SSL/TLS - certificate verify fails on ARM but ok on x86 #318
Comments
|
Hi guys, I have solved this...the arm board turned out to have its system time set to 2019 so the certificate was not valid yet. Simple error but real pain to find out. I've run the following command on the arm board as well as on the x86 client and then compared the two: openssl s_client -showcerts -connect 192.168.1.74:8883 -verify 9 I spotted this error: Verify return code: 9 (certificate is not yet valid) At this point I was still confused why it is not valid yet...I googled the error and almost nothing came up but then came across some comment of somebody regarding making sure the system date is correct. Hope this helps to someone having similar issue...absolute nightmare to debug |
|
Thanks for letting us know the outcome. Did you use the |
|
I've used the same error handler as in here; https://github.com/eclipse/paho.mqtt.cpp/blob/master/src/samples/ssl_publish.cpp I can test it if you show me some example of how to use it as I am new to Paho...thanks! |
|
A new callback went into the C library recently that's supposed to give more help with SSL/TLS errors. I put the code into the C++ library to wrap it, but didn't test it extensively for different failure modes. It's in here: Note the |
|
...or it could be that I didn't register it properly... |
Thanks @fpagliughi, keep me updated if you find out anything interesting |
Hi guys,
First of all many thanks for developing this c++ library, it looks awesome!
I hope someone could help me because I am new to MQTT and I have been stuck last couple of days.
I would like to develop a client that uses encryption but for now I am simply reusing the ssl_publish sample.
For the broker I use Mosquitto 2.0.3 running in docker using the following config:
`listener 8883
cafile /mosquitto/config/certs/ca.crt
certfile /mosquitto/config/certs/server.crt
keyfile /mosquitto/config/certs/server.key
require_certificate true
use_identity_as_username true`
Recently I've forked Conan Paho recipes and build the latest version paho-mqtt-c/1.3.8 and paho-mqtt-cpp/1.2.0 with SSL option enabled. The same recipe was then cross-compiled for armv8.
When I build an x86 version of the client everything works and I get the following output:
`Initializing for server 'ssl://192.168.1.74:8883'...
...OK
Connecting...
Waiting for the connection...
...OK
Sending message...
Delivery complete for token: 1
...OK
Disconnecting...
...OK
`
However, when I cross-compile the same code and run it on an ARM device I get this instead:
`Initializing for server 'ssl://192.168.1.74:8883'...
...OK
Connecting...
Waiting for the connection...
SSL Error: 548272640448:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:
SSL Error: 548272640448:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:
MQTT error [-1]: TCP/TLS connect failure`
No matter what I do I cannot find out what is wrong. I understand that the ARM device connects to the broker which then rejects the certificate. I tried using the same certificate on ARM that I used on x86 and I also tried generating new client certificate for ARM but no matter what I try I get this error. What am I missing?
Thank you so much for taking the time and reading through. I am happy to provide more details, just let me know please.
The text was updated successfully, but these errors were encountered: