Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: A TLS error occurred with libressl #2409

Open
mkohns opened this issue Dec 16, 2021 · 2 comments
Open

Error: A TLS error occurred with libressl #2409

mkohns opened this issue Dec 16, 2021 · 2 comments

Comments

@mkohns
Copy link

mkohns commented Dec 16, 2021
edited

Hi! Thank you for this great broker! I use it over 10 years now (felt like)- and it is just great!

I have discovered one issue - I would like to report.

I have a broker in the internet secured with TLS certificates from lets encrypt. This works fine.
I tried to configure a local bridge and ran into strange TLS errors.
After analysis, I proof that the error also can be reproduced with mosquitto clients, as a bridge - is also just a client.
My tests showed the following behaviour.

I used following command for reproduction executed inside a docker container started in interactive mode.

mosquitto_sub -h my.internet.broker -p 40000 -t /test --capath /etc/ssl/certs -u <myuser> -P <mypass>

docker-image: eclipse-mosquitto:1.6.9, Error: A TLS error occurred
docker-image: eclipse-mosquitto:2.0.11, Error: A TLS error occurred
docker-image: eclipse-mosquitto:2.0.14, Error: A TLS error occurred
docker-image: alpine:3.14.3, with apk add mosquitto-clients (1.6.9) + ca-certificates installed: OK
docker-image: alpine:3.12.7, with apk add mosquitto-clients (1.6.9) + ca-certificates installed: OK
docker-image: ubuntu, with apt install mosquitto-clients (1.6.9) + ca-certificates installed: OK

So - non of the mosquitto container worked. The base images (including ubuntu for verification) worked like a charm.

When I switched to

docker-image: eclipse-mosquitto:1.6.9-openssl, OK
docker-image: eclipse-mosquitto:2.0.11-openssl, OK
docker-image: eclipse-mosquitto:2.0.14-openssl, OK

everything was okay.
I think this is a but somewhere around using libressl - or even inside - or even between my ears ;)

I just want to share this, to others can save some time analysing.
@latlaj
Copy link

latlaj commented Sep 8, 2022

Hi, I have the same issue about this.

I follow this page mosquitto-tls to use those commands to create "ca.crt server.crt server.key"

openssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt
openssl genrsa -out server.key 2048
openssl req -out server.csr -key server.key -new
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 180

then mosquitto.conf is like this:

listener 8883
allow_anonymous true
cafile /path/to/ca.crt
certfile /path/to/server.crt
keyfile /path/to/server.key

mosquitto_pub -d -h 192.168.xxx.xxx -port 8883 --cafile /path/to/ca.crt -t test -m msg

use mosquitto_pub in docker container,image eclipse-mosquitto:2.0.15-openssl is OK,
but in eclipse-mosquitto:2.0.15, it told me:

Unable to connect (A TLS error occurred.).

It looks like mosquitto server in two docker images have no different in this way, but mosquitto_pubs are. It's difficult for me to find out the different between libressl and openssl, is there any explanation of this problem? Or have I done anything wrong with the CA files?

@xoxys
Copy link

xoxys commented Apr 10, 2024

Even 3 years later it seems to be still broken and not even a single response to this issue? It's a bit strange that a libressl and openssl container is provided, while the libressl-version has unaddressed issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xoxys @mkohns @latlaj