I have setup a local mosquitto server; I can connect to it using QT (5.15.0) MQTT without SSL.
Trying to configure it with SSL, saw different posts on the subject. I still am unable to TLS handshake correctly with the server.
I am able to connect to the mosquitto server, but it states socket error and disconnects:
1598878059: mosquitto version 1.6.10 starting
1598878059: Config loaded from .\mosquitto.conf.
1598878059: Opening ipv6 listen socket on port 8883.
1598878059: Opening ipv4 listen socket on port 8883.
1598878082: New connection from 192.168.1.34 on port 8883.
1598878082: Socket error on client <unknown>, disconnecting.
It needs to be noted that, MQTT.fx client can talk to the same local mosquitto installation/configuration successfully using SSL/TLS and the same certificate. The Qt MQTT code alone is having the Socket error issue.
The mosquitto config is quite simple:
# Port to use for the default listener.
port 8883
# At least one of cafile or capath must be defined. They both
# define methods of accessing the PEM encoded Certificate
# Authority certificates that have signed your server certificate
# and that you wish to trust.
# cafile defines the path to a file containing the CA certificates.
# capath defines a directory that will be searched for files
# containing the CA certificates. For capath to work correctly, the
# certificate files must have ".crt" as the file ending and you must run
# "openssl rehash <path to capath>" each time you add/remove a certificate.
#cafile
#capath
cafile C:\Program Files\mosquitto\certs\m2mqtt_ca.crt
# Path to the PEM encoded server certificate.
certfile C:\Program Files\mosquitto\certs\m2mqtt_srv.crt
# Path to the PEM encoded keyfile.
keyfile C:\Program Files\mosquitto\certs\m2mqtt_srv.key
On the client side, I do see this:
"OpenSSL 1.1.1d 10 Sep 2019"
true
"OpenSSL 1.1.1d 10 Sep 2019"
Default SSL configuration isNull: false
SSL configuration used by QNAM isNull: true
State: Connecting
State: Disconnected
256
The code that I have used to test the connection:
#include <QCoreApplication>
#include <QtMqtt>
#include <QtNetwork/QNetworkAccessManager>
#include <QtNetwork/QNetworkRequest>
#include <QtNetwork/QNetworkReply>
#include <QSslSocket>
#include <QSslConfiguration>
#if 1
const QByteArray pem = R"(-----BEGIN CERTIFICATE-----
MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5
MRIwEAYDVQQKDAlNb3NxdWl0dG8xCzAJBgNVBAsMAkNBMRYwFAYDVQQDDA1tb3Nx
dWl0dG8ub3JnMR8wHQYJKoZIhvcNAQkBFhByb2dlckBhdGNob28ub3JnMB4XDTEy
MDYyOTIyMTE1OVoXDTIyMDYyNzIyMTE1OVowgZAxCzAJBgNVBAYTAkdCMRcwFQYD
VQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwGA1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1v
c3F1aXR0bzELMAkGA1UECwwCQ0ExFjAUBgNVBAMMDW1vc3F1aXR0by5vcmcxHzAd
BgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hvby5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMYkLmX7SqOT/jJCZoQ1NWdCrr/pq47m3xxyXcI+FLEmwbE3R9vM
rE6sRbP2S89pfrCt7iuITXPKycpUcIU0mtcT1OqxGBV2lb6RaOT2gC5pxyGaFJ+h
A+GIbdYKO3JprPxSBoRponZJvDGEZuM3N7p3S/lRoi7G5wG5mvUmaE5RAgMBAAGj
UDBOMB0GA1UdDgQWBBTad2QneVztIPQzRRGj6ZHKqJTv5jAfBgNVHSMEGDAWgBTa
d2QneVztIPQzRRGj6ZHKqJTv5jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAqw1rK4NlRUCUBLhEFUQasjP7xfFqlVbE2cRy0Rs4o3KS0JwzQVBwG85xge
REyPOFdGdhBY2P1FNRy0MDr6xr+D2ZOwxs63dG1nnAnWZg7qwoLgpZ4fESPD3PkA
1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX
-----END CERTIFICATE-----
)";
#endif
// Connecting to Secure MQTT with QtMqtt and SSL
// https://stackoverflow.com/questions/57829480/how-do-i-perform-a-secure-mqtt-using-qtmqtt-and-ssl
int main(int argc, char *argv[])
{
QCoreApplication a(argc, argv);
// const QString hostname{"test.mosquitto.org"}; // Mosquitto public test server
const QString hostname{"192.168.1.34"}; // Local Mosquitto test server
const quint16 port = 8883;
const QMqttTopicName topic{"qtmqtt/ssl_test"};
const QMqttTopicFilter filter{"qtmqtt/#"};
QSslCertificate cert = QSslCertificate(pem, QSsl::Pem);
QSslConfiguration config; // Since QT 5.14, SSL transport config
config.defaultConfiguration();
config.setProtocol(QSsl::TlsV1_2); // needs to be handled explicitly with
config.addCaCertificate(cert); // client.connectToHostEncrypted(config);
config.setLocalCertificate(cert);
QMqttClient client;
client.setHostname(hostname);
client.setPort(port);
QNetworkAccessManager qnam;
QNetworkRequest request;
QNetworkReply *reply = qnam.get(request);
// Check OpenSSL support is functional
// https://stackoverflow.com/questions/58625924/qt-error-message-qt-network-ssl-qsslsocketconnecttohostencrypted-tls-initia
qDebug() << QSslSocket::sslLibraryBuildVersionString();
qDebug() << QSslSocket::supportsSsl();
qDebug() << QSslSocket::sslLibraryVersionString();
// Check SSL configuration
// https://stackoverflow.com/questions/3683826/qnetworkrequest-and-default-ssl-configuration
qDebug() << "Default SSL configuration isNull: "
<< QSslConfiguration::defaultConfiguration().isNull();
qDebug() << "SSL configuration used by QNAM isNull: "
<< reply->sslConfiguration().isNull();
QObject::connect(&client, &QMqttClient::stateChanged, [](QMqttClient::ClientState state){
if(state == QMqttClient::Disconnected)
qDebug() << " State: Disconnected";
else if(state == QMqttClient::Connecting)
qDebug() << " State: Connecting";
else if(state == QMqttClient::Connected)
qDebug() << " State: Connected";
});
QObject::connect(&client, &QMqttClient::errorChanged, [](QMqttClient::ClientError error){
qDebug() << error;
});
QObject::connect(&client, &QMqttClient::messageReceived, [](const QByteArray &message, const QMqttTopicName &topic){
qDebug() << " Received Topic:" << topic.name() << " Message: " << message;
});
QTimer timer;
QObject::connect(&timer, &QTimer::timeout, [&client, &topic](){
if(client.publish(topic, QDateTime::currentDateTime().toString().toUtf8()) == -1)
qDebug() << "Error: Could not publish message";
});
QObject::connect(&client, &QMqttClient::connected, [&client, &timer, &filter](){
QMqttSubscription *subscription = client.subscribe(filter);
if(!subscription)
qDebug() << "Could not subscribe";
timer.start(1000);
});
client.connectToHostEncrypted(config);
return a.exec();
}
