Pls help me, TLS problem!! #2646
Comments
|
if i omit keyfile in conf seems work, but when i try to do a publish: |
|
mosquitto log without keyfile value mosquitto log with keyfile value error in code: |
|
Hi @marco99asr, If you encounter bugs, have requests or other random questions, you can reach out on issue trackers on projects like this one. (or, if available, online communities on irc, discord, ...) However, the project maintainers and others are in no way obliged to fix those bugs, work on your request or help anyone debug their setup. Please keep in mind that this is an open source project, and that many people here are contributing in their spare time. Mentioning random earlier contributors and commenting on many seemingly related bugs is definitely bad etiquette. Patience is a virtue here, and by having spammed everyone, not taking time to write full sentences or formatting your comment, I fear the chances of this question getting answered are very low. I'm pretty sure you didn't intend that, or are maybe unaware about how things are usually done. (which is why I'm replying at all) You can have a look at this page for some advice on "Open Source Etiquette" for some more tips: https://developer.mozilla.org/en-US/docs/MDN/Community/Open_source_etiquette#be_patient_be_timely Maintainers generally prefer people that actively try to contribute and help debug their issues, instead of throwing questions. While it's not necessarily bad etiquette to just report a bug and leave it at that (the same rules applies to you, you are not obliged to help random projects), the chances of the bug/feature/question getting resolved are mostly very low. You can see in the issue tracker that there are many open issues that don't have any activity. You can also see that in some (most closed) issues, some people contribute and actively try to find out what is wrong. Those issues get way more traction, because it is also just way more fun to work on them. (see e.g. #2522) I can't help you with your question, and probably neither can the others you mentioned. Maybe reading through the issues you commented on leads to answers. I just wanted to take some time to call out that this strategy is not the way you should approach this. The world of open source software is beautiful, and I want to encourage you to keep learning and trying to contribute to things. But please take the open source etiquette in mind, and don't do these things. |
#Hi im tryng to use pkcs11 openssl engine to integrate tpm in mosquitto.
running "openssl engine" i can see this:
openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
#loading with the export, this config:
export OPENSSL_CONF=/root/tpm2-pkcs11.openssl.conf
openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(pkcs11) pkcs11 engine
in my mosquitto.conf:
...................
tls_engine pkcs11
tls_engine_kpass_sha1 "####sha value##"
tls_keyform engine
tls_version tlsv1.1
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/cert.crt
keyfile ????
all my questions:
im getting this error
1665153375: mosquitto version 2.0.15 starting
1665153375: Config loaded from /etc/mosquitto/mosquitto.conf.
1665153375: Opening ipv4 listen socket on port 1883.
1665153375: Opening ipv6 listen socket on port 1883.
1665153375: Opening ipv4 listen socket on port 8883.
1665153375: Opening ipv6 listen socket on port 8883.
1665153375: Error: Unable to set engine secret mode sha
1665153375: OpenSSL Error[0]: error:260AC089:engine routines:int_ctrl_helper:invalid cmd name
1665153375: OpenSSL Error[1]: error:260B2089:engine routines:ENGINE_ctrl_cmd:invalid cmd name
How can i solve?
in mosquitto.conf what ive to pass at keyfile param?
I generate a csr cert from tpm using pkcs11, signed with my created ca.
Private key is in tpm......
The text was updated successfully, but these errors were encountered: