Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mosquitto_ctrl claims the connection is not encrypted, does nothing #2541

Open
sezanzeb opened this issue May 19, 2022 · 7 comments
Open

mosquitto_ctrl claims the connection is not encrypted, does nothing #2541

sezanzeb opened this issue May 19, 2022 · 7 comments
Labels
Component: mosquitto-apps Type: Bug

Comments

@sezanzeb
Copy link

sezanzeb commented May 19, 2022
edited
Loading

I'm pretty sure our server is properly running with encryption, because mqtt explorer will only connection with activated encryption.

However, we get this when using mosquitto_ctrl to interact with the dynsec plugin:

mosquitto_ctrl -h qux.foo.bar -p 8883 -u *** -P *** dynsec listClients -v
Warning: You are running mosquitto_ctrl without encryption.
This means all of the configuration changes you are making are visible on the network, including passwords

Which stops after 10 seconds of doing nothing without a result.

Locally everything worked and listClients printed our administrator user.

We also know that dynsec is running properly, because the credentials we put into the dynsec config file are the only way to connect in mqtt explorer.

Versions:

uname -r
5.15.32-1-MANJARO
mosquitto_ctrl | ack version
mosquitto_ctrl version 2.0.14 running on libmosquitto 2.0.14.
@sezanzeb
Copy link
Author

sezanzeb commented May 19, 2022
edited
Loading

Downloading any cert via

openssl s_client -showcerts -connect foo:443 </dev/null > bar.cert

and then using it with

mosquitto_ctrl -h qux.foo.bar -p 8883 -u admin -P admin --cafile bar.cert dynsec listClients -v

makes the warning go away. The command doesn't seem to really check if the cert is matching. And it still exits after 10 seconds of doing nothing.

@ralight
Copy link
Contributor

ralight commented May 20, 2022

Hmm, unlike the mosquitto_*ub clients, mosquitto_ctrl doesn't automatically change to TLS mode if you use port 8883. I think that's a bug. I've not debugged your second command where it does use encrypted mode, I'll look at that later.

@sezanzeb
Copy link
Author

Thanks a lot!

@NicolasLM
Copy link

Hey, I am also facing this problem. I tried a bunch of incantations, like mosquitto_ctrl -L mqtts:https://foo:bar@baz:8883/ but it seems that mosquitto_ctrl cannot connect over TLS, even when not relying on the implicit switch to TLS when using port 8883.

@tonkolviktor tonkolviktor mentioned this issue Apr 22, 2023
Open
@tka85
Copy link

tka85 commented Feb 11, 2024
edited
Loading

Same here. Tried with -L mqtts:https://... and with spread params -u ... -p ... -P ....

I just get warning Warning: You are running mosquitto_ctrl without encryption. \nThis means all of the configuration changes you are making are visible on the network, including passwords. and then nothing.

Has anyone solved this? Or is the project not maintained any more?

@avandorp
Copy link

avandorp commented Mar 9, 2024

It works, if you connect by socket. But it still warns you about unencrypted traffic...

@cyub
Copy link

cyub commented Jul 9, 2024

-o <path to options file> Configure ca certificate and other information in the specified file。more see: Using an options file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: mosquitto-apps Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ralight @NicolasLM @avandorp @cyub @sezanzeb @tka85