Issues with Publishing using Mosquitto Library

bpat

Hello,

I am having issues using the Mosquitto Library within Qt. I am running a Mosquitto broker on my Windows 10 machine from the Command Prompt. I am also running a Linux VM on the same PC. I can Subscribe and Publish from Command Prompts and Linux Terminals with this broker. I made my own certificates, username, and password to work with this broker. I can make the broker work with or without the certificates and username/password with no issue from the command line or terminal windows.

Within Qt, with no Username, Password, or Certification Files, I can Publish with no issue to the broker. If I add the username and password, I can still publish with no issue. If I then try adding the certificates and keyfile, I then run into issues. If the broker requires the certificates and I don't include them, I get the broker to throw error "OpenSSL Error[0]: error:1408F10B:SSL routines:ssl3_get_record:wrong version number" which makes sense.

With Certificates being used, the broker does see the connection when I start my Qt Program, but when I publish a message, nothing happens. The broker doesn't appear to see the message.

Here is my mosquitto.conf file settings:
listener 6969
require_certificate true
use_identity_as_username false
allow_anonymous false
password_file C:\mosquitto\UserPass.txt
cafile C:\mosquitto\certs\ca.crt
certfile C:\mosquitto\certs\server.crt
keyfile C:\mosquitto\certs\server.key

//My code within Qt on my Linux VM (I pulled out the critical parts and left out some of my debugging code)
int MQTT_PORT = 6969;
const char *CA_CERT = "/home/user/certs/ca.crt";
const char *CLIENT_CRT = "/home/user/certs/server.crt";
const char *CLIENT_KEY = "/home/user/certs/server.key";
const char *MQTT_BROKER = "192.168.252.1";
const char *MQTT_TOPIC = "test";
const char *USERNAME = "Username";
const char *PASSWORD = "BestPassword";
const char *tls_ver = "tlsv1.2";

mosquitto_lib_init();
mosq = mosquitto_new(NULL, true, NULL);
rc = mosquitto_username_pw_set(mosq, USERNAME, PASSWORD);
rc = mosquitto_tls_opts_set(mosq, 1, tls_ver, NULL);
rc = mosquitto_tls_set(mosq, CA_CERT, NULL, CLIENT_CRT, CLIENT_KEY, NULL);
rc = mosquitto_tls_insecure_set(mosq, false);
rc = mosquitto_connect(mosq, MQTT_BROKER, MQTT_PORT, 60);
rc = mosquitto_publish(mosq, NULL, MQTT_TOPIC, 5, "Hello", 0, false);

Any help is appreciated.

ChrisW67

Nothing Qt to see here.

However, you are passing what looks like the server certificate as the client certificate argument to mosquitto_tls_set(). Since the server certificate will not match the client I cannot see how this would work.

bpat

Thank you, sometimes you miss the obvious when in too deep and need a fresh set of eyes. The Client certificate and key file replacing the server ones are the solution. I appreciate your insight even if it wasn't a Qt specific problem.

Only strange thing is that I was using the Server certificate and key file from the Terminal on the Linux VM machine and not having issues with publishing? Not sure why that would be as if it would have errored, then I would have caught it there.

Today I tried the following in the Linux Terminal to double check my sanity:

1. I tried it with no certificates (Failed to Publish)
2. I tried it with ca.crt, server.crt, and server.key (Publishes) =Seems odd that this worked
3. I tried it with ca.crt, client.crt, and client,key (Publishes)
4. I tried it with only the ca.crt (Failed to Publish).

Any idea why #2 would work in the Terminal? I should think I should have the same issues I had in Qt.

ChrisW67

When you were testing with the command line tool you were on the server machine and the certificate therefore matched?