Announcement

Collapse
No announcement yet.

SSL Support for mcsMQTT

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Is SSL for MQTT needed on a local network? I know it’s possible for somebody to hack into a local wireless network, but it takes a lot of effort and I don’t see why anyone would want to hack MQTT. Wouldn’t they go after more valuable information? My approach for web access and/or control of MQTT would be via HS3 and/or the HSTouch (MyHS) app. They are already reasonably secure.

    It would be great if an SSL option were available; I’m just saying I don’t think I would use it.

    Maybe if I had digital door locks, I would be more inclined to implement it.

    Steve Q
    Last edited by Steve Q; April 14, 2018, 01:15 PM.
    HomeSeer Version: HS3 Pro Edition 3.0.0.368, Operating System: Microsoft Windows 10 - Home, Number of Devices: 373, Number of Events: 666, Enabled Plug-Ins
    2.0.83.0: BLRF, 2.0.10.0: BLUSBUIRT, 3.0.0.75: HSTouch Server, 3.0.0.58: mcsXap, 3.0.0.11: NetCAM, 3.0.0.36: X10, 3.0.1.25: Z-Wave,Alexa,HomeKit

    Comment


      #17
      Yeah here would maybe use it for wireless stuff only on the home network.

      Just getting ready to test my tinker toy micro routers which utilize OpenWRT and can utilize a wireless connection. Mosquitto will be utilizing Python with these devices.
      - Pete

      Auto mator
      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
      Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
      HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

      HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
      HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

      X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

      Comment


        #18



        Nice one! Steve Q,

        Reminds me of this here : https://forums.homeseer.com/showthread.php?t=194615
        There is really no need although you can to manage mqtt remotely since all the hard work is already done for you by MyHS. The devices can be viewed and controlled through HSTouch so why poke holes in your firewall?

        But if one must insist then look and learn from how well it's done with this app here : http://owntracks.org/booklet/guide/broker/




        Eman.
        TinkerLand : Life's Choices,"No One Size Fits All"

        Comment


          #19
          Originally posted by Eman View Post
          Nice one! Steve Q,

          Reminds me of this here : https://forums.homeseer.com/showthread.php?t=194615
          There is really no need although you can to manage mqtt remotely since all the hard work is already done for you by MyHS. The devices can be viewed and controlled through HSTouch so why poke holes in your firewall?

          But if one must insist then look and learn from how well it's done with this app here : http://owntracks.org/booklet/guide/broker/




          Eman.
          Oops, I probably read your post. It clearly made an impression.
          HomeSeer Version: HS3 Pro Edition 3.0.0.368, Operating System: Microsoft Windows 10 - Home, Number of Devices: 373, Number of Events: 666, Enabled Plug-Ins
          2.0.83.0: BLRF, 2.0.10.0: BLUSBUIRT, 3.0.0.75: HSTouch Server, 3.0.0.58: mcsXap, 3.0.0.11: NetCAM, 3.0.0.36: X10, 3.0.1.25: Z-Wave,Alexa,HomeKit

          Comment


            #20
            Has anybody had success with using a certificate with Mosquitto and mcsMQTT?

            My latest attempt was using TLS1.1 rather than 1.2. HS, mcsMQTT and Mosquitto on Linux. Previously mcsMQTT was on Windows.
            Mosquitto log reports the following. Don't know if it is complaining about contents or ability to find file. It does exist
            Code:
            1523849104: Error: Unable to load server key file "/usr/local/HomeSeer/Certs/m2mqtt_srv.key". Check keyfile.
            The file at the indicated path is
            Code:
            -----BEGIN RSA PRIVATE KEY-----
            Proc-Type: 4,ENCRYPTED
            DEK-Info: DES-EDE3-CBC,38D4B13DC1301BDA
            
            sFB0HvAG9lSXXu6PgZe1yDw5/l1gJDn4Fc/M+Xo5BfJjN/jGo1pksmBjTWvSTChx
            NgjdrLxvNsBDjIKqfbsjBYQpuuYgzWQs7OdV7oH1of19OGSqvbCl6j6Cv6RoWaTd
            8WLqvoUr4h99cmdgpFr0zcqgaAHL28KNyyrLNb6szQ1dTog3BFVvTKHoiOuVTZXB
            J6xSBqFq941QLf1gnoDSFXbAqXDZbRflpSAVrS11jXtdtpkXagpUgS57WY1nRcfj
            /xfsvKQ5qPF41lzmF7y98Yr4noLObXmb16O3WCBaheAeMAXujDArNOUJHnVX3qog
            egqb2GJmlBUIY/JxkM+aTf3/odsn5Xmx0u1Smwqb148+m82mBV+cMwesFNUb2sXj
            5u0tgC9dPBwMiWQa5X/CwCc3ME+1Y27fHEtsc7s2DQdS23BqBbOrqniQJwWwXWhN
            vlGYTU+fbxkoJc+2X0kEwvHDQeHV4sq1uM8gGrVPC59X8bs+quzuxxLRhEuPgTtg
            pPvmRWlOEBI/gYKY4Czgy2rHOw4/br3XkyAFzCMvsyy5pSWKpwE4Ha07xg0vorjD
            b5RmEidey+KL8JINm59+ssVKSGnMyM9ZSZDTMEfUOQ3T6SX6pwqRsPofX+uWoVUM
            1imnN7WTs3Ogqet1Y4pdr/KyHZmVH7ujzhVmSIRBY4M/1onApAZJxfM7ODKKCNVP
            xHeHeLppJtZNF0JG3pOLKKkuIUBDQY2fpzYebRQvYQhlcMOSbomVbRAkp18GUb2j
            uc5WMTKNsUaEns6hOXpADRjNVh4yDUZLIh8EPtlTPMcKHevMUxs9AA==
            -----END RSA PRIVATE KEY-----
            Attached Files
            Last edited by Michael McSharry; April 15, 2018, 10:37 PM.

            Comment


              #21
              I use TLS on Mosquitto, but without client-certs, just username and password.
              I tried that (leaving the Cert-files blank), but that doesn't seem to work...?

              Comment


                #22
                Originally posted by Michael McSharry View Post
                Has anybody had success with using a certificate with Mosquitto and mcsMQTT?

                My latest attempt was using TLS1.1 rather than 1.2. HS, mcsMQTT and Mosquitto on Linux. Previously mcsMQTT was on Windows.
                Mosquitto log reports the following. Don't know if it is complaining about contents or ability to find file. It does exist
                Code:
                1523849104: Error: Unable to load server key file "/usr/local/HomeSeer/Certs/m2mqtt_srv.key". Check keyfile.
                The file at the indicated path is
                Code:
                -----BEGIN RSA PRIVATE KEY-----
                Proc-Type: 4,ENCRYPTED
                DEK-Info: DES-EDE3-CBC,38D4B13DC1301BDA
                
                sFB0HvAG9lSXXu6PgZe1yDw5/l1gJDn4Fc/M+Xo5BfJjN/jGo1pksmBjTWvSTChx
                NgjdrLxvNsBDjIKqfbsjBYQpuuYgzWQs7OdV7oH1of19OGSqvbCl6j6Cv6RoWaTd
                8WLqvoUr4h99cmdgpFr0zcqgaAHL28KNyyrLNb6szQ1dTog3BFVvTKHoiOuVTZXB
                J6xSBqFq941QLf1gnoDSFXbAqXDZbRflpSAVrS11jXtdtpkXagpUgS57WY1nRcfj
                /xfsvKQ5qPF41lzmF7y98Yr4noLObXmb16O3WCBaheAeMAXujDArNOUJHnVX3qog
                egqb2GJmlBUIY/JxkM+aTf3/odsn5Xmx0u1Smwqb148+m82mBV+cMwesFNUb2sXj
                5u0tgC9dPBwMiWQa5X/CwCc3ME+1Y27fHEtsc7s2DQdS23BqBbOrqniQJwWwXWhN
                vlGYTU+fbxkoJc+2X0kEwvHDQeHV4sq1uM8gGrVPC59X8bs+quzuxxLRhEuPgTtg
                pPvmRWlOEBI/gYKY4Czgy2rHOw4/br3XkyAFzCMvsyy5pSWKpwE4Ha07xg0vorjD
                b5RmEidey+KL8JINm59+ssVKSGnMyM9ZSZDTMEfUOQ3T6SX6pwqRsPofX+uWoVUM
                1imnN7WTs3Ogqet1Y4pdr/KyHZmVH7ujzhVmSIRBY4M/1onApAZJxfM7ODKKCNVP
                xHeHeLppJtZNF0JG3pOLKKkuIUBDQY2fpzYebRQvYQhlcMOSbomVbRAkp18GUb2j
                uc5WMTKNsUaEns6hOXpADRjNVh4yDUZLIh8EPtlTPMcKHevMUxs9AA==
                -----END RSA PRIVATE KEY-----
                Running it here without any problems. Your Key files is encrypted (don't use -des3 when you create it)
                Try it unencrypted.
                To decrypt:
                openssl rsa -in m2mqtt_srv.key -out m2mqtt_srv.key (may have to use a different name for -out)

