连接Mosquitto新的Azure MQTT后端 [英] Connecting Mosquitto to the new Azure MQTT backend
问题描述
最近微软Azure添加了一个MQTT后端其服务。
该服务使用 TLS 不加密的流量。
我不能Mosquitto和微软Azure云之间的连接。
我下载服务器证书
回声-n | OpenSSL的的s_client.First -connect mytarget.azure-devices.net:8883 | SED -ne'/ -BEGIN证书 - /,/ - END CERTIFICATE- / P'> /tmp/test.cert
,然后试图用mosquitto_sub连接
mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t设备/器件1 /消息/事件-i设备1 -umytarget.azure-devices.net/设备1-PSharedAccessSignature SR =剪断&安培; SIG =剪断&安培; SKN =喀嚓--cafile /tmp/test.pem --insecure
然而,连接是从来没有建立。
Mosquitto输出:
客户端设备1发送CONNECT
错误:发生TLS误差
块引用>我有previously成功连接通过SSL到Amazon云mosquitto(虽然我得到了一个证书和私钥)。
于是,我试着用添加客户端证书/密钥,这是我从AWS了,hopingg的错误是mosquitto确实需要这些文件了。mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t设备/器件1 /消息/事件-i设备1 -umytarget.azure-devices.net/设备1-PSharedAccessSignature SR =剪断&安培; SIG =剪断&安培; SKN =喀嚓--cafile /tmp/test.pem --cert certificate.pem.crt --key -private.pem.key --insecure --insecure
不过,这并没有帮助,也没有更改错误信息。
然后我看着在GitHub上mosquitto code和发现错误可能是造成<一个href=\"https://github.com/iosphere/mosquitto/blob/79f3b57da5b5a4498bcbe1e97917ce3aff874245/lib/net_mosq.c#L379\"相对=对所以SSL_connect此行,这似乎是一个OpenSSL的功能nofollow的>。
有没有人做mosquitto连接到Microsoft Azure云或有任何指针旁边哪里找?
修改
我似乎能够通过在socat隧道的SSL发布:
socat OpenSSL的连接:mytarget.azure-dices.net:8883,验证= 0 TCP-L:8884,reuseaddr,叉
,然后mosquitto连接-h本地主机,而不是蔚蓝的打动了我:
客户端设备1发送CONNECT
客户端设备1收到CONNACK
客户端设备1发送PUBLISH(D0,Q0,R0,M1,'设备/器件1 /消息/事件,(4字节))
客户端设备1发送断开这可能是从Azure的主机东西扔mosquitto的。
订阅像这样与mosquitto也适用。使用这种方法的问题在于,SSL的连接似乎第一个(一些)数据包(S)和socat subsequentally之后被破坏与抱怨
电子SSL_write():中断的管道
解决方案有关别人寻找这一点。
我们终于设法得到它与mosquitto_sub /酒馆工作:mosquitto_sub -h mytarget.azure-devices.net -p 8883 -t设备/器件1 /邮件/ devicebound /#-i设备1 -umytarget.azure的设备。网络/设备1-PSharedAccessSignature SR = mytarget.azure-devices.net&安培; SIG =剪断&安培; SKN =喀嚓--capath的/ etc / SSL /证书/ --tls版本的TLSv1 -d -V mqttv311 -q 1
和用于发布:
mosquitto_pub -h mytarget.azure-devices.net -p 8883 -t设备/器件1 /消息/事件/-i设备2 -umytarget.azure-devices.net /设备2-PSharedAccessSignature SR = bbvgathering.azure-devices.net&安培; SIG =剪断&安培; SE =剪断&安培; SKN =喀嚓--capath的/ etc / SSL /证书/ --tls版本的TLSv1 -d -V mqttv311 -q 1 -m{\\键\\:\\价值\\}
重要提示您需要发送的JSON数据,其他的一切都会被拒绝(至少在我们的设置)!
注意被劝你(貌似)不能直接发送从一个设备到其它设备。由于这是禁忌的的云的方式。
你必须配置在云中连接Recently Microsoft Azure has added a MQTT backend to its' services. This service uses TLS do encrypt its traffic. I can't connect between Mosquitto and the Microsoft Azure Cloud.
I downloaded the server certificate with
echo -n | openssl s_client -connect mytarget.azure-devices.net:8883 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/test.cert
And then tried to connect with mosquitto_sub
mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t devices/Device1/messages/events -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=snip&sig=snip&skn=snip" --cafile /tmp/test.pem --insecure
However, the connection is never built. Mosquitto outputs:
Client Device1 sending CONNECT Error: A TLS error occurred.
I have previously successfully connected mosquitto over ssl to the Amazon cloud (although I got a certificate and Private Key for that). So I tried with adding client certificate/key, which I got from AWS, hopingg the error is that mosquitto does need those files too.
mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t devices/Device1/messages/events -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=snip&sig=snip&skn=snip" --cafile /tmp/test.pem --cert certificate.pem.crt --key -private.pem.key --insecure --insecure
However, this didn't help and didn't change the error message.
I then looked in to the mosquitto code at github and found that the error is probably caused on this line by SSL_connect, which seems to be a openssl function.
Has anybody made mosquitto connect to the Microsoft Azure cloud or has any pointers where to look next?
edit:
I seem to be able to publish by tunneling the SSL over socat:
socat openssl-connect:mytarget.azure-dices.net:8883,verify=0 tcp-l:8884,reuseaddr,fork
And then connection on mosquitto to -h localhost instead of azure gets me:
Client Device1 sending CONNECT Client Device1 received CONNACK Client Device1 sending PUBLISH (d0, q0, r0, m1, 'devices/Device1/messages/events', ... (4 bytes)) Client Device1 sending DISCONNECT
It might be that something from the Azure Host is throwing of mosquitto. Subscribing like this with mosquitto also works.
The problem with this approach is that the ssl-connection seems to be destroyed after the first (few) packet(s) and socat subsequentally complains with
E SSL_write(): Broken pipe
解决方案For anyone else searching for this. We finally managed to get it working with mosquitto_sub/pub:
mosquitto_sub -h mytarget.azure-devices.net -p 8883 -t "devices/Device1/messages/devicebound/#" -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=mytarget.azure-devices.net&sig=snip&skn=snip" --capath /etc/ssl/certs/ --tls-version tlsv1 -d -V mqttv311 -q 1
and for publishing:
mosquitto_pub -h mytarget.azure-devices.net -p 8883 -t "devices/Device1/messages/events/" -i Device2 -u "mytarget.azure-devices.net/Device2" -P "SharedAccessSignature sr=bbvgathering.azure-devices.net&sig=snip&se=snip&skn=snip" --capath /etc/ssl/certs/ --tls-version tlsv1 -d -V mqttv311 -q 1 -m "{\"key\": \"value\"}"
Important You have to send JSON-Data, everything else will get rejected (at least on our setup)!
Note Be adviced that you (seemingly) can't directly send from one device to the other. As this is contra the Cloud way. You'll have to configure a Connection in the cloud
这篇关于连接Mosquitto新的Azure MQTT后端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!