New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server does not appear to validate client cert #996
Comments
And what port is your client connecting to? 8081? or 1883? iirc, security settings are per listener, so you've only secured the websockets listener on 8081 |
Thank you for getting back to me! Your observation is correct. I am currently testing TLS with websockets only (port 8081). |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Thank you very much for creating this broker. It has been very fun to play around with! I apologize if the answer to this one is obvious.
I ran into a little bit of an issue with TLS. Specifically, requiring a valid certificate from the client. At first all went well. I added my cafile, cert, and key and set the required cert flag to true. As a test I first tried connecting my client without a cert and the server rejecting the connection as expected. I added my client certs and the server accepted my connection so all seemed to be well. Later I realized that the CA file on my server was wrong and from that CA's perspective the client's certificate should have been invalid. I then ran a second test were I remove that line entirely from my config file and the connection was still successful. Is there something else I need to configure to get the broker to check to make sure the cert is valid? It looks like it is just checking to see if a cert is present at all.
Here is my config:
I have been using the latest version of the docker container for testing.
Thank you for your time!
The text was updated successfully, but these errors were encountered: