Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI WSS auth using Client + Cert does not work, but Username + Password does #1663

Closed
jason-grimme opened this issue May 22, 2024 · 6 comments
Closed

CLI WSS auth using Client + Cert does not work, but Username + Password does #1663

jason-grimme opened this issue May 22, 2024 · 6 comments
Assignees
@Red-Asuka
Labels
bug Something isn't working CLI MQTTX CLI
Milestone
v1.10.0

Comments

@jason-grimme
Copy link

What did I do

I am trying to use CLI to connect to MQTT via WSS with client certificate & key. The same options work in GUI, but not with the CLI. When I use --debug I can see that CLI has some logic where it thinks protocol is mqtts even if I specify protocol as WSS.

What happened

Note: I am trying this with my internal MQTT broker. I am using broker.emqx.io just as example.

✅ Works (Username + Password)
mqttx conn --debug --mqtt-version 3.1.1 --protocol "wss" --insecure -h "broker.emqx.io" -p 8084 --client-id "ThisWillWork" -u "user" -P "pass"
❌ Does not work (Key + Cert + CA)
mqttx conn --debug --mqtt-version 3.1.1 --protocol "wss" --insecure -h "broker.emqx.io" -p 8084 --client-id "ThisWillNotWork" --key "C:\Temp\client.key" --cert "C:\Temp\client.pem" --ca "C:\Temp\server.pem"

Expected

I expect that I can use WSS and certificate based authentication to connect / subscribe / publish, which works in the GUI.

Environment

  • OS: Windows 10
  • MQTTX version: 16.16 (Tested also with February and December release)

More detail

CLI Debug when using Cert + Key. Notice protocol = mqtts on second line

 mqttjs connecting to an MQTT broker... +0ms
  mqttjs:client MqttClient :: options.protocol mqtts +0ms
  mqttjs:client MqttClient :: options.protocolVersion 4 +0ms
  mqttjs:client MqttClient :: options.username undefined +1ms
  mqttjs:client MqttClient :: options.keepalive 30 +0ms
  mqttjs:client MqttClient :: options.reconnectPeriod 1000 +0ms
  mqttjs:client MqttClient :: options.rejectUnauthorized false +1ms
  mqttjs:client MqttClient :: options.topicAliasMaximum undefined +0ms
  mqttjs:client MqttClient :: clientId ThisWillNotWork +0ms
  mqttjs:client MqttClient :: setting up stream +0ms
  mqttjs:client _setupStream :: calling method to clear reconnect +0ms
  mqttjs:client _clearReconnect : clearing reconnect timer +1ms
  mqttjs:client _setupStream :: using streamBuilder provided to client to create stream +0ms
  mqttjs calling streambuilder for mqtts +4ms
  mqttjs:tls port 8084 host broker.emqx.io rejectUnauthorized %b false +0ms
  mqttjs:client _setupStream :: pipe stream to writable stream +21ms
  mqttjs:client _setupStream: sending packet `connect` +0ms
  mqttjs:client sendPacket :: packet: { cmd: 'connect' } +1ms
  mqttjs:client sendPacket :: emitting `packetsend` +1ms
  mqttjs:client sendPacket :: writing to stream +0ms
  mqttjs:client sendPacket :: writeToStream result true +8ms
[5/21/2024] [8:01:40 PM] » ...  Connecting...
  mqttjs:client streamErrorHandler :: error read ECONNRESET +67ms
  mqttjs:client streamErrorHandler :: emitting error +0ms
[5/21/2024] [8:01:40 PM] » ×  Error: read ECONNRESET
    at TLSWrap.onStreamRead (node:internal/stream_base_commons:217:20)
  mqttjs:client end :: (ThisWillNotWork) +1ms
  mqttjs:client end :: cb? true +1ms
  mqttjs:client _clearReconnect : clearing reconnect timer +0ms
  mqttjs:client end :: (ThisWillNotWork) :: immediately calling finish +1ms
  mqttjs:client end :: (ThisWillNotWork) :: finish :: calling _cleanUp with force false +0ms
  mqttjs:client _cleanUp :: done callback provided for on stream close +1ms
  mqttjs:client _cleanUp :: forced? false +0ms
  mqttjs:client _cleanUp :: (ThisWillNotWork) :: call _sendPacket with disconnect packet +0ms
  mqttjs:client _sendPacket :: (ThisWillNotWork) ::  start +1ms
  mqttjs:client _sendPacket :: client not connected. Storing packet offline. +0ms
  mqttjs:client _storePacket :: packet: { cmd: 'disconnect' } +0ms
  mqttjs:client _storePacket :: cb? true +1ms
  mqttjs:client _cleanUp :: (ThisWillNotWork) :: removing stream `done` callback `close` listener +0ms
  mqttjs:client end :: finish :: calling process.nextTick on closeStores +0ms
  mqttjs:client end :: closeStores: closing incoming and outgoing stores +1ms
  mqttjs:client end :: closeStores: emitting end +0ms
  mqttjs:client end :: closeStores: invoking callback with args +1ms
  mqttjs:client nop :: undefined +0ms
  mqttjs:client (ThisWillNotWork)stream :: on close +1ms
  mqttjs:client flushVolatile :: deleting volatile messages from the queue and setting their callbacks as error function +0ms
  mqttjs:client stream: emit close to MqttClient +0ms
  mqttjs:client close :: connected set to `false` +1ms
  mqttjs:client close :: clearing connackTimer +0ms
  mqttjs:client close :: clearing ping timer +1ms
  mqttjs:client close :: calling _setupReconnect +0ms
  mqttjs:client _setupReconnect :: doing nothing... +0ms
[5/21/2024] [8:01:40 PM] » ×  Connection closed

