SSL Error while connecting to MQTT Broker

0
votes

I am trying to connect an MQTT Client to an MQTT Broker using TLS. The library I am using is Paho MQTT C library: https://github.com/eclipse/paho.mqtt.c

However, the connection between the broker and the client doesn't succeed and hence I need more clarification and help to solve this issue.

According to the Paho MQTT C documentation for SSL Options: https://www.eclipse.org/paho/files/mqttdoc/MQTTAsync/html/struct_m_q_t_t_async___s_s_l_options.html

I need to fill this structure with the correct file handles and configuration and pass it to Connection Options structure.

I have a mosquitto broker running on my machine(localhost). Here is the configuration file:

# =================================================================
# Default listener
# =================================================================

# IP address/hostname to bind the default listener to. If not
# given, the default listener will not be bound to a specific
# address and so will be accessible to all network interfaces.
# bind_address ip-address/host name
#bind_address

# Port to use for the default listener.
port 8883

# -----------------------------------------------------------------
# Certificate based SSL/TLS support
# -----------------------------------------------------------------
# The following options can be used to enable SSL/TLS support for
# this listener. Note that the recommended port for MQTT over TLS
# is 8883, but this must be set manually.
#
# See also the mosquitto-tls man page.

# At least one of cafile or capath must be defined. They both
# define methods of accessing the PEM encoded Certificate
# Authority certificates that have signed your server certificate
# and that you wish to trust.
# cafile defines the path to a file containing the CA certificates.
# capath defines a directory that will be searched for files
# containing the CA certificates. For capath to work correctly, the
# certificate files must have ".crt" as the file ending and you must run
# "openssl rehash <path to capath>" each time you add/remove a certificate.
#capath
cafile /etc/mosquitto/ca_certificates/mqttRSACA.crt

# Path to the PEM encoded server certificate.
certfile /etc/mosquitto/certs/mqttrsabroker.crt

# Path to the PEM encoded keyfile.
keyfile /etc/mosquitto/certs/mqttrsabroker.key

# If you have require_certificate set to true, you can create a certificate
# revocation list file to revoke access to particular client certificates. If
# you have done this, use crlfile to point to the PEM encoded revocation file.
#crlfile

# If you wish to control which encryption ciphers are used, use the ciphers
# option. The list of available ciphers can be obtained using the "openssl
# ciphers" command and should be provided in the same format as the output of
# that command.
# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
#ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH

# To allow the use of ephemeral DH key exchange, which provides forward
# security, the listener must load DH parameters. This can be specified with
# the dhparamfile option. The dhparamfile can be generated with the command
# e.g. "openssl dhparam -out dhparam.pem 2048"
#dhparamfile

# By default a TLS enabled listener will operate in a similar fashion to a
# https enabled web server, in that the server has a certificate signed by a CA
# and the client will verify that it is a trusted certificate. The overall aim
# is encryption of the network traffic. By setting require_certificate to true,
# the client must provide a valid certificate in order for the network
# connection to proceed. This allows access to the broker to be controlled
# outside of the mechanisms provided by MQTT.
#require_certificate false

# This option defines the version of the TLS protocol to use for this listener.
# The default value allows all of v1.3, v1.2 and v1.1. The valid values are
# tlsv1.3 tlsv1.2 and tlsv1.1.
tls_version tlsv1.2

I followed this link: http://www.steves-internet-guide.com/mosquitto-tls/

I have an mqtt client with the following configuration:

    conn_opts.keepAliveInterval = 20;
    conn_opts.cleansession = 1;
    conn_opts.onSuccess = onConnect;
    conn_opts.onFailure = onConnectFailure;
    conn_opts.context = (void*)&mqtt_ctx;
    conn_opts.ssl = &ssl_opts;

    // Set SSL options
    ssl_opts.struct_version = 1;
    ssl_opts.keyStore = key_store_file;
    ssl_opts.trustStore = trust_store_file;
    ssl_opts.sslVersion = MQTT_SSL_VERSION_TLS_1_2;

The key_store_file and trust_store_file are read by environment variables pointing to: key_store_file: mqttrsaclient.key trust_store_file: mqttrsaclient.crt

Both files are in PEM format.

