local/share/man/man8
install -m 644 mosquitto.8 /usr/local/share/man/man8/mosquitto.8
install -d /usr/local/share/man/man5
install -m 644 mosquitto.conf.5 /usr/local/share/man/man5/mosquitto.conf.5
install -d /usr/local/share/man/man1
install -m 644 mosquitto_passwd.1 /usr/local/share/man/man1/mosquitto_passwd.1
install -m 644 mosquitto_pub.1 /usr/local/share/man/man1/mosquitto_pub.1
install -m 644 mosquitto_sub.1 /usr/local/share/man/man1/mosquitto_sub.1
install -d /usr/local/share/man/man7
install -m 644 mqtt.7 /usr/local/share/man/man7/mqtt.7
install -m 644 mosquitto-tls.7 /usr/local/share/man/man7/mosquitto-tls.7
install -d /usr/local/share/man/man3
install -m 644 libmosquitto.3 /usr/local/share/man/man3/libmosquitto.3
make[1]: Leaving directory /home/####/mosquitto-1.4.8/man' install -d /etc/mosquitto install -m 644 mosquitto.conf /etc/mosquitto/mosquitto.conf.example install -m 644 aclfile.example /etc/mosquitto/aclfile.example install -m 644 pwfile.example /etc/mosquitto/pwfile.example install -m 644 pskfile.example /etc/mosquitto/pskfile.example

sudo service mosquitto restart Shutting down Mosquitto MQTT broker [ OK ] Starting Mosquitto MQTT brokerError: Websockets support not available. Error found at /etc/mosquitto/conf.d/mosquitto.conf:42. Error found at /etc/mosquitto/mosquitto.conf:10. Error: Unable to open configuration file. [FAILED]

[ralight]

I believe you that it was working beforehand. As to why it failed when you upgraded openssl I can't say. This is the relevant code though:

#ifdef WITH_WEBSOCKETS
    cur_listener->protocol = mp_websockets;
    config->have_websockets_listener = true;
#else
    _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Websockets support not available.");
    return MOSQ_ERR_INVAL;
#endif

If you're getting that message then websockets support isn't compiled in.

I've recorded an asciicast of me compiling with websockets support: https://asciinema.org/a/d2v33b1722xukttxnlkyyhpu1

One thought - maybe try running make clean first.

[AdamMiltonBarker]

Still no, make clean, make, make install...

sudo service mosquitto restart
Shutting down Mosquitto MQTT broker [ OK ]
Starting Mosquitto MQTT brokerError: Websockets support not available.
Error found at /etc/mosquitto/conf.d/mosquitto.conf:42.
Error found at /etc/mosquitto/mosquitto.conf:10.
Error: Unable to open configuration file.
[FAILED]

[AdamMiltonBarker]

Whatever way it is done it is not rebuilding with Websockets but the question more why has it gone in the first place.

[AdamMiltonBarker]

I am getting this following your example:

websockets.c:106: warning: initialization makes integer from pointer without a cast
websockets.c:119: warning: initialization makes integer from pointer without a cast
websockets.c:132: warning: initialization makes integer from pointer without a cast
websockets.c:144: warning: initialization makes integer from pointer without a cast1]: Leaving directory /home/###/mosquitto-1.4.9/src'

[ralight]

Right, that's progress - it's definitely trying to compile websockets support in now. What version of libwebsockets are you using? Version 2.x isn't supported in current releases.

[AdamMiltonBarker]

1.4 as far as I can remember one of the guys from the websockets github helped me install it last time as was having weird issues with GCC one sec will find the link.

[AdamMiltonBarker]

v1.4-chrome43-firefox-36

warmcat/libwebsockets#493

[AdamMiltonBarker]

Getting the error message about initialization when trying to rebuild with 1.4.8 as well and that was 100% working with the version I had.

[ralight]

Ok, the initialisation warning shouldn't be important then - does it work now?

[AdamMiltonBarker]

No nothing has changed

[ralight]

So just to be clear, you've recompiled and got warnings when the web
sockets code was being compiled, then you run the newly compiled binary and
were told that websockets support wasn't available?
On 29 Jun 2016 1:10 p.m., "AdamMiltonBarker" [email protected]
wrote:

No nothing has changed

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#195 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAE22udrJfDMG9Tp7cEPw6xXdp3pA3wCks5qQmCQgaJpZM4I_Owi
.

