You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched the issues of this repository and believe that this is not a duplicate.
What happened?
Is the Chirpstack Gateweway Bridge tested for Mutual TLS based generic MQTT connections?
After many tests I can't get authorization without user/password to work.
I want to authorize the Bridge against our broker, which supports MTLS.
When using the certificates in the MQTT Explorer client application or mosquitto_sub the connection is established without any issue.
But using the same files in the Bridge didn't work.
smc_cert.pem includes all three certs of the chain.
smc_key.pem includes the decrypted key.
Bridge logs:
INFO[0000] starting ChirpStack Gateway Bridge docs="https://www.chirpstack.io/gateway-bridge/" version=3.14.6
INFO[0000] backend/semtechudp: starting gateway udp listener addr="127.0.0.1:1701"
DEBU[0000] backend/semtechudp: cleanup gateway registry
INFO[0000] integration/mqtt: gateway id provided by authentication method gateway_id=1231231231231231
INFO[0000] integration/mqtt: setting last will and testament gateway_id=1231231231231231 topic=chirpstack/gateway/1231231231231231/state/conn
DEBU[0000] [client] Connect() module=mqtt
DEBU[0000] [store] memorystore initialized module=mqtt
DEBU[0000] [client] about to write new connect msg module=mqtt
DEBU[0000] [client] socket connected to broker module=mqtt
DEBU[0000] [client] Using MQTT 3.1.1 protocol module=mqtt
DEBU[0000] [net] connect started module=mqtt
DEBU[0000] [net] received connack module=mqtt
ERRO[0000] [client] Connecting to ssl://placeholder:31377 CONNACK was not CONN_ACCEPTED, but rather Connection Refused: Not Authorised module=mqtt
ERRO[0000] [client] Failed to connect to a broker module=mqtt
DEBU[0000] [store] memorystore closed module=mqtt
ERRO[0000] integration/mqtt: connection error error="not Authorized"`
Broker logs:
2023-04-14 11:52:19,688 [client-dispatcher-1-1] TRACE o.t.m.b.s.a.p.SslMqttClientAuthProvider - [1231231231231231] Authenticating client with SSL credentials
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at java.base/sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:556)
at org.thingsboard.mqtt.broker.service.auth.providers.SslMqttClientAuthProvider.authWithSSLCredentials(SslMqttClientAuthProvider.java:76)
at org.thingsboard.mqtt.broker.service.auth.providers.SslMqttClientAuthProvider.authenticate(SslMqttClientAuthProvider.java:59)
at org.thingsboard.mqtt.broker.service.auth.DefaultAuthenticationService.authenticate(DefaultAuthenticationService.java:80)
at org.thingsboard.mqtt.broker.service.auth.DefaultAuthenticationService.authenticate(DefaultAuthenticationService.java:57)
at org.thingsboard.mqtt.broker.actors.client.service.ActorProcessorImpl.authenticateClient(ActorProcessorImpl.java:174)
at org.thingsboard.mqtt.broker.actors.client.service.ActorProcessorImpl.onInit(ActorProcessorImpl.java:68)
at org.thingsboard.mqtt.broker.actors.client.ClientActor.doProcess(ClientActor.java:121)
at org.thingsboard.mqtt.broker.actors.service.ContextAwareActor.process(ContextAwareActor.java:50)
at org.thingsboard.mqtt.broker.actors.TbActorMailbox.processMailbox(TbActorMailbox.java:141)
at java.base/java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1426)
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
at java.base/java.util.concurrent.ForkJoinPool.runWorker(Unknown Source)
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
2023-04-14 11:52:19,688 [client-dispatcher-1-1] ERROR o.t.m.b.s.a.p.SslMqttClientAuthProvider - Failed to authenticate client with SSL credentials! No SSL credentials were found!
2023-04-14 11:52:19,688 [client-dispatcher-1-1] WARN o.t.m.b.a.c.s.ActorProcessorImpl - [1231231231231231] Connection is not established due to: CONNECTION_REFUSED_NOT_AUTHORIZED
When testing with openssl s_server I can see that there might be something missing in the tls handshake:
ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write certificate request A
SSL_accept:SSLv3 flush data
SSL_accept:failed in SSLv3 read client certificate A
ERROR
shutting down SSL
CONNECTION CLOSED
ACCEPT
The text was updated successfully, but these errors were encountered:
What happened?
Is the Chirpstack Gateweway Bridge tested for Mutual TLS based generic MQTT connections?
After many tests I can't get authorization without user/password to work.
I want to authorize the Bridge against our broker, which supports MTLS.
When using the certificates in the MQTT Explorer client application or mosquitto_sub the connection is established without any issue.
But using the same files in the Bridge didn't work.
Bridge configuration:
smc_cert.pem includes all three certs of the chain.
smc_key.pem includes the decrypted key.
Bridge logs:
Broker logs:
When testing with openssl s_server I can see that there might be something missing in the tls handshake:
The text was updated successfully, but these errors were encountered: