Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rumqttc - How to connect to Mosquitto test broker with TLS #850

Open
FinitelyFailed opened this issue Apr 24, 2024 · 2 comments
Open

rumqttc - How to connect to Mosquitto test broker with TLS #850

FinitelyFailed opened this issue Apr 24, 2024 · 2 comments

Comments

@FinitelyFailed
Copy link

Expected Behavior

When using the given ca-cert being able to connect to a broker which is setup with TLS.

Current Behavior

I'm trying to connect to mosquitto test brokers (https://test.mosquitto.org/), and when I try to connect to one listed as: "8883 : MQTT, encrypted, unauthenticated". Which states that I shall use the ca-cert file provided by mosquitto (mosquitto.org.crt). But when do try I get: "I/O: invalid peer certificate: Other(OtherError(UnsupportedCertVersion))".

Context

  • Operating System: Kubuntu 22.04
  • Toolchain version: Cargo 1.76.0, rumqttc 0.24.0
@swanandx
Copy link
Member

Hey, it looks like the ca-cert's version isn't supported by rustls ( maybe it's X509 older versions? ).

Can you try with older version of rumqttc as well as latest main branch? Just to verify if it's newly included or something that rustls never supported, thanks

@FinitelyFailed
Copy link
Author

Thanks, I'll try an older version.

This is the cert I'm trying to use:

$ openssl x509 -in mosquitto.org.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:8d:61:94:21:af:76:3e:0d:84:15:e4:67:fb:8b:51:93:48:2c:0c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = GB, ST = United Kingdom, L = Derby, O = Mosquitto, OU = CA, CN = mosquitto.org, emailAddress = roger@atchoo.org
        Validity
            Not Before: Jun  9 11:06:39 2020 GMT
            Not After : Jun  7 11:06:39 2030 GMT
        Subject: C = GB, ST = United Kingdom, L = Derby, O = Mosquitto, OU = CA, CN = mosquitto.org, emailAddress = roger@atchoo.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c1:34:1c:a9:88:cd:f4:ce:c2:42:8b:4f:74:c7:
                    1d:ef:8e:6d:d8:b3:6a:63:e0:51:99:83:eb:84:df:
                    df:32:5d:35:e6:06:62:7e:02:11:76:f2:3f:a7:f2:
                    de:d5:9c:f1:2d:9b:a1:6e:9d:ce:b1:fc:49:d1:5f:
                    f6:ea:37:db:41:89:03:d0:7b:53:51:56:4d:ed:f1:
                    75:af:cb:9b:72:45:7d:a1:e3:91:6c:3b:8c:1c:1c:
                    6a:e4:19:8e:91:88:34:76:a9:1d:19:69:88:26:6c:
                    aa:e0:2d:84:e8:31:5b:d4:a0:0e:06:25:1b:31:00:
                    b3:4e:a9:90:41:62:33:0f:aa:0d:f2:e8:fe:cc:45:
                    28:1e:af:42:51:5e:90:c7:82:ca:68:cb:09:b3:70:
                    3c:9c:aa:ca:11:66:3d:6c:22:a3:f3:c3:32:bb:81:
                    4f:33:c7:dd:c8:a8:06:7a:c9:58:a5:dc:dc:e8:d7:
                    74:b1:85:24:e7:e3:ee:93:f4:8f:f7:6b:d8:b1:fb:
                    d9:e4:af:bf:73:d0:40:59:7d:d0:26:4f:16:1a:c2:
                    51:c4:47:49:2c:68:13:ac:a3:18:e7:67:cf:b7:fa:
                    3e:f7:8b:20:1e:7b:e2:44:0e:47:0b:7c:78:f9:f4:
                    ca:27:6b:4c:2d:62:72:d8:a4:10:3d:e7:1d:88:4c:
                    50:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                F5:55:EB:10:54:14:F8:86:28:3C:A8:E5:5D:FE:1D:B8:78:37:D6:12
            X509v3 Authority Key Identifier: 
                F5:55:EB:10:54:14:F8:86:28:3C:A8:E5:5D:FE:1D:B8:78:37:D6:12
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        66:bd:91:2d:b5:37:bd:13:84:ce:bf:1e:3f:43:ee:66:d5:c4:
        a2:c1:8d:55:9e:d9:33:ec:19:f6:e5:de:b1:03:7d:9f:8e:29:
        16:76:8f:a0:02:ea:be:e3:6f:84:d9:3b:77:73:17:6a:7a:76:
        06:eb:95:4e:f5:63:fe:0a:d1:37:73:22:34:63:dd:c4:37:29:
        29:b8:d4:9b:d4:43:48:59:fd:cd:38:88:60:e0:ff:15:9f:fa:
        9a:79:f2:77:cf:01:8c:2e:7a:ba:ee:3c:d5:a6:95:2b:56:01:
        77:f4:51:3a:91:b6:0e:21:40:35:81:b9:41:43:25:3b:96:ba:
        e0:6f:11:7b:9d:cf:be:1e:87:fc:0a:b0:cc:1f:bb:51:c5:be:
        3c:b9:67:48:8c:0d:4f:0f:50:37:a9:8d:5a:25:38:2b:9e:f5:
        ab:21:95:2e:04:07:92:04:09:d4:91:d9:32:2d:9c:02:22:23:
        08:a6:c7:cd:fd:2d:d5:1d:46:e7:5a:7c:cb:b9:4f:95:e6:6b:
        5f:36:38:2d:3f:bb:fc:51:94:49:be:b6:f2:86:1a:67:c5:70:
        dd:29:8a:a5:65:f0:ea:d2:3c:18:08:95:bf:b5:20:a2:44:9b:
        f5:eb:89:6a:ff:0a:ae:21:fc:97:c1:ec:d4:ec:7b:35:6c:96:
        09:01:6a:85

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FinitelyFailed @swanandx