sslmqtttls1.2azure-iot-hublibmosquitto

Connecting to Azure IoT hub using MQTT libmosquitto C SDK


I am trying to connect to Azure IoT hub by using libmosquitto sdk using following code.

struct mosquitto *mosq_Connection_1;
bool mosq_ConnectionStatus_1;

void mqtt_init(void)
{
    mosquitto_lib_init();
}

bool mqtt_ConnectToServer(struct mosquitto **mosq, char *mqtt_ip, int mqtt_port, char *mqtt_username, char *mqtt_password, int mqtt_keepAlive)
{
    bool clean_session = true;
    *mosq = mosquitto_new("123457", clean_session, NULL);

    if(!(*mosq))
    {
        perror("mqtt error: Out of memory.\n");
        return false;
    }

    printf("mqtt: mqtt_ip:%s\n",mqtt_ip);
    printf("mqtt: mqtt_port:%d\n",mqtt_port);
    printf("mqtt: mqtt_port:%s\n",mqtt_username);
    printf("mqtt: mqtt Password:%s\n",mqtt_password);

     mosquitto_log_callback_set(*mosq, my_log_callback);
     mosquitto_connect_callback_set(*mosq, my_connect_callback);
     mosquitto_message_callback_set(*mosq, my_message_callback);
         mosquitto_subscribe_callback_set(*mosq, my_subscribe_callback);
         mosquitto_disconnect_callback_set(*mosq,my_disconnect_callBack);
         mosquitto_publish_callback_set(*mosq,my_publish_callBack);

        // mosquitto_opts_set(*mosq, MOSQ_OPT_PROTOCOL_VERSION, "MQTT_PROTOCOL_V311");
         if(mosquitto_tls_set(*mosq, "cert.cer", NULL, NULL, NULL, NULL)!= MOSQ_ERR_SUCCESS)
     {
             perror("mqtt: mosquitto_tls_set");
             return false;
     }


    /* mosquitto_tls_insecure_set(*mosq, 1);
     mosquitto_tls_opts_set(*mosq, 0, "tlsv1", NULL); */

     if(1)//mqtt_username != NULL && mqtt_password != NULL)
     {
         mosquitto_username_pw_set(*mosq,mqtt_username,mqtt_password);
     }

     if(mosquitto_connect(*mosq, mqtt_ip, mqtt_port, mqtt_keepAlive))
     {
        perror("mqtt: Unable to connect.\n");
        return false;
     }
     else
     {
         return true;
     }

    // mosquitto_loop_start(*mosq);

}

void mqtt_close(struct mosquitto *mosq)
{
    printf("Closing mqtt Socket\n");

    if(mosq == mosq_Connection_1)
        mosq_ConnectionStatus_1 = false;
    else if(mosq == mosq_Connection_2)
        mosq_ConnectionStatus_2 = false;
    else if(mosq == mosq_Connection_3)
        mosq_ConnectionStatus_3 = false;

    mosquitto_destroy(mosq);
    mosquitto_lib_cleanup();
    //mqtt_init();
}

int main()
{
     bool clean_session = true;
     mqtt_init();

      mqtt_ConnectToServer(&mosq_Connection_1, <ip Address>, <Port Number>,<username>, <Password>, 60);
       mosquitto_loop_start(mosq_Connection_1);        

}

Now the problem is if i run this code on ubantu system then it is working fine and but i am trying to do the same on sierra wireless WP7608 board then it is not connecting to server. can somebody explain what is going wrong? Thanks in advance.

Edited: I tried checking ssl certificate verification by using following command and it gives following logs.

Command: openssl s_client -connect UX101Test.azure-devices.net:8883 -state -debug -tls1_2

