OpenMQTTGateway icon indicating copy to clipboard operation
OpenMQTTGateway copied to clipboard
verified publisher icon 1technophile

ssl wrong version number

Open fariouche opened this issue 3 years ago • 5 comments

Describe the bug I'm using a secured mqtt broker (mosquitto) and it is set up to only accept tls (default behavior) I'm getting an error "ssl wrong version number" which indicates that the esp32 is not using tls (most likely from what I've read)

I know that the CA is valid, as it works with the mosquitto_sub command line

My serial traces are weird, (carriage return) but here are the traces (no error) and it will continue to display n24. then n34. etc I don't know yet were to look at in the code to investigate.

*WM: [1] AutoConnect: SUCCESS *WM: [1] STA IP Address: 192.168.30.134 N: BLE scans interval: 55555 N: BLE scans number before connect: 10 N: Publishing only BLE sensors: false N: minrssi: 100 N0 ] * . n 1 4 .

To Reproduce Steps to reproduce the behavior: 1- Setup an mqtt broker to use ssl (set keyfile and certfile and cafile and listener is set to 8883. All other fields are commented. No username etc) 2- Setup User_config.h and set certificate, MQTT_SERVER and MQTT_PORT 3- when setuping the OMG using the portal, I've made sure I've set secure and removed user and password. 4- connect to the broker 5- see the error from mosquitto: "OpenSSL Error[0]: error:1408F10B:SSL routines:ssl3_get_record:wrong version number"

I don't know yet if I've done something wrong (not impossible even after triple checking!)

Expected behavior OMG should connect using the provided ca file and settings

Environment (please complete the following information):

  • OpenMQTTGateway version used : development

fariouche avatar Jun 01 '22 09:06 fariouche

I've got it working by hardcoding the certificate in User_config.h. Pasting it in the portal seems to corrupt it (mine is 4096 Bytes)

fariouche avatar Jun 02 '22 15:06 fariouche

I think I've found the root cause: In main.ino, this line: WiFiManagerParameter custom_mqtt_cert("cert", "mqtt broker cert", mqtt_cert.c_str(), 2048)

set the certificate size to 2048... I think increasing it to 4096 will solve the issue

fariouche avatar Jun 06 '22 16:06 fariouche

@fariouche did you tested if it works?

1technophile avatar Jun 07 '22 21:06 1technophile

Not yet, I'm fighting an other bug were my server refuses the client certificate for the OTA even if I've disabled it in OMG. I will do the test as soon as I've sorted out this OTA problem :)

fariouche avatar Jun 08 '22 08:06 fariouche

Ok, good news, it works with 4096 :)

fariouche avatar Jun 09 '22 08:06 fariouche