New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL error when using crlfile
after reload
#2916
Comments
Some new infos:
I noticed that Mosquitto v2.0 drops to unprivileged user earlier than v1.6 (see migration docs) and would not start at all with the
I still do not understand how the I hope this workaround already helps people, but I think this behavior is unintuitive and there should at least be a note in the docs somewhere to help others. Even the log output is not very helpful. I know, that is more like an OpenSSL problem, but |
I recently added the
crlfile
line to the configuration below. Since then I observe failed connection attempts (see log below) as soon as the broker is reloaded (usingsystemctl reload mosquitto
). Actually all new connections fail, while already opened connections are still alive. Restarting moqsuitto (usingsystemctl restart mosquitto
) solves the issue until the next reload happens.Note that the same configuration just without the
crlfile
-line worked perfectly fine. I just had to revoke some client certificates lately.This issue might have to do with #2597. Although it is a different Mosquitto version and a slightly different behavior.
I made sure, that all certificates and the CRL are (still) valid. The certificates of the clients failing to connect were not revoked. The CA certificate and the CRL files are readable by all users (mode
0644
, parent folders0755
).Log excerpt
Mosquitto version
1.6.15 (newest version in the OS repository)
OS and version
AlmaLinux 8.8
OpenSSL version
1.1.1k
Mosquitto configuration
The text was updated successfully, but these errors were encountered: