在mosquitto中使用TLS时遇到错误 [英] Facing Error while using TLS with mosquitto

问题描述

我正在尝试使用TLS通过mqtt进行通信.我的系统中安装了ubuntu.为了使用TLS，我使用以下链接创建了证书:

I am trying to use TLS for communicating over mqtt. I have ubuntu installed in my system. For using TLS, I have created certificates using the below link:

http://www.embedded101.com/Blogs/PaoloPatierno/entryid/366/mqtt-over-ssl-tls-with-the-m2mqtt-library-and-the-mosquitto-broker

我能够创建证书.但是，当我给mosquitto_m2mqtt.conf文件中的bind_address属性赋值并使用命令mosquitto -c mosquitto_m2mqtt.conf启动mosquitto时，会出现问题所给的错误；即Error: cannot assign requested address.请让我知道如何解决此问题.

I am able to create certificates. But when I give value to bind_address property in the mosquitto_m2mqtt.conf file and start mosquitto using the command mosquitto -c mosquitto_m2mqtt.conf, I get error as given in the subject of the question; i.e., Error: cannot assign requested address. Please let me know how to resolve this.

下面是配置文件的内容:

Below is the content of config file:

port 8883
bind_address iothdp02
cafile /etc/mosquitto/m2mqtt_ca.crt
certfile /etc/mosquitto/m2mqtt_srv.crt
keyfile /etc/mosquitto/m2mqtt_srv.key
tls_version tlsv1

运行命令mosquitto -c mosquitto_m2mqtt.conf -v时，出现如下错误:

When I run the command mosquitto -c mosquitto_m2mqtt.conf -v, I am getting as error as:

1551089294: mosquitto version 1.4.8 (build date 2016-09-21 11:21:45+0530) starting
1551089294: Config loaded from mosquitto_m2mqtt.conf.
1551089294: Opening ipv4 listen socket on port 8883.
1551089294: Error: Cannot assign requested address

我从配置文件中删除了bind_address，并使用"mosquitto -c mosquitto_m2mqtt.conf -v"以新的配置文件启动了mosquitto. Mosquitto启动，但是当我运行mosquitto_sub命令时，出现如下错误:

I have removed bind_address from config file and starting mosquitto with the new config file with 'mosquitto -c mosquitto_m2mqtt.conf -v'. Mosquitto starts, but when I run mosquitto_sub command, I am getting error as below:

mosquitto -c mosquitto_m2mqtt.conf -v 1551172930: mosquitto version 1.4.8 (build date 2016-09-21 11:21:45+0530) starting 1551172930: Config loaded from mosquitto_m2mqtt.conf. 1551172930: Opening ipv4 listen socket on port 8883. 1551172930: Opening ipv6 listen socket on port 8883. Enter PEM pass phrase: 1551172960: New connection from 127.0.0.1 on port 8883. 1551172960: OpenSSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown 1551172960: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure 1551172960: Socket error on client <unknown>, disconnecting.

mosquitto -c mosquitto_m2mqtt.conf -v 1551172930: mosquitto version 1.4.8 (build date 2016-09-21 11:21:45+0530) starting 1551172930: Config loaded from mosquitto_m2mqtt.conf. 1551172930: Opening ipv4 listen socket on port 8883. 1551172930: Opening ipv6 listen socket on port 8883. Enter PEM pass phrase: 1551172960: New connection from 127.0.0.1 on port 8883. 1551172960: OpenSSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown 1551172960: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure 1551172960: Socket error on client <unknown>, disconnecting.

在我订阅的窗口中，出现如下错误:

In the window that I am subscribing, I am getting error as below:

mosquitto_sub -p 8883 -q 1 -t sensor/temp --cafile /etc/mosquitto/m2mqtt_srv.crt --tls-version tlsv1 -d Unable to connect (A TLS error occurred.).

mosquitto_sub -p 8883 -q 1 -t sensor/temp --cafile /etc/mosquitto/m2mqtt_srv.crt --tls-version tlsv1 -d Unable to connect (A TLS error occurred.).

推荐答案

如果将主机名传递给bind_address参数，则它必须解析为有效的IP地址，这不一定与hostname的输出相同

If you pass a hostname to the bind_address argument it must resolve to a valid IP address, this is not necessarily the same as the output from hostname.

这与TLS/证书设置无关，纯粹是mosquitto如何识别要绑定到的地址.

This has nothing to do with the TLS/certificate setup it is purely how mosquitto identifies which address to bind to.

关于如何解决此问题，您有几种选择:

You have a few choices on how to fix this:

1. 删除bind_address行，这将导致mosquitto监听所有可用地址
2. 确保在bind_address字段中使用的所有内容都解析为绑定到代理正在运行的计算机上的接口的IP地址.这可能意味着使用完全限定的域名(您可能也应该在经纪人的证书CN中使用该域名)
3. 将主机名替换为您想让蚊子监听的接口的ip地址.

1. remove the bind_address line, this will cause mosquitto to listen on all available addresses
2. ensure that what ever you use in the bind_address field resolves to an IP address bound to an interface on the machine the broker is running. This might mean using the fully qualified domain name (you probably should have used that in the broker's certificate CN as well)
3. replace the hostname with the ip address for the interface you want mosquitto to listen on.

这篇关于在mosquitto中使用TLS时遇到错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！