You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a Dockerized MQTT broker server where I want to add TLS connections using certificates from a private CA (root-ca.cer has signed server.cer as a trust chain ). I have configured the server and client code with certificates, and the server configuration seems correct. However, I'm encountering an error during the TLS handshake when the client tries to connect to the MQTT broker. It is important to say that the broker accepts connections when running the server C# program and client C# program locally, the problem comes when dockerizing it.
// Cargar el certificado PFXvarcertificate=newX509Certificate2(Constants.PATH_CLIENT_CERT,Constants.CERT_PASSWORD);varcertificateCA=newX509Certificate2(Constants.PATH_CA_CERT,Constants.CERT_PASSWORD);// Crear cliente MQTT con soporte TLSMqttClientclient=newMqttClient(BrokerAddress,8883,true,certificateCA,certificate,MqttSslProtocols.TLSv1_2,RemoteCertificateValidationCallback);Console.WriteLine($"INFO: BROKER ADDRESS: {BrokerAddress}");client.MqttMsgPublishReceived+=(sender,e)=>{//...};client.Connect(Guid.NewGuid().ToString());client.Subscribe(newstring[]{topic},newbyte[]{MqttMsgBase.QOS_LEVEL_EXACTLY_ONCE});Console.WriteLine($"{Colors.YELLOW}{Colors.BOLD}[info]{Colors.RESET} Subscribed to topic {Colors.BOLD}[{topic}]{Colors.RESET}");}catch(MqttClientExceptionex){Console.WriteLine($"{Colors.RED}{Colors.BOLD}[MQTT Connection Exception]{Colors.RESET}{ex}");// Manejo específico para errores de conexión MQTT}catch(SocketExceptionex){Console.WriteLine($"{Colors.RED}{Colors.BOLD}[Socket Exception]{Colors.RESET}{ex}");// Manejo específico para errores de Socket}catch(Exceptionex){Console.WriteLine($"{Colors.RED}{Colors.BOLD}[General Exception]{Colors.RESET}{ex}");// Manejo para cualquier otro tipo de error no capturado específicamente}}
RemoteCertificateValidationCallback returns always true. It works in local mode, not in dockerized mode.
Mosquitto Configuration (mosquitto.conf):
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
# TLS
certfile /mosquitto/certs/server.crt
keyfile /mosquitto/certs/server.key
listener 8883 0.0.0.0
## Authentication ##
# By default, Mosquitto >=2.0 allows only authenticated connections. Change to true to enable anonymous connections.
require_certificate true
allow_anonymous true
log_type all
connection_messages true
# password_file /mosquitto/config/password.txt
I have tried to see if there are uploaded certs as follows:
sudo docker exec -it 4a91e96b0825 ls /mosquitto/certs
server.crt server.key
As you can see, they are in the correct place, but mosquitto cannot use them.
1703761378: mosquitto version 1.6.15 starting
1703761378: Config loaded from /mosquitto/config/mosquitto.conf.
1703761378: Opening ipv4 listen socket on port 8883.
1703761378: mosquitto version 1.6.15 running
1703761558: mosquitto version 1.6.15 terminating
1703761558: Saving in-memory database to /mosquitto/data/mosquitto.db.
1703761821: mosquitto version 1.6.15 starting
1703761821: Config loaded from /mosquitto/config/mosquitto.conf.
1703761821: Opening ipv4 listen socket on port 8883.
1703761821: mosquitto version 1.6.15 running
1703761959: New connection from 172.22.0.4 on port 8883.
1703761959: Client <unknown> disconnected due to protocol error.
1703761959: New connection from 172.22.0.4 on port 8883.
1703761959: Client <unknown> disconnected due to protocol error.
Error Message:
[Exception] Exception in MQTT: uPLibrary.Networking.M2Mqtt.Exceptions.MqttConnectionException: Exception connecting to the broker
...
mls_client | [General Exception] uPLibrary.Networking.M2Mqtt.Exceptions.MqttConnectionException: Exception connecting to the broker
mls_client | ---> System.IO.IOException: Unable to read data from the transport connection: Connection reset by peer.
mls_client | ---> System.Net.Sockets.SocketException (104): Connection reset by peer
mls_client | at System.Net.Sockets.NetworkStream.Read(Span`1 buffer)
mls_client | --- End of inner exception stack trace ---
mls_client | at System.Net.Sockets.NetworkStream.Read(Span`1 buffer)
mls_client | at System.Net.Security.SyncReadWriteAdapter.ReadAsync(Stream stream, Memory`1 buffer, CancellationToken cancellationToken)
mls_client | at System.Net.Security.SslStream.EnsureFullTlsFrameAsync[TIOAdapter](CancellationToken cancellationToken, Int32 estimatedSize)
mls_client | at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
mls_client | at System.Net.Security.SslStream.ReceiveHandshakeFrameAsync[TIOAdapter](CancellationToken cancellationToken)
mls_client | at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
mls_client | at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)
mls_client | at uPLibrary.Networking.M2Mqtt.MqttNetworkChannel.Connect()
mls_client | at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, String willTopic, String willMessage, Boolean cleanSession, UInt16 keepAlivePeriod)
mls_client | --- End of inner exception stack trace ---
mls_client | at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, String willTopic, String willMessage, Boolean cleanSession, UInt16 keepAlivePeriod)
mls_client | at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId)
mls_client | at Idbotic.MlsClient.Utilities.Mqtt.SubscribeToMqttTopic(String topic) in /mls-client/src/Mqtt.cs:line 60
...
The server certificates (server.crt, server.key) have been successfully copied to the Mosquitto container's path, and their existence has been confirmed.
I appreciate any guidance or suggestions to troubleshoot and resolve this problem.
The text was updated successfully, but these errors were encountered:
Issue Summary:
I have a Dockerized MQTT broker server where I want to add TLS connections using certificates from a private CA (root-ca.cer has signed server.cer as a trust chain ). I have configured the server and client code with certificates, and the server configuration seems correct. However, I'm encountering an error during the TLS handshake when the client tries to connect to the MQTT broker. It is important to say that the broker accepts connections when running the server C# program and client C# program locally, the problem comes when dockerizing it.
Server Code (Publisher):
Client Code (Subscriber):
RemoteCertificateValidationCallback returns always true. It works in local mode, not in dockerized mode.
Mosquitto Configuration (mosquitto.conf):
Server's Docker compose:
Client's Docker compose:
Mosquitto log:
I have tried to see if there are uploaded certs as follows:
As you can see, they are in the correct place, but mosquitto cannot use them.
Error Message:
The server certificates (
server.crt,server.key) have been successfully copied to the Mosquitto container's path, and their existence has been confirmed.I appreciate any guidance or suggestions to troubleshoot and resolve this problem.
The text was updated successfully, but these errors were encountered: