Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.0.16 regression: Unable to establish bridging connection over TLS with custom CA #2875

Closed
thedmi opened this issue Aug 17, 2023 · 2 comments
Closed

2.0.16 regression: Unable to establish bridging connection over TLS with custom CA #2875

thedmi opened this issue Aug 17, 2023 · 2 comments

Comments

@thedmi
Copy link

thedmi commented Aug 17, 2023

TLS connections for bridging fail on 2.0.16 when using a custom CA. The configuration looks something like this:

connection cloud

address the-broker:8883
bridge_cafile /mosquitto/ca.pem
#bridge_insecure true # doesn't work whether this is true or not

bridge_protocol_version mqttv50
notifications_local_only true

remote_clientid the-client
remote_username the-username
remote_password the-password

topic some-topic out 1 "" ""

In the logs, I get

Bridge the-client sending CONNECT
Client local.the-client closed its connection.

repeatedly (every few seconds).

The same configuration works on 2.0.15, but unreliably due to #2634 . On 2.0.14 the same configuration works reliably.

Tested with docker image eclipse-mosquitto, tagged according to versions mentioned above.
@ralight
Copy link
Contributor

ralight commented Aug 22, 2023

I tried to reproduce this with a config of:

listener 1883

log_type all

connection tmo
address test.mosquitto.org:8883
bridge_cafile /mosquitto/config/mosquitto.org.crt
bridge_protocol_version mqttv50
notifications_local_only true

#remote_clientid the-client
#remote_username the-username
#remote_password the-password

topic some-topic out 1 "" ""

The file mosquitto.org.crt was downloaded from https://test.mosquitto.org/

Running this, I got this log, which shows it is working.

docker run -it -v $(pwd)/config:/mosquitto/config eclipse-mosquitto:2.0.16 
1692687410: mosquitto version 2.0.16 starting
1692687410: Config loaded from /mosquitto/config/mosquitto.conf.
1692687410: Opening ipv4 listen socket on port 1883.
1692687410: Opening ipv6 listen socket on port 1883.
1692687410: Bridge local.2b7fe1a336b5.tmo doing local SUBSCRIBE on topic some-topic
1692687410: Connecting bridge tmo (test.mosquitto.org:8883)
1692687410: Bridge 2b7fe1a336b5.tmo sending CONNECT
1692687410: mosquitto version 2.0.16 running
1692687410: Received CONNACK on connection local.2b7fe1a336b5.tmo.
1692687410: Bridge local.2b7fe1a336b5.tmo sending UNSUBSCRIBE (Mid: 1, Topic: some-topic)
1692687410: Received UNSUBACK from local.2b7fe1a336b5.tmo
1692687412: mosquitto version 2.0.16 terminating

Could you please try and reproduce that in the same way I have done? If it works, we need to figure out the difference in your setup.

@thedmi
Copy link
Author

thedmi commented Aug 23, 2023

I just tried the new 2.0.17 release and my problem is gone. I suspect that I misinterpreted the situation to be related to the custom CA. It was probably due to max_queued_messages 0 and thus #2879 .

Thanks a lot for your repro and the fix for the other bug!

@thedmi thedmi closed this as completed Aug 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ralight @thedmi