MQTTnet TLS 1.2 加密服務器

Question

我正在嘗試使用 MQTTnet 創建 TLS 1.2 加密的代理和客戶端（假設在端口 2000 上）。 以下是我的嘗試：

using MQTTnet;
using MQTTnet.Client;
using MQTTnet.Server;
using System.Security.Authentication;

MqttFactory factory = new MqttFactory();
MqttServerOptionsBuilder serverOptions = new MqttServerOptionsBuilder()
                        .WithEncryptedEndpoint()
                        .WithEncryptedEndpointPort(2000)
                        .WithEncryptionSslProtocol(SslProtocols.Tls12)
                        .WithoutDefaultEndpoint();
MqttServer mqttServer = factory.CreateMqttServer(serverOptions.Build());
mqttServer.StartAsync();

MqttClientOptionsBuilder clientOptions = new MqttClientOptionsBuilder()
                    .WithClientId("myClient")
                    .WithTcpServer("localhost", 2000)
                    .WithTls(new MqttClientOptionsBuilderTlsParameters()
                    {
                        UseTls = true,
                        SslProtocol = SslProtocols.Tls12,
                        CertificateValidationHandler = x => { return true; }
                    });
MQTTnet.Client.MqttClient mqttClient = factory.CreateMqttClient() as MQTTnet.Client.MqttClient;
while (!mqttClient.IsConnected)
{
    mqttClient.ConnectAsync(clientOptions.Build()).GetAwaiter();
    Thread.Sleep(1000);
}
Console.WriteLine("Connected");
Console.ReadLine();

我創建的客戶端沒有連接到代理。 我相信問題來自服務器端（如果不是兩者），因為當我檢查netstat時，端口 2000 上沒有任何連接。

我錯過了什么？

Answer 1

這是對我有用的代碼。 基本上在等待服務器並添加 X509 證書之后，服務器現在允許具有相同證書的客戶端進行連接。

using MQTTnet;
using MQTTnet.Client;
using MQTTnet.Server;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;

X509Store store = new X509Store(StoreLocation.CurrentUser);
X509Certificate2 certificate;
try
{
    store.Open(OpenFlags.ReadOnly);
    X509Certificate2Collection certCollection = store.Certificates;
    X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
    certificate = currentCerts[0];
}
finally
{
    store.Close();
}
MqttFactory factory = new MqttFactory();
MqttServerOptionsBuilder serverOptions = new MqttServerOptionsBuilder()
                        .WithEncryptedEndpoint()
                        .WithEncryptedEndpointPort(2000)
                        .WithEncryptionCertificate(certificate)
                        .WithRemoteCertificateValidationCallback( (obj, cert, chain, ssl) => { return true; } )
                        .WithEncryptionSslProtocol(SslProtocols.Tls12)
                        .WithoutDefaultEndpoint();
MqttServer mqttServer = factory.CreateMqttServer(serverOptions.Build());
await mqttServer.StartAsync();

MqttClientOptionsBuilder clientOptions = new MqttClientOptionsBuilder()
                    .WithClientId("myClient")
                    .WithTcpServer("localhost", 2000)
                    .WithTls(new MqttClientOptionsBuilderTlsParameters()
                    {
                        UseTls = true,
                        SslProtocol = SslProtocols.Tls12,
                        CertificateValidationHandler = x => { return true; }
                    });
MQTTnet.Client.MqttClient mqttClient = factory.CreateMqttClient() as MQTTnet.Client.MqttClient;
while (!mqttClient.IsConnected)
{
    mqttClient.ConnectAsync(clientOptions.Build()).GetAwaiter();
    Thread.Sleep(1000);
}
Console.WriteLine("Connected");
Console.ReadLine();