TLS上的MQTT(Mosquitto)-某些程序中的证书错误
[英]MQTT (Mosquitto) over TLS - certificate error in some programs
问题描述
I set up a Mosquitto server a few days ago using https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-debian-8 . 
我几天前使用https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-debian-8设置了Mosquitto服务器。
Playing around with it, everything seemd to be working like I wanted. 玩弄它,一切似乎都按我的意愿工作。 I am able to connect an android client and MQTTSpy to my own server. 我能够将android客户端和MQTTSpy连接到我自己的服务器。
Yesterday I had the great idea of looking for a Kodi plugin that would push status and info to MQTT: https://github.com/owagner/kodi2mqtt 昨天我有个很棒的主意,就是寻找一个可将状态和信息推送到MQTT的Kodi插件: https : //github.com/owagner/kodi2mqtt
It is able to find the server as I see changes in the Mosquitto log file, however I keep getting the same error: 当我看到Mosquitto日志文件中的更改时,它能够找到服务器,但是我不断收到相同的错误:
1492549927: New connection from 81.240.134.64 on port 8883.
1492549927: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1492549927: Socket error on client <unknown>, disconnecting.
1492549932: New connection from 81.240.134.64 on port 8883.
1492549933: OpenSSL Error: error:140780E5:SSL routines:SSL23_READ:ssl handshake failure
1492549933: Socket error on client <unknown>, disconnecting.
1492549934: New connection from 81.240.134.64 on port 8883.
1492549934: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1492549934: Socket error on client <unknown>, disconnecting.
1492549939: New connection from 81.240.134.64 on port 8883.
1492549939: OpenSSL Error: error:140780E5:SSL routines:SSL23_READ:ssl handshake failure
1492549939: Socket error on client <unknown>, disconnecting.
From what I understand there are some issues with certificates but I am not 100% sure what is missing. 据我了解,证书存在一些问题,但我不能百分百确定缺少什么。 In the other applications I do not need to provide my own certificates, so I don't see what is missing. 在其他应用程序中,我不需要提供自己的证书,因此看不到缺少的内容。 I tried using the generated certificates in the Kodi addon, however they seem not to work and I get a different error: 我尝试在Kodi插件中使用生成的证书,但是它们似乎不起作用,并且出现了另一个错误:
1492541859: New connection from 81.240.134.64 on port 8883.
1492541860: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1492541860: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1492541860: Socket error on client <unknown>, disconnecting.
1492541862: New connection from 81.240.134.64 on port 8883.
1492541862: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1492541862: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1492541862: Socket error on client <unknown>, disconnecting.
I'm not sure in what direction I should check. 我不确定应该朝哪个方向检查。 Is something wrong with my server/certificates (seems unlikely since other clients are working) or is something wrong with the python code of the Kodi addon? 我的服务器/证书有问题(似乎不太可能,因为其他客户端正在工作)还是Kodi插件的python代码有问题? If so, could anyone shed some light on what is missing (I know my way around coding, just not really around certificate things). 如果是这样,任何人都可以对丢失的内容有所了解(我知道我的编码方式,而并不是真正围绕证书的方式)。
Thanks for the help! 谢谢您的帮助!
Joren C. 乔伦C.
2 个解决方案
解决方案1
1 已采纳 2017-04-20 14:48:21
Your python client will need access to the trusted certificate authority. 您的python客户端将需要访问受信任的证书颁发机构。 Copy the signed public certificate The browser clients don't need that because they already come loaded with trusted certificate authorities. 复制签名的公共证书浏览器客户端不需要这样做,因为它们已经加载了受信任的证书颁发机构。
If the kodi addon is using the paho mqtt client library , then the following should fix it.. 如果kodi插件正在使用paho mqtt客户端库,则应通过以下操作对其进行修复。
client.tls_set('$your server's public cert$.crt')
解决方案2
0 2017-04-19 15:45:21
尝试ssl连接:
openssl s_client -connect 81.240.134.xxx:8883 -CAfile /etc/certs/file.crt -debug
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.