Mosquitto 在使用 CRL 文件时阻止所有连接
Mosquitto blocks all connections when using CRL file
我在 linux 服务器上托管 MQTT 代理。到目前为止,none 的 MQTT 客户端在连接 (sub/pub) 时遇到任何问题,直到我在 Mosquitto 配置文件中添加了“crlfile”行。当我在配置文件中设置“crlfile”时,none 的客户端可以连接。奇怪的是 CRL 文件实际上没有撤销证书。但是,所有客户端都会出现此错误:
Error: The connection was lost.
我正在使用 Mosquitto 2.0.12,这是我的 Mosquitto 配置文件:
# For listener with port 1883
#listener 1883
# Set 8883 as the listener (port)
listener 8883
# Path to the password file
#password_file /etc/mosquitto/passwords
# Path to the cafile
cafile /etc/mosquitto/certs/ca.crt
# Path to the broker cert file
certfile /etc/mosquitto/certs/broker.crt
# Path to the broker key file
keyfile /etc/mosquitto/certs/broker.key
# Path to the CRL file
crlfile /etc/mosquitto/certs/ca.crl
# Whether a certificate is required to connect (Set to true for TLS)
require_certificate true
# Allow anonymous connection (Set to false for TLS)
allow_anonymous false
# Path to Dynamic Security Plugin
plugin /usr/lib/x86_64-linux-gnu/mosquitto_dynamic_security.so
# Path to Dynamic Security config file
plugin_opt_config_file /etc/mosquitto/conf.d/dynamic-security.json
# Whether each listener has the same settings
per_listener_settings false
我设法解决了这个问题。 CRL 文件是使用 Python 的加密库生成的。问题是,当我设置上次更新和下一次更新日期时间时,我使用本地时间设置了它,而我应该根据 UTC 时间设置它。所以我改变了我的代码
crl_builder = crl_builder.last_update(datetime.utcnow())
crl_builder = crl_builder.next_update(datetime.utcnow() + timedelta(days=365000))
至
crl_builder = crl_builder.last_update(pytz.utc.localize(datetime.utcnow()))
crl_builder = crl_builder.next_update(pytz.utc.localize(datetime.utcnow()) + timedelta(days=365000))
现在我的 Mosquitto 经纪人工作正常:)
我在 linux 服务器上托管 MQTT 代理。到目前为止,none 的 MQTT 客户端在连接 (sub/pub) 时遇到任何问题,直到我在 Mosquitto 配置文件中添加了“crlfile”行。当我在配置文件中设置“crlfile”时,none 的客户端可以连接。奇怪的是 CRL 文件实际上没有撤销证书。但是,所有客户端都会出现此错误:
Error: The connection was lost.
我正在使用 Mosquitto 2.0.12,这是我的 Mosquitto 配置文件:
# For listener with port 1883
#listener 1883
# Set 8883 as the listener (port)
listener 8883
# Path to the password file
#password_file /etc/mosquitto/passwords
# Path to the cafile
cafile /etc/mosquitto/certs/ca.crt
# Path to the broker cert file
certfile /etc/mosquitto/certs/broker.crt
# Path to the broker key file
keyfile /etc/mosquitto/certs/broker.key
# Path to the CRL file
crlfile /etc/mosquitto/certs/ca.crl
# Whether a certificate is required to connect (Set to true for TLS)
require_certificate true
# Allow anonymous connection (Set to false for TLS)
allow_anonymous false
# Path to Dynamic Security Plugin
plugin /usr/lib/x86_64-linux-gnu/mosquitto_dynamic_security.so
# Path to Dynamic Security config file
plugin_opt_config_file /etc/mosquitto/conf.d/dynamic-security.json
# Whether each listener has the same settings
per_listener_settings false
我设法解决了这个问题。 CRL 文件是使用 Python 的加密库生成的。问题是,当我设置上次更新和下一次更新日期时间时,我使用本地时间设置了它,而我应该根据 UTC 时间设置它。所以我改变了我的代码
crl_builder = crl_builder.last_update(datetime.utcnow())
crl_builder = crl_builder.next_update(datetime.utcnow() + timedelta(days=365000))
至
crl_builder = crl_builder.last_update(pytz.utc.localize(datetime.utcnow()))
crl_builder = crl_builder.next_update(pytz.utc.localize(datetime.utcnow()) + timedelta(days=365000))
现在我的 Mosquitto 经纪人工作正常:)