Mosquitto-PHP - TLS error connection with the broker

Question

I'm trying to do a connection between a PHP MQTT-client and my broker, but I'm getting this error:

Fatal error: Uncaught exception 'Mosquitto\\Exception' with message 'A TLS error occurred.' in /path/testemqtt.php:27 Stack trace: #0 /path/testemqtt.php(27): Mosquitto\\Client->connect('localhost', 9419) #1 {main} thrown in /path/testemqtt.php on line 27

I already did the same connection in another languages like Java , Android and Javascript (w/ node.js) , but in PHP I'm facing some difficulties... Here is the code that does not work:

ini_set('display_errors',1);error_reporting(E_ALL);

    /* Construct a new client instance, passing a client ID of “MyClient” */
$client = new Mosquitto\Client('PHPClient',true);

/* Set the callback fired when the connection is complete */
$client->onConnect(function($code, $message) use ($client) {
    /* Subscribe to the broker's $SYS namespace, which shows debugging info */
    echo $code .' - '.$message;
    $client->subscribe('pedro/php', 1);
});

/* Set the callback fired when we receive a message */
$client->onMessage(function($message) {
    /* Display the message's topic and payload */
    echo $message->topic, "\n", $message->payload, "\n\n";
});

/* Connect, supplying the host and port. */


$client->setCredentials('username', 'password');
$client->setTlsCertificates('ca.crt', 'ca_client.crt', 'client.key', null); //As my TLS/SSL certificate is one way I dont need to use passphrase to connect to the broker
$client->setTlsOptions(Mosquitto\Client::SSL_VERIFY_PEER,"tlsv1",null);
$client->connect('localhost', 8883);

/* Enter the event loop */
$client->loopForever();

Here is the example of the implementation in node.js (it works like a charm):

var KEY = fs.readFileSync('client.key'); 

var CERT = fs.readFileSync('client.crt'); 

var CAfile = fs.readFileSync('ca.crt');

var MQTToptions = {
                    host: 'localhost',
                    clientId: 'pedroNodeJS',
                    username: 'username',
                    password: 'password',
                    port: 8883,
                    ca: CAfile,
                    keyPath: KEY,
                    certPath: CERT,
                    secureProtocol: 'TLSv1_method',
                    protocol: 'mqtts',
                    protocolId: 'MQIsdp',
                    protocolVersion: 3,
                    rejectUnauthorized: false,
                    connectTimeout: 2000,
                    keepalive:0,
                    reschedulePings: false
                };


var client  = mqtt.connect(MQTToptions);

I don't know what is the problem, because apparently the PHP code is correct.

I've used this references in my implementation:

MQTT Client Library Encyclopedia – Mosquitto-PHP

Git - Mosquitto-PHP

Development guide

Thanks for all help!

Answer 1

I know this question is a bit old, but for anyone coming from Google I had the same issue and the problem turned out to be with the CA certificate I was using.

All I did, was to set the first parameter of the setTlsCertificates method to point to the default trust/CA store on my system, which happens to be /etc/ssl/certs/ca-certificates.crt on Debian, and it worked.

Of course, doing that is not going to work if your server uses a self-signed certificate. A quick way to verify that the problem is indeed with the CA certificate, is to use SSL_VERIFY_ΝΟΝΕ instead of SSL_VERIFY_PEER on your setTlsOptions , in order to disable the server verification temporarily.