MQTT PAHO [CERTIFICATE_VERIFY_FAILED]

时间:2017-09-08 19:08:18

标签: python mqtt tls1.2 mosquitto paho

我遇到Python问题(我是一个Python noob并且学习它)。 我在Debian 9系统上使用了2.7.9版本。我在python中安装了paho和tinkerforge包。

我使用Paho MQTT客户端开发了一个脚本来连接我的mosquitto代理。我想使用加密连接。我的连接在未加密时工作正常但在加密时失败。连接工作在openHAB(MQTT-Subscriber)和MQTTFX(MQTT-Subscriber and Producer)上精确加密

我正在为脚本使用这些参数:

self.client = mqtt.Client()
self.client.tls_set("/home/pi/ca-cert.pem","/home/pi/IWILR1-1-cert.pem","/home/pi/IWILR1-1.pem",tls_version=ssl.PROTOCOL_TLSv1)
# disables peer verification
self.client.tls_insecure_set(False)
    self.client.on_connect = self.mqtt_on_connect
    self.client.on_disconnect = self.mqtt_on_disconnect
self.client.on_message = self.mqtt_on_message

    self.device_proxies = {}
    self.device_proxy_classes = {}

    for subclass in DeviceProxy.subclasses():
        self.device_proxy_classes[subclass.DEVICE_CLASS.DEVICE_IDENTIFIER] = subclass

def connect(self):
    if self.broker_username is not None:
        self.client.username_pw_set(self.broker_username, self.broker_password)

    self.client.connect(self.broker_host, self.broker_port)
    self.client.loop_start()

但现在问题是Python上的错误。

    sudo python /home/pi/brick-mqtt-proxy.py
Traceback (most recent call last):
  File "/home/pi/brick-mqtt-proxy.py", line 1250, in <module>
    proxy.connect()
  File "/home/pi/brick-mqtt-proxy.py", line 1109, in connect
    self.client.connect(self.broker_host, self.broker_port)
  File "/usr/local/lib/python2.7/dist-packages/paho/mqtt/client.py", line 760, in connect
    return self.reconnect()
  File "/usr/local/lib/python2.7/dist-packages/paho/mqtt/client.py", line 919, in reconnect
    sock.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 840, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

并且在mosquitto上这些错误到了。

1504896114: New connection from 143.93.197.20 on port 8883.
1504896114: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1504896114: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1504896114: Socket error on client <unknown>, disconnecting.

Mosquitto conf 

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example


pid_file /var/run/mosquitto.pid

persistence true
persistence_location /var/lib/mosquitto/


log_type all
log_facility 5
log_timestamp true
log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d

port 8883
cafile /etc/mosquitto/ca_certificates/ca-cert.pem
certfile /etc/mosquitto/certs/server-cert.pem
keyfile /etc/mosquitto/certs/server-key.pem

只有Server和Ca匹配代理主机名。客户端使用自己的CN主机名。我希望那是对的吗?

我希望你能帮我解决问题。

PS:我使用了自签名证书! TLS版本1.2

2 个答案:

答案 0 :(得分:0)

如果您使用的是TLS v1.2,则需要将表达式(第2行:self.client.tls_set())'tls_version = ssl.PROTOCOL_TLSv1'修改为'tls_version = ssl.PROTOCOL_TLSv1_2',而不是预期的。 ..TLSv1.2。这对我有用。

答案 1 :(得分:0)

尝试提供如下所示的内容。 ssl的默认端口为8883。我们可以启动多个侦听器。在这种情况下,non-ssl上的1883ssl上的8883

port 1883
listener 8883
相关问题
最新问题