                Your mosquitto.conf says:
                keyfile /usr/local/HomeSeer/Certs/m2mqtt_srv.key

                Here's a good link:
                https://github.com/knolleary/pubsubclient/issues/84

                Also to create the certs/keys:
                https://mosquitto.org/man/mosquitto-tls-7.html

                Z

                Comment


                  #23
                  Trying from scratch here.

                  Initially just created a sslcert directory on my laptop desktop.

                  /home/pete/Desktop/sslcert# ls
                  /home/pete/Desktop/sslcert#

                  1 - Certificate Authority

                  Generate a certificate authority certificate and key.

                  /home/pete/Desktop/sslcert# openssl req -new -x509 -days 500 -extensions v3_ca -keyout ca.key -out ca.crt

                  Generating a 2048 bit RSA private key
                  .......+++
                  ........+++
                  writing new private key to 'ca.key'
                  Enter PEM pass phrase:
                  Verifying - Enter PEM pass phrase:
                  -----
                  You are about to be asked to enter information that will be incorporated
                  into your certificate request.
                  What you are about to enter is what is called a Distinguished Name or a DN.
                  There are quite a few fields but you can leave some blank
                  For some fields there will be a default value,
                  If you enter '.', the field will be left blank.
                  -----
                  Country Name (2 letter code) [AU]:US
                  State or Province Name (full name) [Some-State]:
                  Locality Name (eg, city) []:
                  Organization Name (eg, company) [Internet Widgits Pty Ltd]:
                  Organizational Unit Name (eg, section) []:
                  Common Name (e.g. server FQDN or YOUR name) []:
                  Email Address []:
                  /home/pete/Desktop/sslcert#

                  /home/pete/Desktop/sslcert# ls
                  ca.crt ca.key

                  2 - Client

                  - Generate a client key.

                  openssl genrsa -out client.key 2048
                  Generating RSA private key, 2048 bit long modulus
                  ............................+++
                  ............................................................ ..........................+++
                  e is 65537 (0x10001)

                  - Generate a certificate signing request to send to the CA.

                  openssl req -out client.csr -key client.key -new

                  Send the CSR to the CA, or sign it with your CA key:

                  openssl req -out client.csr -key client.key -new
                  You are about to be asked to enter information that will be incorporated
                  into your certificate request.
                  What you are about to enter is what is called a Distinguished Name or a DN.
                  There are quite a few fields but you can leave some blank
                  For some fields there will be a default value,
                  If you enter '.', the field will be left blank.
                  -----
                  Country Name (2 letter code) [AU]:US
                  State or Province Name (full name) [Some-State]:
                  Locality Name (eg, city) []:
                  Organization Name (eg, company) [Internet Widgits Pty Ltd]:
                  Organizational Unit Name (eg, section) []:
                  Common Name (e.g. server FQDN or YOUR name) []:
                  Email Address []:

                  Please enter the following 'extra' attributes
                  to be sent with your certificate request
                  A challenge password []:
                  An optional company name []:
                  /home/pete/Desktop/sslcert#

                  /home/pete/Desktop/sslcert# ls
                  ca.crt ca.key client.csr client.key

                  Send the CSR to the CA, or sign it with your CA key:

                  /home/pete/Desktop/sslcert# openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 500
                  Signature ok
                  subject=/C=US/ST=Some-State/O=Internet Widgits Pty Ltd
                  Getting CA Private Key
                  Enter pass phrase for ca.key:
                  /home/pete/Desktop/sslcert#

                  /home/pete/Desktop/sslcert# ls
                  ca.crt ca.key ca.srl client.crt client.csr client.key

                  Copied sslcert directory to /HomeSeer/sslcert directory

                  [ATTACH]68209[/ATTACH]

                  Configuration on plugin page.

                  [ATTACH]68210[/ATTACH]

                  Node Red configuration:

                  created a directory on desktop called noderedcerts and did the following:

                  Server

                  - Generate a server key.

                  openssl genrsa -out server.key 2048

                  - Generate a server key without encryption.

                  openssl genrsa -out server.key 2048

                  - Generate a certificate signing request to send to the CA.

                  openssl req -out server.csr -key server.key -new

                  Send the CSR to the CA, or sign it with your CA key:

                  openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 500

                  Node Red pictures. Here just upload certs from desktop.

                  [ATTACH]68211[/ATTACH]

                  [ATTACH]68212[/ATTACH]

                  When enabled on the Homeseer 3 / mqtt plugin side see this: (goes offline)

                  [ATTACH]68213[/ATTACH]

                  debug.txt shows this when working:

                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict 10.67C6697351FF8D/temperature, PluginDevice=True
                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict 26.061575000000/temperature, PluginDevice=True
                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict 26.061575000000/humidity, PluginDevice=True
                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict 10.67C6697351FF/temperature, PluginDevice=True
                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict 10.A04713000800/temperature, PluginDevice=True

                  to this when it goes offline:

                  4/16/2018 7:26:54 AM 112 | PopulateReceiveDict , PluginDevice=False
                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict , PluginDevice=False
                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict , PluginDevice=False
                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict , PluginDevice=False
                  4/16/2018 7:26:54 AM 113 | PopulateReceiveDict , PluginDevice=False

                  Node Red shows connecting but never connected.

                  syslog shows:

                  Apr 16 08:36:11 ICS-Stretch175 Node-RED[266]: 16 Apr 08:36:11 - [info] [mqtt-broker:humidity] Connected to broker: mqtt://localhost:1883
                  Apr 16 08:36:11 ICS-Stretch175 Node-RED[266]: 16 Apr 08:36:11 - [info] [debug:10.A14-Temp] 69.7
                  Apr 16 08:36:14 ICS-Stretch175 Node-RED[266]: 16 Apr 08:36:14 - [info] [debug:26.5CD-Humidity] 37.9
                  Apr 16 08:36:15 ICS-Stretch175 Node-RED[266]: 16 Apr 08:36:15 - [info] [debug:26.5CD-Temp] 70.8
                  Apr 16 08:36:24 ICS-Stretch175 Node-RED[266]: 16 Apr 08:36:24 - [info] [debug:10.A14-Temp] 69.6
                  Apr 16 08:36:24 ICS-Stretch175 Node-RED[266]: 16 Apr 08:36:24 - [info] [debug:26.5CD-Humidity] 38
                  Apr 16 08:36:24 ICS-Stretch175 Node-RED[266]: 16 Apr 08:36:24 - [info] [debug:26.5CD-Temp] 70.5
                  Apr 16 08:36:26 ICS-Stretch175 Node-RED[266]: 16 Apr 08:36:26 - [info] [mqtt-broker:Temperature] Connection failed to broker: mqtts://192.168.244.175:1883
                  Last edited by Pete; April 16, 2018, 08:38 AM.
                  - Pete

                  Auto mator
                  Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                  Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                  HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                  HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                  HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                  X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                  Comment


                    #24
                    Originally posted by Michael McSharry View Post
                    Has anybody had success with using a certificate with Mosquitto and mcsMQTT?

                    My latest attempt was using TLS1.1 rather than 1.2. HS, mcsMQTT and Mosquitto on Linux. Previously mcsMQTT was on Windows.
                    Mosquitto log reports the following. Don't know if it is complaining about contents or ability to find file. It does exist
                    Code:
                    1523849104: Error: Unable to load server key file "/usr/local/HomeSeer/Certs/m2mqtt_srv.key". Check keyfile.
                    The file at the indicated path is

                    [/code]
                    After loading the latest PI, I have the same issue and error in the debug log. No connection to the broker.
                    BTW, is there a simple method to see if you're actuall connected to the broker? It's not obvious from the PI config page.

                    Z
                    (additionally, once you enter a Client cert, you can't remove it from the GUI, you have to manually edit the ini config file)

                    Comment


                      #25
                      My broker log is spitting out:
                      SSL3_GET_RECORD:wrong version number

                      Does this for both TLSV1_1 as well as TLSv1_2, so it sounds like that's where the problem is in the plugin.
                      If I remember the m2mqtt library it's in the MqttClient call argument:
                      MqttSslProtocols.TLSv1_2

                      Z

                      Comment


                        #26
                        Sorry for all the posts...
                        Had to go back to 3.2.9.3 before I could get it to work with just a CA file again.


                        Edit... Ahh... That was BEFORE port 8883 is why. I'm running both ports on the broker, didn't catch that.
                        Nontheless, I can't get anything working with just the CAcert now. I "think" I was doing TLSV1_1 initially, so that might be why.

                        Z

                        Comment


                          #27
                          BTW, is there a simple method to see if you're actuall connected to the broker? It's not obvious from the PI config page.
                          Found on Statistics Tab first row.

                          The code sequence to establish connection to broker is below. The security information is passed as the MQTT Client object is created. The connection method of the MQTT Client contains username and password. Note that I assumed that both certificates are needed. Is this not the case?
                          Code:
                                                  Dim bSecure As Boolean = False
                                                  Dim caCert As System.Security.Cryptography.X509Certificates.X509Certificate = Nothing
                                                  Dim clientCert As System.Security.Cryptography.X509Certificates.X509Certificate = Nothing
                                                  Dim sslProtocol As uPLibrary.Networking.M2Mqtt.MqttSslProtocols = uPLibrary.Networking.M2Mqtt.MqttSslProtocols.None
                          
                                                  If gMQTTBrokerSSL <> uPLibrary.Networking.M2Mqtt.MqttSslProtocols.None AndAlso gMQTTBrokerCaCert <> "" AndAlso gMQTTBrokerClientCert <> "" Then
                                                      Dim sCert As String = "CaCert"
                                                      Try
                                                          caCert = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(gMQTTBrokerCaCert)
                                                          sCert = "Client Cert"
                                                          clientCert = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(gMQTTBrokerClientCert)
                                                          sslProtocol = gMQTTBrokerSSL
                                                          bSecure = True
                                                      Catch ex As Exception
                                                          hsWritelog(PLUGIN_DEBUG, sCert & " issue " & ex.Message)
                                                      End Try
                                                  End If
                          
                                                  oMQTTClient = New uPLibrary.Networking.M2Mqtt.MqttClient(gMQTTBroker, gMQTTBrokerPort, bSecure, caCert, clientCert, sslProtocol)
                                                  bSubscribed = False
                                                  If bFirstPass Then
                                                      hsWritelog(PLUGIN_DEBUG, "MQTT Thread Client Created")
                                                  End If
                          
                                                  AddHandler oMQTTClient.MqttMsgPublishReceived, AddressOf client_MqttMsgPublishReceived
                                                  Dim clientId As String = Guid.NewGuid().ToString()
                                                  If bFirstPass Then
                                                      hsWritelog(PLUGIN_DEBUG, "MQTT Thread Client ID=" & clientId)
                                                  End If
                          
                                                  Try
                                                      iBrokerResponse = oMQTTClient.Connect(
                                                          clientId,
                                                          gMQTTBrokerUsername,
                                                          gMQTTBrokerPassword,
                                                          gDefaultRetain,
                                                          gDefaultQOS,
                                                          True,
                                                          gThisComputer & "/" & PLUGIN_NAME & "/LWT",
                                                          "Offline",
                                                          True,
                                                          60)  'False,, 'Messages.MqttMsgBase.QOS_LEVEL_EXACTLY_ONCE,
                                                      If bFirstPass Then
                                                          hsWritelog(PLUGIN_DEBUG, "MQTT Thread Broker " & gMQTTBroker & " Connect Response=" & iBrokerResponse.ToString)
                                                      End If
                          
                                                  Catch ex As Exception
                                                      If gDebugLog Then
                                                          hsWritelogEx(PLUGIN_DEBUG, "StartMQTT Connection attempt to Broker " & gMQTTBroker, ex.Message & ":" & ex.InnerException.Message)
                                                          oMQTTClient = Nothing
                                                      End If
                                                  End Try
                          The user selection for the SSL is
                          Code:
                                  Dim arrSSL() As String = {uPLibrary.Networking.M2Mqtt.MqttSslProtocols.None.ToString, _
                                                              uPLibrary.Networking.M2Mqtt.MqttSslProtocols.SSLv3.ToString, _
                                                              uPLibrary.Networking.M2Mqtt.MqttSslProtocols.TLSv1_0.ToString, _
                                                              uPLibrary.Networking.M2Mqtt.MqttSslProtocols.TLSv1_1.ToString, _
                                                              uPLibrary.Networking.M2Mqtt.MqttSslProtocols.TLSv1_2.ToString}
                                  For iSSL As Integer = 0 To arrSSL.Length - 1
                                      bSelected = (iSSL = gMQTTBrokerSSL)
                                      dl.AddItem(arrSSL(iSSL), iSSL, bSelected)
                                  Next
                          :
                          :
                          Case MQTTBROKERSSL
                          If IsNumeric(sValue) Then
                          gMQTTBrokerSSL = CType(sValue, Integer)
                          hs.SaveINISetting(GENERAL_GROUP, sItem, q & sValue & q, MQTT_INI_FILE)
                          oMQTTClient = Nothing
                          Else
                          Me.pageCommands.Add("popmessage", sValue & " is invalid selection for SSL")
                          End If

                          Comment


                            #28
                            I don't see any reliable documentation on M2Mqtt and client certs. I'd roll back to just the CA cert in your if->andALso check and see if that works as a starter (could also add another if/then for CA AND client cert). Also might either hardcode in the TLSV1_2 object or see if you can add the enum to the array instead of a string. Not sure if it's looking of the M2Mqttprotcol object or a string.

                            Z

                            Comment


                              #29
                              The two edits were done in the attached. Still need some SSL selected on mcsMQTT setup but the 1.2 will be used.
                              Code:
                                                      If gMQTTBrokerSSL <> uPLibrary.Networking.M2Mqtt.MqttSslProtocols.None AndAlso gMQTTBrokerCaCert <> "" Then 'AndAlso gMQTTBrokerClientCert <> "" Then
                                                          Dim sCert As String = "CaCert"
                                                          Try
                                                              caCert = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(gMQTTBrokerCaCert)
                                                              sCert = "Client Cert"
                                                              clientCert = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(gMQTTBrokerClientCert)
                                                              sslProtocol = uPLibrary.Networking.M2Mqtt.MqttSslProtocols.TLSv1_2 'gMQTTBrokerSSL
                                                              bSecure = True
                                                          Catch ex As Exception
                                                              hsWritelog(PLUGIN_DEBUG, sCert & " issue " & ex.Message)
                                                          End Try
                                                      End If
                              Last edited by Michael McSharry; April 19, 2018, 03:30 PM.

                              Comment


                                #30
                                Originally posted by Michael McSharry View Post
                                The two edits were done in the attached. Still need some SSL selected on mcsMQTT setup but the 1.2 will be used.
                                Code:
                                                        If gMQTTBrokerSSL <> uPLibrary.Networking.M2Mqtt.MqttSslProtocols.None AndAlso gMQTTBrokerCaCert <> "" Then 'AndAlso gMQTTBrokerClientCert <> "" Then
                                                            Dim sCert As String = "CaCert"
                                                            Try
                                                                caCert = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(gMQTTBrokerCaCert)
                                                                sCert = "Client Cert"
                                                                clientCert = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(gMQTTBrokerClientCert)
                                                                sslProtocol = uPLibrary.Networking.M2Mqtt.MqttSslProtocols.TLSv1_2 'gMQTTBrokerSSL
                                                                bSecure = True
                                                            Catch ex As Exception
                                                                hsWritelog(PLUGIN_DEBUG, sCert & " issue " & ex.Message)
                                                            End Try
                                                        End If
                                Still fails with protocol version not supported, but I'm not convinced that's it yet. Can you put a null where the client cert argument is in the MqttClient call. It's trying to resolve that cert.
                                I also see numerous port 8883 being opened each time it attempts to connect. Are they being closed when they fail?

                                Z

                                Comment

                                Working...
                                X