mosquitto 中的 tls 连接失败

tls connection failure in mosquitto

我已经生成证书并能够使用以下命令成功连接

mosquitto_sub -t "hello/world" -v --cafile ../certs/ca.crt --cert ../certs/client.crt --key ../certs/client.key

虽然我尝试使用相同的证书对我的代码执行相同的操作,但我遇到了以下错误

客户端

LIBMOSQUITTO 1004005
8: Unable to connect: A TLS error occurred.
Success

服务器端

1452241406: New connection from 127.0.0.1 on port 1883.
1452241406: OpenSSL Error: error:140780E5:SSL routines:SSL23_READ:ssl handshake failure
1452241406: Socket error on client <unknown>, disconnecting.

这是我的代码

int main(){
printf("LIBMOSQUITTO %d\n", LIBMOSQUITTO_VERSION_NUMBER);

        if ((m = mosquitto_new("rtr", 1, NULL)) == NULL) {
                fprintf(stderr, "Out of memory.\n");
                exit(1);
        }

        int rc = mosquitto_tls_set(m,
                        "path/to/ca.crt",          /* cafile */
                        NULL,                   /* capath */
                        "/path/to/client.crt",             /* certfile */
                        "/path/to/client.key",             /* keyfile */
                        NULL                    /* pw_callback() */
                        );

        if (rc != MOSQ_ERR_SUCCESS) {
                fprintf(stderr, "Cannot set TLS CA: %s (check path names)\n",
                                mosquitto_strerror(rc));
                exit(3);
        }
#if 0
        mosquitto_tls_opts_set(m,
                        SSL_VERIFY_PEER,
                        NULL,                   /* tls_version: "tlsv1.2", "tlsv1" */
                        NULL                    /* ciphers */
                        );
        mosquitto_tls_insecure_set(m, 1);
#endif
        if ((rc = mosquitto_connect(m, "localhost", 1883, 20)) != MOSQ_ERR_SUCCESS) {
                fprintf(stderr, "%d: Unable to connect: %s\n", rc,
                                mosquitto_strerror(rc));
                perror("");
                exit(2);
        }
}

更新:还测试了端口 8884

您的代码正在连接到通常不是 TLS 端口的 1883 端口;取决于您在 mosquitto.conf 中配置的内容,我认为您需要端口 8883,假设您在 8883 配置了 TLS 侦听器。

我还指出您使用了 /path/topath/to,这可能是也可能不是 copy/paste 错字。

您还没有打电话给 mosquitto_lib_init()