I have set MQTT_C_CLIENT_TRACE=ON and this is what I observe:

Starting Up!
Broker IP: ssl://127.0.0.1:8883
=========================================================
                   Trace Output
Product name: Eclipse Paho Asynchronous MQTT C Client Library
Version: 1.3.0
Build level: Wed Jul 31 15:23:35 PDT 2019
OpenSSL version: OpenSSL 1.1.1  11 Sep 2018
OpenSSL flags: compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-cn9tZy/openssl-1.1.1=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX2
OpenSSL build timestamp: built on: Thu Jun 20 17:36:28 2019 UTC
OpenSSL platform: platform: debian-amd64
OpenSSL directory: OPENSSLDIR: "/usr/lib/ssl"
/proc/version: Linux version 4.15.0-55-generic (buildd@lcy01-amd64-029) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #60-Ubuntu SMP Tue Jul 2 18:22:20 UTC 2019

=========================================================
19691231 160000.000 (299804416)  (1)> Socket_outInitialize:131
19691231 160000.000 (299804416)   (2)> SocketBuffer_initialize:94
19691231 160000.000 (299804416)   (2)< SocketBuffer_initialize:98
19691231 160000.000 (299804416)  (1)< Socket_outInitialize:144
19691231 160000.000 (299804416)  (1)> SSLSocket_initialize:443
19691231 160000.000 (299804416)   (2)> SSL_create_mutex:343
19691231 160000.000 (299804416)   (2)< SSL_create_mutex:349 (0)
19691231 160000.000 (299804416)   (2)> SSL_create_mutex:343
19691231 160000.000 (299804416)   (2)< SSL_create_mutex:349 (0)
19691231 160000.000 (299804416)  (1)< SSLSocket_initialize:487 (1)
19691231 160000.000 (299804416)  (1)> MQTTStrncpy:848
19691231 160000.000 (299804416)  (1)< MQTTStrncpy:858
19691231 160000.000 (299804416)  (1)> MQTTStrncpy:848
19691231 160000.000 (299804416)  (1)< MQTTStrncpy:858
19691231 160000.000 (299804416)  (1)> MQTTPersistence_create:52
19691231 160000.000 (299804416)  (1)< MQTTPersistence_create:98 (0)
19691231 160000.000 (299804416)  (1)> MQTTPersistence_initialize:113
19691231 160000.000 (299804416)  (1)< MQTTPersistence_initialize:121 (0)
19691231 160000.000 (299804416)  (1)> MQTTAsync_restoreCommands:936
20190827 183834.980 0 commands restored for client am65x-ti-0
20190827 183834.980 (299804416)  (1)< MQTTAsync_restoreCommands:974 (0)
20190827 183834.980 (299804416)  (1)> MQTTPersistence_restoreMessageQueue:714
20190827 183834.980 0 queued messages restored for client am65x-ti-0
20190827 183834.980 (299804416)  (1)< MQTTPersistence_restoreMessageQueue:753 (0)
20190827 183834.980 (299804416) (0)< MQTTAsync_createWithOptions:593 (0)
20190827 183834.980 (299804416) (0)> MQTTAsync_setCallbacks:2426
20190827 183834.980 (299804416) (0)< MQTTAsync_setCallbacks:2440 (-1)
20190827 183834.980 (299804416) (0)> MQTTAsync_connect:2738
20190827 183834.980 (299804416)  (1)> Thread_start:69
20190827 183834.980 (299804416)  (1)< Thread_start:79
20190827 183834.980 (299804416)  (1)> Thread_start:69
20190827 183834.980 (291411712) (0)> MQTTAsync_sendThread:1784
20190827 183834.980 (299804416)  (1)< Thread_start:79
20190827 183834.980 (283019008) (0)> MQTTAsync_receiveThread:2064
20190827 183834.980 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183834.980 (283019008)   (2)> Socket_getReadySocket:237
20190827 183834.980 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183834.980 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183834.980 (299804416)  (1)> MQTTStrncpy:848
20190827 183834.981 (299804416)  (1)< MQTTStrncpy:858
