GMQTT with TLS: ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
Closed this issue · 5 comments
TLS option is not working as expected. I can only set ssl to True but I cannot provide a path to the cert file.
Mosquitto configuration is working ok with TLS both publisher and subscriber:
mosquitto_sub --cafile /etc/mosquitto/ca_certificates/ca.crt -h 37c16a79d00a -t 'test' -p 8883 -u report -P 'report'
mosquitto_pub --cafile /etc/mosquitto/ca_certificates/ca.crt -h 37c16a79d00a -t 'test' -m 'amessage' -p 8883 -u report -P 'report'
mosquitto -v -c /etc/mosquitto/mosquitto.conf
1575295867: New client connected from 172.17.0.3 as mosq-W7nvl4LtsfAVItCtHT (p2, c1, k60, u'report').
1575295867: Client mosq-W7nvl4LtsfAVItCtHT disconnected.
1575295870: New connection from 172.17.0.3 on port 8883.
If I try to apply same configuration for gmqtt I get the error on the title
# EXAMPLE
import asyncio
from gmqtt import Client
async def main():
cli = Client(client_id='test',
will_message=None,
clean_session=True)
cli.set_auth_credentials('report', password='report')
await cli.connect(host='37c16a79d00a',
port=8883,
keepalive=True,
ssl=True)
if __name__ == '__main__':
loop = asyncio.get_event_loop()
loop.run_until_complete(main())
ERROR FILE
gmqtt/mqtt/connection.py
ERROR LINE
transport, protocol = await loop.create_connection(MQTTProtocol, host, port, ssl=ssl)
ERROR MESSAGE
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)
I would like to know how to implement TLS over gmqtt. Could you provide a quick example?
Thanks
Hi @nicoCalvo
You should pass ssl.SSLContext object as ssl argument (if you pass ssl=True ssl.create_default_context() is used)
So I guess in your case you should create context yourself and pass it to client.connect method:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ssl_ctx.load_cert_chain(`ca_file`)
await cli.connect(host='37c16a79d00a',
port=8883,
keepalive=True,
ssl=ssl_ctx)
Hi @Lenka42 you're right! That was the problem, actually I made it work this way:
import asyncio
import socket
import ssl
from gmqtt import Client
async def main():
cli = Client(client_id='test',
will_message=None,
clean_session=True)
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
ssl_context.load_cert_chain('/etc/mosquitto/certs/mosquitto_client.crt',
keyfile='/etc/mosquitto/certs/mosquitto_client.key')
await cli.connect(host='localhost', # socket.gethostname()
port=8883,
keepalive=True,
ssl=ssl_context)
cli.publish('test','lala')
if __name__ == '__main__':
loop = asyncio.get_event_loop()
loop.run_until_complete(main())
Thanks for your help.
Best,
Nick
Hi
I would also like to know how to implement TLS over gmqtt. Could you please provide a example?
The one which is in the thread is ssl not tls.
DOes gmqtt supports tls? I know that paho-mqtt does
Yes, gmqtt support SSL/TLS
Does the code about is not working for you (because it's using TLS ver1.2 proto)? If you will look through the paho.mqtt code you will see, that they make a SSL/TLS connection by building SSLContext object, like as example above as;
If you faced with some problem - please create a new issue and write more information about it (os version, python version, which broker do you use, which version of TLS and example of your code);
Hi @Mixser
I'm new to this and exploring tls/ssl on gmqtt. I just want to know how can we generate this mosquitto_client.crt and mosquitto_client.key which is being used in the above code.