mosquitto 1.x 在 Debian 10(带 SSL)上运行良好。随着 Debian 11 的升级,mosquitto 2.0.11-1 也发布了。
我必须对配置文件进行一些调整才能让它启动。已经读完了https://mosquitto.org/documentation/migrating-to-2-0/ 为了测试,我目前以交互方式使用此命令启动守护进程:
/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf -v
但是现在客户端无法再连接,无论其客户端类型如何(我有各种各样的客户端)。对于每个客户端连接尝试,我都会收到如下日志条目:
1629544574: New connection from x.x.x.x:54278 on port 8883.
1629544574: Client <unknown> disconnected due to protocol error.
这是主要的配置文件:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
#Plain
#listener 1883
#SSL
listener 8883
#keepalive_interval 600
# Do not require authentication
allow_anonymous true
log_type all
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
这是 SSL 文件(conf.d 中唯一的文件):
cafile /etc/mosquitto/certs/ca.cer
certfile /etc/mosquitto/certs/mqtt.cer
keyfile /etc/mosquitto/certs/mqtt.key
dhparamfile /etc/mosquitto/certs/dhparam.pem
#tls_version tlsv1.2
证书相关文件都存在:
root@linux06:/etc/mosquitto# ls -l certs/
total 28
-rw-r--r-- 1 mosquitto mosquitto 3915 Apr 28 02:36 ca.cer
-rw-r----- 1 mosquitto mosquitto 424 Aug 21 12:45 dhparam.pem
-rwxr-xr-- 1 mosquitto mosquitto 3546 Apr 28 02:36 mqtt.cer
-rwxr-x--- 1 mosquitto mosquitto 3243 Apr 28 02:36 mqtt.key
-rwxr-x--- 1 mosquitto mosquitto 7528 Apr 28 02:36 mqtt.p7b
-rw-r--r-- 1 mosquitto mosquitto 130 Apr 28 02:36 README
不幸的是,在客户端中接受所有证书并没有帮助。这样我至少可以开始。当我移走 SSL 配置文件,从而停用 SSL 时,客户端在尝试普通连接时可以正常连接。
我觉得有点奇怪的是这一点。这不应该是这样的,不是吗?
root@linux06:~# openssl s_client -connect 127.0.0.1:8883 -showcerts
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
root@linux06:~#
证书仍然有效(尽管它很快就会过期;掩盖了一些内容):
root@linux06:~# openssl x509 -text -in /etc/mosquitto/certs/mqtt.cer
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:00:00:02:07:9a:37:38:09:44:97:a3:6c:00:01:00:00:02:07
Signature Algorithm: sha512WithRSAEncryption
Issuer: DC = org, DC = masked, DC = masked, CN = masked
Validity
Not Before: Aug 26 13:20:32 2019 GMT
Not After : Aug 25 13:20:32 2021 GMT
Subject: C = DE, ST = NA, L = nowhere, OU = masked
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c3:55:4a:ec:47:ba:65:ee:1c:b4:ac:72:73:0d:
4b:c3:ae:94:8c:35:d8:1c:99:7e:0e:d9:12:3b:cf:
c9:6f:2a:f1:c0:e6:10:3e:52:df:a7:5a:36:73:6a:
我已经束手无策了。有人知道为什么会失败吗?我仔细研究了示例配置、文件系统权限和网页。但我似乎找不到失败的原因。
答案1
指令
listener 8883
需要转到 ssl.conf 文件。这立即解决了问题。