20190827 183834.981 (291411712)  (1)> Thread_wait_cond:411
20190827 183834.981 (299804416)  (1)> MQTTStrncpy:848
20190827 183834.981 (299804416)  (1)< MQTTStrncpy:858
20190827 183834.981 (299804416)  (1)> MQTTAsync_addCommand:984
20190827 183834.981 (299804416)   (2)> Thread_signal_cond:393
20190827 183834.981 (299804416)   (2)< Thread_signal_cond:398 (0)
20190827 183834.981 (299804416)  (1)< MQTTAsync_addCommand:1018 (0)
20190827 183834.981 (299804416) (0)< MQTTAsync_connect:3039 (0)
Connection Attempt Return Code: 0
20190827 183834.981 (291411712)  (1)< Thread_wait_cond:419 (0)
20190827 183834.981 (291411712)  (1)> MQTTAsync_checkTimeouts:1730
20190827 183834.981 (291411712)  (1)< MQTTAsync_checkTimeouts:1778
20190827 183834.981 (291411712)  (1)> MQTTAsync_processCommand:1324
20190827 183834.981 Connecting to serverURI 127.0.0.1:8883 with MQTT version 4
20190827 183834.981 (291411712)   (2)> MQTTProtocol_connect:114
20190827 183834.981 (291411712)    (3)> MQTTProtocol_addressPort:58
20190827 183834.981 (291411712)    (3)< MQTTProtocol_addressPort:90
20190827 183834.981 (291411712)    (3)> Socket_new:668
20190827 183834.981 New socket 3 for 127.0.0.1:8883, port 8883
20190827 183834.981 (291411712)     (4)> Socket_addSocket:173
20190827 183834.981 (291411712)      (5)> Socket_setnonblocking:85
20190827 183834.981 (291411712)      (5)< Socket_setnonblocking:90 (0)
20190827 183834.981 (291411712)     (4)< Socket_addSocket:196 (0)
20190827 183834.981 Connect pending
20190827 183834.981 (291411712)    (3)< Socket_new:785 (115)
20190827 183834.981 (291411712)   (2)< MQTTProtocol_connect:156 (115)
20190827 183834.981 (291411712)   (2)> MQTTProperties_free:366
20190827 183834.981 (291411712)   (2)< MQTTProperties_free:389
20190827 183834.981 (291411712)  (1)< MQTTAsync_processCommand:1660 (1)
20190827 183834.981 (291411712)  (1)> Thread_wait_cond:411
20190827 183834.981 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183834.981 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183834.981 (283019008)    (3)> MQTTProtocol_keepalive:608
20190827 183834.981 (283019008)    (3)< MQTTProtocol_keepalive:641
20190827 183834.981 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183834.981 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183834.981 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183834.981 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183834.981 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183834.981 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.081 (283019008)    (3)> Socket_continueWrites:928
20190827 183835.081 (283019008)    (3)< Socket_continueWrites:952 (0)
20190827 183835.081 (283019008)    (3)> isReady:213
20190827 183835.081 (283019008)    (3)< isReady:218 (1)
20190827 183835.081 (283019008)   (2)< Socket_getReadySocket:309 (3)
20190827 183835.081 m->c->connect_state = 1
20190827 183835.081 (283019008)   (2)> MQTTAsync_connecting:3513
20190827 183835.081 (283019008)    (3)> MQTTProtocol_addressPort:58
20190827 183835.081 (283019008)    (3)< MQTTProtocol_addressPort:90
20190827 183835.081 (283019008)    (3)> SSLSocket_setSocketForSSL:647
20190827 183835.081 (283019008)     (4)> SSLSocket_createContext:521
20190827 183835.081 (283019008)      (5)> SSLSocket_error:97
20190827 183835.081 SSLSocket error (151584876) in SSL_CTX_use_certificate_chain_file for socket 3 rc 0 errno 2 No such file or directory

20190827 183835.081 (283019008)      (5)< SSLSocket_error:117 (151584876)
20190827 183835.081 (283019008)     (4)< SSLSocket_createContext:637 (0)
20190827 183835.081 (283019008)    (3)< SSLSocket_setSocketForSSL:686 (0)
20190827 183835.081 (283019008)    (3)> nextOrClose:1667
20190827 183835.081 (283019008)     (4)> MQTTAsync_checkConn:467
20190827 183835.081 (283019008)     (4)< MQTTAsync_checkConn:470 (1)
20190827 183835.081 (283019008)     (4)> MQTTAsync_closeOnly:2559
20190827 183835.082 (283019008)      (5)> MQTTProtocol_checkPendingWrites:1138
20190827 183835.082 (283019008)      (5)< MQTTProtocol_checkPendingWrites:1155
20190827 183835.082 (283019008)      (5)> WebSocket_close:397
20190827 183835.082 (283019008)      (5)< WebSocket_close:450
20190827 183835.082 (283019008)      (5)> SSLSocket_close:852
20190827 183835.082 (283019008)       (6)> SSLSocket_destroyContext:839
20190827 183835.082 (283019008)       (6)< SSLSocket_destroyContext:843
20190827 183835.082 (283019008)      (5)< SSLSocket_close:864 (1)
20190827 183835.082 (283019008)      (5)> Socket_close:613
20190827 183835.082 (283019008)       (6)> Socket_close_only:587
20190827 183835.082 (283019008)       (6)< Socket_close_only:601 (0)
20190827 183835.082 (283019008)       (6)> Socket_abortWrite:895
20190827 183835.082 (283019008)       (6)< Socket_abortWrite:913 (0)
20190827 183835.082 (283019008)       (6)> SocketBuffer_cleanup:136
20190827 183835.082 (283019008)       (6)< SocketBuffer_cleanup:148
20190827 183835.082 Removed socket 3
20190827 183835.082 (283019008)      (5)< Socket_close:640
20190827 183835.082 (283019008)     (4)< MQTTAsync_closeOnly:2581
20190827 183835.082 Connect failed, more to try
20190827 183835.082 (283019008)     (4)> MQTTAsync_addCommand:984
20190827 183835.082 (283019008)      (5)> Thread_signal_cond:393
20190827 183835.082 (283019008)      (5)< Thread_signal_cond:398 (0)
20190827 183835.082 (283019008)     (4)< MQTTAsync_addCommand:1018 (0)
20190827 183835.082 (283019008)    (3)< nextOrClose:1720
20190827 183835.082 (283019008)   (2)< MQTTAsync_connecting:3652 (-1)
20190827 183835.082 m->c->connect_state = 0
20190827 183835.082 CONNECT sent, *rc is -1
20190827 183835.082 (291411712)  (1)< Thread_wait_cond:419 (0)
20190827 183835.082 (291411712)  (1)> MQTTAsync_checkTimeouts:1730
20190827 183835.082 (291411712)  (1)< MQTTAsync_checkTimeouts:1778
20190827 183835.082 (291411712)  (1)> MQTTAsync_processCommand:1324
20190827 183835.082 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.082 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.082 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.082 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.082 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.082 Connecting to serverURI 127.0.0.1:8883 with MQTT version 3
20190827 183835.082 (291411712)   (2)> MQTTProtocol_connect:114
20190827 183835.082 (291411712)    (3)> MQTTProtocol_addressPort:58
20190827 183835.082 (291411712)    (3)< MQTTProtocol_addressPort:90
20190827 183835.083 (291411712)    (3)> Socket_new:668
20190827 183835.083 New socket 3 for 127.0.0.1:8883, port 8883
20190827 183835.083 (291411712)     (4)> Socket_addSocket:173
20190827 183835.083 (291411712)      (5)> Socket_setnonblocking:85
20190827 183835.083 (291411712)      (5)< Socket_setnonblocking:90 (0)
20190827 183835.083 (291411712)     (4)< Socket_addSocket:196 (0)
20190827 183835.083 Connect pending
20190827 183835.083 (291411712)    (3)< Socket_new:785 (115)
20190827 183835.083 (291411712)   (2)< MQTTProtocol_connect:156 (115)
20190827 183835.083 (291411712)   (2)> MQTTProperties_free:366
20190827 183835.083 (291411712)   (2)< MQTTProperties_free:389
20190827 183835.083 (291411712)  (1)< MQTTAsync_processCommand:1660 (1)
20190827 183835.083 (291411712)  (1)> Thread_wait_cond:411
20190827 183835.083 Error from MQTTAsync_cycle() - removing socket 3
20190827 183835.083 (283019008)  (1)> nextOrClose:1667
20190827 183835.083 (283019008)   (2)> MQTTAsync_checkConn:467
20190827 183835.083 (283019008)   (2)< MQTTAsync_checkConn:470 (0)
20190827 183835.083 (283019008)   (2)> MQTTAsync_closeSession:2587
20190827 183835.083 (283019008)    (3)> MQTTAsync_closeOnly:2559
20190827 183835.083 (283019008)     (4)> MQTTProtocol_checkPendingWrites:1138
20190827 183835.083 (283019008)     (4)< MQTTProtocol_checkPendingWrites:1155
20190827 183835.083 (283019008)     (4)> WebSocket_close:397
20190827 183835.083 (283019008)     (4)< WebSocket_close:450
20190827 183835.083 (283019008)     (4)> SSLSocket_close:852
20190827 183835.083 (283019008)      (5)> SSLSocket_destroyContext:839
20190827 183835.083 (283019008)      (5)< SSLSocket_destroyContext:843
20190827 183835.083 (283019008)     (4)< SSLSocket_close:864 (1)
20190827 183835.083 (283019008)     (4)> Socket_close:613
20190827 183835.083 (283019008)      (5)> Socket_close_only:587
20190827 183835.083 (283019008)      (5)< Socket_close_only:601 (0)
20190827 183835.083 (283019008)      (5)> Socket_abortWrite:895
20190827 183835.083 (283019008)      (5)< Socket_abortWrite:913 (0)
20190827 183835.083 (283019008)      (5)> SocketBuffer_cleanup:136
20190827 183835.083 (283019008)      (5)< SocketBuffer_cleanup:148
20190827 183835.083 Removed socket 3
20190827 183835.083 (283019008)     (4)< Socket_close:640
20190827 183835.083 (283019008)    (3)< MQTTAsync_closeOnly:2581
20190827 183835.083 (283019008)    (3)> MQTTAsync_cleanSession:2616
20190827 183835.083 (283019008)     (4)> MQTTPersistence_clear:160
20190827 183835.083 (283019008)     (4)< MQTTPersistence_clear:164 (0)
20190827 183835.084 (283019008)     (4)> MQTTProtocol_emptyMessageList:809
20190827 183835.084 (283019008)     (4)< MQTTProtocol_emptyMessageList:818
20190827 183835.084 (283019008)     (4)> MQTTProtocol_emptyMessageList:809