.....
09f0 - 86 c3 77 61 75 ee a1 86-ba 39 ab f2 f4 9d ad 0d   ..wau....9......
0a00 - 35 7b 78 8f 94 b3 76 06-ce ad 6c 19 03 46 ef c6   5{x...v...l..F..
0a10 - 44 71 2e cd 15 35 28 70-5a 27 a5 40 7d 20 9a 26   Dq...5(pZ'.@} .&
0a20 - 89 72 6f 86 be 46 b3 fd-65 01 57 3a 67 21 81 fd   .ro..F..e.W:g!..
0a30 - d5 4c ae 06 0d 00 00 1a-03 01 02 40 00 12 04 01   .L.........@....
0a40 - 05 01 02 01 04 03 05 03-02 03 02 02 06 01 06 03   ................
0a50 - 00 00 0e                                          ...
0a56 - <SPACES/NULS>
SSL_connect:unknown state
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify error:num=9:certificate is not yet valid
notBefore=May 12 18:46:00 2000 GMT
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
write to 0xcd830 [0xdcdf8] (12 bytes => 12 (0xC))
0000 - 16 03 03 00 07 0b 00 00-03                        .........
000c - <SPACES/NULS>
SSL_connect:unknown state
write to 0xcd830 [0xdcdf8] (107 bytes => 107 (0x6B))
0000 - 16 03 03 00 66 10 00 00-62 61 04 2a 95 39 c0 c2   ....f...ba.*.9..
0010 - 78 f4 8e ce c6 9e 90 7d-be f5 f4 45 b7 73 7d 59   x......}...E.s}Y
0020 - c7 c5 a2 cc 95 21 dc 09-d6 29 73 3e 67 fe ac d6   .....!...)s>g...
0030 - ba cf d5 79 c7 ea 98 05-1e 3a bf db 8a 2a 01 ec   ...y.....:...*..
0040 - 57 d6 cf a1 94 23 97 11-e6 6b 77 ee 34 c0 87 8b   W....#...kw.4...
0050 - 19 f1 fc de 52 f3 23 40-d7 9c 9f 71 f0 b7 a4 37   ....R.#@...q...7
0060 - 86 a2 6a c8 2f e1 ac fa-32 5b 85                  ..j./...2[.
SSL_connect:unknown state
write to 0xcd830 [0xdcdf8] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01                                 ......
SSL_connect:unknown state
write to 0xcd830 [0xdcdf8] (85 bytes => 85 (0x55))
0000 - 16 03 03 00 50 86 27 6f-bf ae 55 88 16 b2 00 eb   ....P.'o..U.....
0010 - 93 8c e9 ec ce 27 12 e3-c9 ff d1 72 5e 35 4b 57   .....'.....r^5KW
0020 - 5c 38 f1 f8 ea ad 45 ea-ff 98 16 77 67 a3 92 0b   \8....E....wg...
0030 - de 8e 27 f0 c7 45 b6 13-4e c4 49 e1 41 bf 8c ae   ..'..E..N.I.A...
0040 - 4d ac 5a f6 70 58 9b 22-ec f0 e4 da 06 cc 6e 59   M.Z.pX."......nY
0050 - cf 7e e1 70 c2                                    .~.p.
SSL_connect:unknown state
SSL_connect:unknown state
read from 0xcd830 [0xd33eb] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01                                    .....
read from 0xcd830 [0xd33f0] (1 bytes => 1 (0x1))
0000 - 01                                                .
read from 0xcd830 [0xd33eb] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 50                                    ....P
read from 0xcd830 [0xd33f0] (80 bytes => 80 (0x50))
0000 - ab bc 29 dc 16 05 bd 69-ba c1 00 89 88 48 72 b8   ..)....i.....Hr.
0010 - 35 63 8f 14 b5 d6 2b ac-01 66 74 fb dc cd 92 09   5c....+..ft.....
0020 - 86 99 b3 57 51 8b 84 d0-ed 4c 9d ba 13 6e 52 04   ...WQ....L...nR.
0030 - 42 f3 f9 9c 48 a3 01 e2-2b d2 73 b9 8f d8 48 cb   B...H...+.s...H.
0040 - 29 74 a2 ec b5 d6 18 5e-ec 9c a1 3e d2 a1 69 64   )t.....^...>..id
SSL_connect:unknown state
---
Certificate chain
 0 s:/CN=*.azure-devices.net
   i:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 5
 1 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 5
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIADCCBeigAwIBAgITLQAF3vCaC1etBscWiQAAAAXe8DANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDUw
HhcNMTkwNDEyMjMwMzMzWhcNMjAwNDEyMjMwMzMzWjAeMRwwGgYDVQQDDBMqLmF6
dXJlLWRldmljZXMubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
0FO0Rpkuh7KcVBFm5N8w0RpXmadeog9d9Mx1OSGPnrHpzFZPCiwDWdFOt4mrkCTx
/dRPXTI0jWc/O3ugYicaEkL05S7128jzbL+Cf9CQdw5rFPEUaORChtzKheIk5FD+
ckFQ9OchjQlvg60hK7Ctjb1QLWZUVXd2M9rWPZM9plPIrIJHfJQbCSVl2+hrByZx
dFx84vM/1pjOqTcncxa9BqczfJFnEtU3r2ADzNrjmt3V96ONPhNscgdaZyronwOE
cWsAkqOYYNPFHQmqA5yO8rC777lyzRtguIcpxu3KikVWkPrYELPMqpIWimFpSB53
9KfP+bsQVre1zhi8XFcZhwIDAQABo4IDxzCCA8MwggEFBgorBgEEAdZ5AgQCBIH2
BIHzAPEAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWoT0+aC
AAAEAwBHMEUCIQDimA41GQw92ryPf5qWX98yD2FrW/O4WhDX3paXzg64WgIgEWqL
RNXJt0IXpY46pwGkK8BtQyRl4hQhhYruvr1rpsQAdwBVgdTCFpA2AUrqC5tXPFPw
wOQ4eHAlCBcvo6odBxPTDAAAAWoT0+e5AAAEAwBIMEYCIQDyVsjPmbDq5W49ceSo
QwtTHevdroIWgt2tDQyRpoF5rQIhAKIsdhZ2mh3oXS4ikFV9yKI0j9ck1FbWP8/R
ldt0LfQXMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEw
PgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CB
XYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0
dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElU
JTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNv
Y3NwLmNvbTAdBgNVHQ4EFgQUtUnsROINIxU8u5mj4kXjHQ+0rwEwCwYDVR0PBAQD
AgSwMF0GA1UdEQRWMFSCEyouYXp1cmUtZGV2aWNlcy5uZXSCGiouYW1xcHdzLmF6
dXJlLWRldmljZXMubmV0giEqLnN1Lm1hbmFnZW1lbnQtYXp1cmUtZGV2aWNlcy5u
ZXQwgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29m
dC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUy
MDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwv
TWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsME0GA1UdIARGMEQwQgYJ
KwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNv
bS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBQI/iWfdOqHBMK8u46oOF8zxtFs
ZTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQAD
ggIBADGX1X1v9qEE1nQILzDMdSdO7bRm7V/URztxnOeXAg543ogCgUhJdtxNV066
wv/2Dz3F+pVYDPa2aiPuUJtSc/d6GKm2OFTI6nLnXPkE5nazwob9CpWOdebIK29j
J7oWcKycXUiB7Tkcw/jobajJ5O/yI27F4dWAukD/vaVnuD7+lus/qGWjVzTmznmU
7WvddtSqwJIbT9sL3QevEEs5sWMmmtma2hGofBVAEHo4BHnzeTiy0avezxVLtoyy
aLCF23EoOWvMPr6ubvAzRYmgf6OFDJXMch2LNO6UXxCK29HFg78DpWJfHNv2m9dl
KZ8XuYFpVrAy6UlkAXDjjQH1VRqoMg0n2Fjjya84IFUWtqq427qN7pCYXMUUD7zo
W/euyctxulYLkma37JrAGnJibKSTWPtxGCByEceRkE+M0Yt03MFKpWk+Vz+ZMDWG
2K/H8GIOdjHCc6cKw6vgIvRr325zQLzcbODgPNe65shWG/4ca6dSc4eGSEZAjzXH
N6FMCe21E+WSj6HZTk17eElT+KraHIdtIkJO4qdEdma4lYYjT95E1HlC9YsJBQ/T
fUOvp4nKaOQXCwnSsGIjll4LftK2G48vBTn27ezmYoxXH/Z5sOBewJPmoZUxqJko
hpAJQj4x9EIXmatFZFbMq/thgmEza/Nt/knBeRaUPwj4zlQk
-----END CERTIFICATE-----
subject=/CN=*.azure-devices.net
issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 5
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA1
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4105 bytes and written 517 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-SHA256
    Session-ID: 3E270000A31239A85D6AA73B0D90EA677147146A5BDCC69C4BF34EB506B62C92
    Session-ID-ctx: 
    Master-Key: 957B93FED2CFF6ACA05AE2F339C408FD5E5E20304745935DDDB86B88D9BE5963F0FBC07ABCCAB746741750C8A9402F7A
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 315965102
    Timeout   : 7200 (sec)
    Verify return code: 9 (certificate is not yet valid)

can anyone help me how to deal with certificates at device side.


Solution

  • I had to update mosquitto version 1.5.2 or above and it solved my problem.

    Thank you.