CLI when using username + password. Notice the second line indicates 'wss' and correctly forms the URI wss://broker.emqx.io:8084/mqtt

mqttjs connecting to an MQTT broker... +0ms
  mqttjs:client MqttClient :: options.protocol wss +0ms
  mqttjs:client MqttClient :: options.protocolVersion 4 +0ms
  mqttjs:client MqttClient :: options.username undefined +1ms
  mqttjs:client MqttClient :: options.keepalive 30 +0ms
  mqttjs:client MqttClient :: options.reconnectPeriod 1000 +0ms
  mqttjs:client MqttClient :: options.rejectUnauthorized false +0ms
  mqttjs:client MqttClient :: options.topicAliasMaximum undefined +1ms
  mqttjs:client MqttClient :: clientId ThisWillWork +0ms
  mqttjs:client MqttClient :: setting up stream +0ms
  mqttjs:client _setupStream :: calling method to clear reconnect +1ms
  mqttjs:client _clearReconnect : clearing reconnect timer +0ms
  mqttjs:client _setupStream :: using streamBuilder provided to client to create stream +0ms
  mqttjs calling streambuilder for wss +6ms
  mqttjs:ws streamBuilder +0ms
  mqttjs:ws createWebSocket +0ms
  mqttjs:ws protocol: MQTT 4 +0ms
  mqttjs:ws creating new Websocket for url: wss://broker.emqx.io:8084/mqtt and protocol: mqtt +0ms
  mqttjs:client _setupStream :: pipe stream to writable stream +27ms
  mqttjs:client _setupStream: sending packet `connect` +1ms
  mqttjs:client sendPacket :: packet: { cmd: 'connect' } +0ms
@jason-grimme jason-grimme added the bug Something isn't working label May 22, 2024
@Red-Asuka Red-Asuka self-assigned this May 22, 2024
@Red-Asuka
Copy link
Member

Thank you for your feedback. We have confirmed that this is a bug and it will be fixed in the next version.

@Red-Asuka
Copy link
Member

This bug has already been addressed in a recent Pull Request. We will roll out the updated version as promptly as possible.

@ysfscream ysfscream added the CLI MQTTX CLI label May 22, 2024
@ysfscream ysfscream added this to the v1.10.0 milestone May 22, 2024
@jason-grimme
Copy link
Author

Thank you team, this is great news. Is it expected that I wait until release is available to close this issue? Or do you close?

@ysfscream
Copy link
Member

ysfscream commented May 24, 2024
edited
Loading

We will test after the release and close the issue once it's confirmed that there are no problems. v1.10.0 will be come soon.

@jason-grimme
Copy link
Author

I built from main 19d4e69 and confirmed that issue is resolved.

@ysfscream
Copy link
Member

Updated to https://github.com/emqx/MQTTX/releases/tag/v1.10.0. Thanks for your feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Red-Asuka Red-Asuka

Labels
bug Something isn't working CLI MQTTX CLI
Projects
MQTTX
Status: Done
Milestone
v1.10.0
Development

No branches or pull requests
3 participants
@ysfscream @jason-grimme @Red-Asuka