20190827 183835.084 (283019008)     (4)< MQTTProtocol_emptyMessageList:818
20190827 183835.084 (283019008)     (4)> MQTTAsync_emptyMessageQueue:1820
20190827 183835.084 (283019008)     (4)< MQTTAsync_emptyMessageQueue:1834
20190827 183835.084 (283019008)     (4)> MQTTAsync_removeResponsesAndCommands:1844
20190827 183835.084 0 responses removed for client am65x-ti-0
20190827 183835.084 0 commands removed for client am65x-ti-0
20190827 183835.084 (283019008)     (4)< MQTTAsync_removeResponsesAndCommands:1929
20190827 183835.084 (283019008)    (3)< MQTTAsync_cleanSession:2632 (0)
20190827 183835.084 (283019008)   (2)< MQTTAsync_closeSession:2594
20190827 183835.084 Calling connect failure for client am65x-ti-0
Connect failed, rc -1
20190827 183835.084 (283019008)  (1)< nextOrClose:1720
20190827 183835.084 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.084 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.084 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.084 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183835.084 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183835.084 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.184 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.184 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.184 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.184 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.184 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.184 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.184 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.184 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183835.184 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183835.184 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.184 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.184 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.184 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.184 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.184 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.184 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.184 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.184 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183835.184 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183835.184 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.385 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.385 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.385 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.385 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.385 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.385 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.385 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.385 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183835.385 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183835.385 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.385 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.385 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.385 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.385 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.385 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.385 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.385 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.385 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183835.385 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183835.385 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.585 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.585 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.585 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.585 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.585 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.585 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.585 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.585 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183835.585 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183835.585 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.585 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.585 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.585 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.585 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.585 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.585 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.585 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.585 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183835.585 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183835.585 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.786 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.786 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.786 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.786 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.786 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.786 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.786 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.786 (283019008)   (2)> MQTTAsync_sleep:420
20190827 183835.786 (283019008)   (2)< MQTTAsync_sleep:426
20190827 183835.786 (283019008)   (2)> MQTTAsync_retry:3495
20190827 183835.786 (283019008)    (3)> MQTTProtocol_retry:727
20190827 183835.786 (283019008)    (3)< MQTTProtocol_retry:746
20190827 183835.786 (283019008)   (2)< MQTTAsync_retry:3505
20190827 183835.786 (283019008)  (1)< MQTTAsync_cycle:3810 (-1)
20190827 183835.786 (283019008)  (1)> MQTTAsync_cycle:3663
20190827 183835.786 (283019008)   (2)> Socket_getReadySocket:237
20190827 183835.786 (283019008)   (2)< Socket_getReadySocket:309 (0)
20190827 183835.786 (283019008)   (2)> MQTTAsync_sleep:420

