mosquitto
mosquitto copied to clipboard
eclipse
Pls help me, TLS problem!!
#Hi im tryng to use pkcs11 openssl engine to integrate tpm in mosquitto.
running "openssl engine" i can see this: openssl engine (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support
#loading with the export, this config: export OPENSSL_CONF=/root/tpm2-pkcs11.openssl.conf
openssl engine (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support (pkcs11) pkcs11 engine
in my mosquitto.conf: ................... tls_engine pkcs11 tls_engine_kpass_sha1 "####sha value##" tls_keyform engine tls_version tlsv1.1
cafile /etc/mosquitto/certs/ca.crt certfile /etc/mosquitto/certs/cert.crt keyfile ????
all my questions:
im getting this error 1665153375: mosquitto version 2.0.15 starting 1665153375: Config loaded from /etc/mosquitto/mosquitto.conf. 1665153375: Opening ipv4 listen socket on port 1883. 1665153375: Opening ipv6 listen socket on port 1883. 1665153375: Opening ipv4 listen socket on port 8883. 1665153375: Opening ipv6 listen socket on port 8883. 1665153375: Error: Unable to set engine secret mode sha 1665153375: OpenSSL Error[0]: error:260AC089:engine routines:int_ctrl_helper:invalid cmd name 1665153375: OpenSSL Error[1]: error:260B2089:engine routines:ENGINE_ctrl_cmd:invalid cmd name How can i solve?
in mosquitto.conf what ive to pass at keyfile param? I generate a csr cert from tpm using pkcs11, signed with my created ca. Private key is in tpm......
if i omit keyfile in conf seems work, but when i try to do a publish: mosquitto_pub -p 8883 -t c -m "ciao" --tls-version tlsv1.1 --cafile /etc/mosquitto/certs/ca.crt -d --insecure Client null sending CONNECT Error: Protocol error
mosquitto log without keyfile value
1665156221: mosquitto version 2.0.15 starting
1665156221: Config loaded from /etc/mosquitto/mosquitto.conf.
1665156221: Opening ipv4 listen socket on port 1883.
1665156221: Opening ipv6 listen socket on port 1883.
1665156221: Opening ipv4 listen socket on port 8883.
1665156221: Opening ipv6 listen socket on port 8883.
1665156221: mosquitto version 2.0.15 running
1665156254: New connection from 127.0.0.1:40516 on port 8883.
1665156254: Client
mosquitto log with keyfile value 1665153374: mosquitto version 2.0.15 starting 1665153374: Config loaded from /etc/mosquitto/mosquitto.conf. 1665153374: Opening ipv4 listen socket on port 1883. 1665153374: Opening ipv6 listen socket on port 1883. 1665153374: Opening ipv4 listen socket on port 8883. 1665153374: Opening ipv6 listen socket on port 8883. 1665153374: Error: Unable to set engine secret mode sha 1665153374: OpenSSL Error[0]: error:260AC089:engine routines:int_ctrl_helper:invalid cmd name 1665153374: OpenSSL Error[1]: error:260B2089:engine routines:ENGINE_ctrl_cmd:invalid cmd name
error in code: src/net.c line 538
Hi @marco99asr,
If you encounter bugs, have requests or other random questions, you can reach out on issue trackers on projects like this one. (or, if available, online communities on irc, discord, ...) However, the project maintainers and others are in no way obliged to fix those bugs, work on your request or help anyone debug their setup. Please keep in mind that this is an open source project, and that many people here are contributing in their spare time. Mentioning random earlier contributors and commenting on many seemingly related bugs is definitely bad etiquette. Patience is a virtue here, and by having spammed everyone, not taking time to write full sentences or formatting your comment, I fear the chances of this question getting answered are very low. I'm pretty sure you didn't intend that, or are maybe unaware about how things are usually done. (which is why I'm replying at all) You can have a look at this page for some advice on "Open Source Etiquette" for some more tips: https://developer.mozilla.org/en-US/docs/MDN/Community/Open_source_etiquette#be_patient_be_timely
Maintainers generally prefer people that actively try to contribute and help debug their issues, instead of throwing questions. While it's not necessarily bad etiquette to just report a bug and leave it at that (the same rules applies to you, you are not obliged to help random projects), the chances of the bug/feature/question getting resolved are mostly very low. You can see in the issue tracker that there are many open issues that don't have any activity. You can also see that in some (most closed) issues, some people contribute and actively try to find out what is wrong. Those issues get way more traction, because it is also just way more fun to work on them. (see e.g. #2522)
I can't help you with your question, and probably neither can the others you mentioned. Maybe reading through the issues you commented on leads to answers. I just wanted to take some time to call out that this strategy is not the way you should approach this. The world of open source software is beautiful, and I want to encourage you to keep learning and trying to contribute to things. But please take the open source etiquette in mind, and don't do these things.
