QT MQTT using port 8883 and TLS certificate
-
wrote on 26 Apr 2023, 19:14 last edited by
Hello. I have been playing around with MQTT lately.
I used test.mosquitto.org server with a default TCP port 1883. Everything seemed to work fine.
I decided to try out secure port 8883 that requires TLS certificate. I looked up a relevant forum thread regarding this:
https://forum.qt.io/topic/118694/adding-tls-functionality-to-qt-mqtt-simpleclient-exampleAnd i modified on connect button click as following:
void MainWindow::on_buttonConnect_clicked() { QByteArray ba_crt; QFile ca_crtf("C:/Program Files/mosquitto/certs_v4/mosquitto.org.crt"); if (!ca_crtf.open(QIODevice::ReadOnly)) { qDebug() << "ERROR: Opening file: ca.crt"; } else { ba_crt = ca_crtf.readAll(); ca_crtf.close(); qDebug() << "Read CA certificate"; } QSslCertificate ca_crt(ba_crt, QSsl::Pem); QSslConfiguration config; config.defaultConfiguration(); config.setProtocol(QSsl::TlsV1_2); // needs to be handled explicitly with config.addCaCertificate(ca_crt); // client.connectToHostEncrypted(config); config.setPeerVerifyMode(QSslSocket::VerifyNone); // Dont check hostname from certificate if (m_client->state() == QMqttClient::Disconnected) { ui->lineEditHost->setEnabled(false); ui->spinBoxPort->setEnabled(false); ui->buttonConnect->setText(tr("Disconnect")); //m_client->connectToHost(); m_client->connectToHostEncrypted(config); } else { ui->lineEditHost->setEnabled(true); ui->spinBoxPort->setEnabled(true); ui->buttonConnect->setText(tr("Connect")); m_client->disconnectFromHost(); } }I downloaded mosquitto TLS certificate from official website:
https://test.mosquitto.org/I have managed to establish a connection without any issues but after exactly 1 minute, I got disconnected :
Normally, when I use unsecure port (1883), the ping is issues every 1 minute , I believe it might have something to do with the fact that I am being disconnected when using port 8883. Notice ping response when using 1883 port:
If you have any ideas what could be wrong here, please let me know! Thanks in advance
-
Hello. I have been playing around with MQTT lately.
I used test.mosquitto.org server with a default TCP port 1883. Everything seemed to work fine.
I decided to try out secure port 8883 that requires TLS certificate. I looked up a relevant forum thread regarding this:
https://forum.qt.io/topic/118694/adding-tls-functionality-to-qt-mqtt-simpleclient-exampleAnd i modified on connect button click as following:
void MainWindow::on_buttonConnect_clicked() { QByteArray ba_crt; QFile ca_crtf("C:/Program Files/mosquitto/certs_v4/mosquitto.org.crt"); if (!ca_crtf.open(QIODevice::ReadOnly)) { qDebug() << "ERROR: Opening file: ca.crt"; } else { ba_crt = ca_crtf.readAll(); ca_crtf.close(); qDebug() << "Read CA certificate"; } QSslCertificate ca_crt(ba_crt, QSsl::Pem); QSslConfiguration config; config.defaultConfiguration(); config.setProtocol(QSsl::TlsV1_2); // needs to be handled explicitly with config.addCaCertificate(ca_crt); // client.connectToHostEncrypted(config); config.setPeerVerifyMode(QSslSocket::VerifyNone); // Dont check hostname from certificate if (m_client->state() == QMqttClient::Disconnected) { ui->lineEditHost->setEnabled(false); ui->spinBoxPort->setEnabled(false); ui->buttonConnect->setText(tr("Disconnect")); //m_client->connectToHost(); m_client->connectToHostEncrypted(config); } else { ui->lineEditHost->setEnabled(true); ui->spinBoxPort->setEnabled(true); ui->buttonConnect->setText(tr("Connect")); m_client->disconnectFromHost(); } }I downloaded mosquitto TLS certificate from official website:
https://test.mosquitto.org/I have managed to establish a connection without any issues but after exactly 1 minute, I got disconnected :
Normally, when I use unsecure port (1883), the ping is issues every 1 minute , I believe it might have something to do with the fact that I am being disconnected when using port 8883. Notice ping response when using 1883 port:
If you have any ideas what could be wrong here, please let me know! Thanks in advance
Hi,
Did you connect the error related signal ?
