问题描述

最近微软Azure添加了一个MQTT后端其服务。
该服务使用不加密的流量。
我不能Mosquitto和微软Azure云之间的连接。

我下载服务器证书

 回声-n | OpenSSL的的s_client.First -connect mytarget.azure-devices.net:8883 | SED -ne'/ -BEGIN证书 -  /，/  -  END CERTIFICATE- / P'＆GT; /tmp/test.cert
 

，然后试图用mosquitto_sub连接

  mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t设备/器件1 /消息/事件-i设备1 -umytarget.azure-devices.net/设备1-PSharedAccessSignature SR =剪断＆安培; SIG =剪断＆安培; SKN =喀嚓--cafile /tmp/test.pem --insecure
 

然而，连接是从来没有建立。
Mosquitto输出：

I have previously successfully connected mosquitto over ssl to the Amazon cloud (although I got a certificate and Private Key for that).So I tried with adding client certificate/key, which I got from AWS, hopingg the error is that mosquitto does need those files too.

mosquitto_sub -h mytarget.azure-devices.net -p 8883 -d -t devices/Device1/messages/events -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=snip&sig=snip&skn=snip"  --cafile /tmp/test.pem --cert certificate.pem.crt --key -private.pem.key --insecure --insecure

However, this didn't help and didn't change the error message.

I then looked in to the mosquitto code at github and found that the error is probably caused on this line by SSL_connect, which seems to be a openssl function.

Has anybody made mosquitto connect to the Microsoft Azure cloud or has any pointers where to look next?

edit:

I seem to be able to publish by tunneling the SSL over socat:

socat openssl-connect:mytarget.azure-dices.net:8883,verify=0 tcp-l:8884,reuseaddr,fork

And then connection on mosquitto to -h localhost instead of azure gets me:

Client Device1 sending CONNECT
Client Device1 received CONNACK
Client Device1 sending PUBLISH (d0, q0, r0, m1, 'devices/Device1/messages/events', ... (4 bytes))
Client Device1 sending DISCONNECT

It might be that something from the Azure Host is throwing of mosquitto.Subscribing like this with mosquitto also works.

The problem with this approach is that the ssl-connection seems to be destroyed after the first (few) packet(s) and socat subsequentally complains with

E SSL_write(): Broken pipe

For anyone else searching for this.We finally managed to get it working with mosquitto_sub/pub:

mosquitto_sub -h mytarget.azure-devices.net -p 8883 -t "devices/Device1/messages/devicebound/#" -i Device1 -u "mytarget.azure-devices.net/Device1" -P "SharedAccessSignature sr=mytarget.azure-devices.net&sig=snip&skn=snip" --capath /etc/ssl/certs/ --tls-version tlsv1 -d -V mqttv311 -q 1

and for publishing:

mosquitto_pub -h mytarget.azure-devices.net -p 8883 -t "devices/Device1/messages/events/" -i Device2 -u "mytarget.azure-devices.net/Device2" -P "SharedAccessSignature sr=bbvgathering.azure-devices.net&sig=snip&se=snip&skn=snip" --capath /etc/ssl/certs/ --tls-version tlsv1 -d -V mqttv311 -q 1 -m "{\"key\": \"value\"}"

Important You have to send JSON-Data, everything else will get rejected (at least on our setup)!

Note Be adviced that you (seemingly) can't directly send from one device to the other. As this is contra the Cloud way.You'll have to configure a Connection in the cloud

这篇关于连接Mosquitto新的Azure MQTT后端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！