Looking specifically at this line:

20190827 183835.081 SSLSocket error (151584876) in SSL_CTX_use_certificate_chain_file for socket 3 rc 0 errno 2 No such file or directory

And on the broker side:

1566956315: New connection from 127.0.0.1 on port 8883.
1566956315: Socket error on client <unknown>, disconnecting.

I am not exactly sure what I am missing.

An insight into setting up the SSL Options correctly would be greatly helpful.

-----------------EDIT---------------

As suggested by Marco in comments I ran strace -e trace=open,openat,stat,fstat -s200 ./mqttTest ` I tried it with your suggested command and here is the output (I turned off the trace for MQTT).

openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=148012, ...}) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=144976, ...}) = 0
openat(AT_FDCWD, "/usr/local/lib/libpaho-mqtt3as.so.1", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=609680, ...}) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=2030544, ...}) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=577312, ...}) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2917216, ...}) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=14560, ...}) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
Starting Up!
Broker IP: ssl://127.0.0.1:8883
Connection Attempt Return Code: 0
Connect failed, rc -1
1
csslmqttpaho
That is not an SSL error. Read it.Marco Bonelli
I would suggest running your program with strace -e trace=open,openat,stat,fstat -s200 ./yourprogram and looking specially at the open() or openat() calls that return ENOENT (which is "No such file or directory"). You will see which file the program is trying to access in the arguments of the function that failed.Marco Bonelli
@MarcoBonelli I tried that but did not see any ENOENT on the trace.Prateek Khatri
It may be forking, add an -f to follow child processes. That's not an easy problem to debug with such little poece of code. Try to make your example concise but complete so that the problem can be reproduced.Marco Bonelli
Sorry for providing limited code but that is all I can at this point. However, I found it: [pid 14172] openat(AT_FDCWD, "/dev/srandom", O_RDONLY) = -1 ENOENT (No such file or directory) This paho MQTT library does use OpenSSL and I am not sure what exactly will be trying to open /dev/srandom/Prateek Khatri

1 Answers

0
votes

I installed the kernel module for srandom and all the errors went away.

https://github.com/josenk/srandom