Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS is ignored #165

Closed
X-Ryl669 opened this issue Apr 1, 2020 · 3 comments
Closed

TLS is ignored #165

X-Ryl669 opened this issue Apr 1, 2020 · 3 comments
Assignees
@troian
Labels
bug question

Comments

@X-Ryl669
Copy link

X-Ryl669 commented Apr 1, 2020

Please fill out the sections below to help us address your issue.

Version of VolantMQ (or SHA)

build info:
	commit : 58b0776
	branch : HEAD
	state  : clean
	summary: v0.4.0-rc.6
	date   : 2020-01-25T18:41:49Z
	version: v0.4.0-rc.6

Version of Go (go version)?

None (or don't know how to get docker's version)

What issue did you see?

TLS enabled in the config does not work, VolantMQ is listening on the given port without SSL.
Here's the relevant part in config:

listeners:
  defaultAddr: "0.0.0.0" # default 127.0.0.1
  mqtt:
    tcp:
      1883:
        host: "0.0.0.0"
      8883:
        host: "0.0.0.0"
        tls:
          cert: "/etc/volantmq/nvse.crt"
          key: "/etc/volantmq/nvse.key"

And here's how I'm starting docker:

docker run --rm -p 1883:1883 -p 8883:8883 -p 8080:8080 -v $(pwd)/volantmqCfg.yaml:/etc/volantmq/config.yaml -v $(pwd)/nvse.crt:/etc/volantmq/nvse.crt -v $(pwd)/nvse.key:/etc/volantmq/nvse.key --env VOLANTMQ_CONFIG=/etc/vola
ntmq/config.yaml volantmq/volantmq

Indeed, both file are accessible inside the container:

docker exec -i 799a9b413d42 ls -l /etc/volantmq
total 12
-rw-r--r--    1 1000     1000          3074 Apr  1 15:25 config.yaml
-rw-r--r--    1 1000     1000          1103 Apr  1 14:15 nvse.crt
-rw-r--r--    1 1000     1000          1704 Apr  1 14:15 nvse.key

Yet, the server is not listening with TLS enabled (only plain protocol) on port 8883.

$ openssl s_client -connect :8883
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1585755791
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
@troian troian added the bug label Apr 1, 2020
@troian
Copy link
Member

troian commented Apr 1, 2020

It's a rather bad and old design. Can you try following config for now. Meanwhile I'll push a fix to put all under tcp section

 tcp:
      1883:
        host: "0.0.0.0"
 ssl:
      8883:
        host: "0.0.0.0"
        tls:
          cert: "/etc/volantmq/nvse.crt"
          key: "/etc/volantmq/nvse.key"

@X-Ryl669
Copy link
Author

X-Ryl669 commented Apr 1, 2020

Yes it's working!

@troian
Copy link
Member

troian commented Apr 1, 2020

v0.4.0-rc.7

@troian troian closed this as completed Apr 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@troian troian

Labels
bug question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@troian @X-Ryl669