[AdamMiltonBarker]

Yes mate every time this was the issue that brought me here.

[AdamMiltonBarker]

#195 (comment)

[ralight]

I'm not trying to be awkward, but the only way what you are describing (compiled from a clean source tree using make WITH_WEBSOCKETS=yes, seeing warnings when compiling src/websockets.c and still seeing Error: Websockets support not available.) is if you have modified the source in some way.

If you are successfully compiling with WITH_WEBSOCKETS=yes (as can be seen by the warnings compiling src/websockets.c) then it is impossible to see the error about websockets support not being available.

I imagine that this is probably down to something like you having old version of mosquitto kicking around somewhere that is getting picked up instead of the version you've newly compiled.

Could you try and reproduce my asciicast exactly - that is to say run the executable from the directory not installing it. If you could produce your own asciicast as well that would be even better.

[AdamMiltonBarker]

The setup has authplugin that is the only difference. This is in live environment and I am reluctant to start installing new versions, I need to know why it suddenly stopped. My interest is not in installing new versions, my interest is in how to get the existing setup functioning again.

Re your asciicast what is wf.conf ? Does this mean that 1.4.9 is totally different to 1.4.8 ? Have never seen that before and again I need to fix the existing setup not replace it with a new one and have to start again, sorry not being a pain, but there is no time to reset up the entire system

[AdamMiltonBarker]

Incidently when I did try and recompile none of the files in /etc/mosquitto were changed all the authplugin and mosquitto.conf was still the same, not sure if this is any relevance.

[ralight]

ws.conf is a config file that just contains

listener 1888
protocol websockets

This means there is nothing else to get in the way.
On 29 Jun 2016 3:33 p.m., "AdamMiltonBarker" [email protected]
wrote:

Re your asciicast what is wf.conf ? Does this mean that 1.4.9 is totally
different to 1.4.8 ? Have never seen that before and again I need to fix
the existing setup not replace it with a new one and have to start again,
sorry not being a pain, but there is no time to reset up the entire system

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#195 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAE22ox43ZEE72rfZ-ufgH8W8QSiK9wuks5qQoIugaJpZM4I_Owi
.

[AdamMiltonBarker]

If I get the new version running is this compatible with jpmens authplugin ? I understand it is a config file, but the other versions use mosquitto.conf and the auth plugin is built to use that as well, does ws.conf replace this file in the new version?

I need to look more at the existing version and why that is not working, I honestly cannot spare time to rebuild and mess with the system again, this is live now. Did you see my comment about none of the configs etc being replaced when rebuilding ? Also I thought also maybe there was a conflicting setup, how do I locate these? Although that doesn't make much sense as it is only websockets not working the authplugin is working correctly, at first I thought it was directly related to the OpenSSL upgrade but the auth plugin also uses OpenSSL and continues to function

[ralight]

Version of mosquitto 1.4.9 is completely compatible with version 1.4.8, it only includes bug fixes. Likewise with mosquitto_auth_plugin.

You can use any configuration file you want with mosquitto, the file I was using was just for testing purposes to demonstrate how to compile and test with websockets support. If you reproduce those steps exactly it should work for you. If it doesn't work for you, then the best way to get it solved is for you to install asciinema and record yourself replicating my exact steps so I can see where things go wrong.

I'm only asking you to do these things to help you - if you've not got time to look at it please just close the bug.

[AdamMiltonBarker]

I said I didn't have time to rebuild the entire system not that I have no time to get the existing fixed. Thanks I know you are helping I will test this tonight and get back to you thanks again.

[AdamMiltonBarker]

This issue still remains, have not been successful in getting websockets working again.

[ralight]

I can't see how this could be possible based on what you've said.

If you could put together a video of you installing libwebsockets and mosquitto from scratch showing the config and demonstrating the problem then we should be able to make some progress.

[ralight]

I'm closing this because I don't believe there is an actual problem with mosquitto. If you disagree, feel free to reopen it and provide more information about the problem.