-
wrote on 27 Apr 2023, 04:45 last edited by lukutis222
Good suggestion. I have added the following signal:
connect(m_client, &QMqttClient::errorChanged, this, &MainWindow::errorHandler);And I simply print the error code:
void MainWindow::errorHandler(){ qDebug("Error detected = %u",m_client->error()); }After 1 minute, in the console I see:
Error detected = 256According to QT documentation:
I am convinced that it is related to the ping. According to QT documentation:
I have tried the following:
m_client->setAutoKeepAlive(false);When I set AutoKeepAlive to false, I must manually request a ping.
Just for testing purpose, I have added a requestPing() everytime I try to publish something:
void MainWindow::on_buttonPublish_clicked() { if (m_client->publish(ui->lineEditTopic->text(), ui->lineEditMessage->text().toUtf8()) == -1) QMessageBox::critical(this, QLatin1String("Error"), QLatin1String("Could not publish message")); m_client->requestPing(); }
As you can see from image above, as long as I ping within KeepAlive interval, the connection will stay active.
However I am still not sure why it works that way. If AutoKeepAlive is set to true, the ping request should be issues automatically.
-
Good suggestion. I have added the following signal:
connect(m_client, &QMqttClient::errorChanged, this, &MainWindow::errorHandler);And I simply print the error code:
void MainWindow::errorHandler(){ qDebug("Error detected = %u",m_client->error()); }After 1 minute, in the console I see:
Error detected = 256According to QT documentation:
I am convinced that it is related to the ping. According to QT documentation:
I have tried the following:
m_client->setAutoKeepAlive(false);When I set AutoKeepAlive to false, I must manually request a ping.
Just for testing purpose, I have added a requestPing() everytime I try to publish something:
void MainWindow::on_buttonPublish_clicked() { if (m_client->publish(ui->lineEditTopic->text(), ui->lineEditMessage->text().toUtf8()) == -1) QMessageBox::critical(this, QLatin1String("Error"), QLatin1String("Could not publish message")); m_client->requestPing(); }As you can see from image above, as long as I ping within KeepAlive interval, the connection will stay active.
However I am still not sure why it works that way. If AutoKeepAlive is set to true, the ping request should be issues automatically.
wrote on 27 Apr 2023, 19:18 last edited byThis post is deleted! -
wrote on 27 Apr 2023, 19:20 last edited by lukutis222
It is still unclear why MQTT over secure port 8883 is not working correctly with default settings ( autoKeepAlive set to TRUE to ping every 60 seconds).
Could it be a QT issue or thats not related at all?
-
It is still unclear why MQTT over secure port 8883 is not working correctly with default settings ( autoKeepAlive set to TRUE to ping every 60 seconds).
Could it be a QT issue or thats not related at all?
Did you try to change the keep alive interval ?
-
wrote on 29 Apr 2023, 08:38 last edited by lukutis222
Good suggestion.
I have tried to set it to less than 60 and that seems to work fine.
In the example below, I have set keepalive to 10 seconds and as you can see I am not getting disconnected anymore.
I have then set it to 65 seconds and started the program again. Guess what - I have been disconnected exactly after 60 seconds.
So according to this test, keepalive must be set to less than 60 seconds when using port 8883 in order to prevent the client from disconnecting. But when using normal port (1883) it does not seem to matter at all. I have tried to read official MQTT documentation regarding keepalive but I cannot find anything that suggests keepalive should be less than 60. Is there any way to debug this further to determine if this is QT bug ?
-
Good suggestion.
I have tried to set it to less than 60 and that seems to work fine.
In the example below, I have set keepalive to 10 seconds and as you can see I am not getting disconnected anymore.
I have then set it to 65 seconds and started the program again. Guess what - I have been disconnected exactly after 60 seconds.
So according to this test, keepalive must be set to less than 60 seconds when using port 8883 in order to prevent the client from disconnecting. But when using normal port (1883) it does not seem to matter at all. I have tried to read official MQTT documentation regarding keepalive but I cannot find anything that suggests keepalive should be less than 60. Is there any way to debug this further to determine if this is QT bug ?
You can use a different client library to connect to this server.
-
wrote on 29 Apr 2023, 18:32 last edited by lukutis222
@SGaist
I am not fully understanding what you mean different client library? Can you please clarify?
From what I know, qtmqtt is the only official library for mqtt that is supported by QT so if anything, it should be more reliable than some custom mqtt libraries out there.Do you think that this issue is from the client side (QT) ?
-
@SGaist
I am not fully understanding what you mean different client library? Can you please clarify?
From what I know, qtmqtt is the only official library for mqtt that is supported by QT so if anything, it should be more reliable than some custom mqtt libraries out there.Do you think that this issue is from the client side (QT) ?
It could be, the idea is to try another library such as paho or maybe mosquittopp to determine whether the issue is server or client side.
Note that I have used neither of these libraries.
6/10