QT MQTT安全连接

问题描述

我已经设置了本地mosquitto服务器;我可以使用没有SSL的QT(​​5.15.0)MQTT连接到它。

尝试使用SSL对其进行配置,看到了关于该主题的不同文章。我仍然无法与服务器正确进行TLS握手。

我能够连接到mosquitto服务器,但是它指出套接错误并断开连接:

1598878059: mosquitto version 1.6.10 starting
1598878059: Config loaded from .\mosquitto.conf.
1598878059: opening ipv6 listen socket on port 8883.
1598878059: opening ipv4 listen socket on port 8883.
1598878082: New connection from 192.168.1.34 on port 8883.
1598878082: Socket error on client <unkNown>,disconnecting.

需要注意的是,MQTT.fx客户端可以使用SSL / TLS和相同的证书成功地与相同的本地mosquitto安装/配置对话。仅Qt MQTT代码就有套接错误问题。

mosquitto配置非常简单:

# Port to use for the default listener.
port 8883


# At least one of cafile or capath must be defined. They both
# define methods of accessing the PEM encoded Certificate
# Authority certificates that have signed your server certificate
# and that you wish to trust.
# cafile defines the path to a file containing the CA certificates.
# capath defines a directory that will be searched for files
# containing the CA certificates. For capath to work correctly,the
# certificate files must have ".crt" as the file ending and you must run
# "openssl rehash <path to capath>" each time you add/remove a certificate.
#cafile
#capath

cafile C:\Program Files\mosquitto\certs\m2mqtt_ca.crt

# Path to the PEM encoded server certificate.
certfile C:\Program Files\mosquitto\certs\m2mqtt_srv.crt

# Path to the PEM encoded keyfile.
keyfile C:\Program Files\mosquitto\certs\m2mqtt_srv.key

在客户端,我确实看到了:

"OpenSSL 1.1.1d  10 Sep 2019"
true
"OpenSSL 1.1.1d  10 Sep 2019"
Default SSL configuration isNull:  false
SSL configuration used by QNAM isNull:  true
 State: Connecting
 State: disconnected
256

我用来测试连接的代码

#include <QCoreApplication>
#include <QtMqtt>
#include <QtNetwork/QNetworkAccessManager>
#include <QtNetwork/qnetworkrequest>
#include <QtNetwork/QNetworkReply>
#include <QSslSocket>
#include <QSslConfiguration>
#if 1
const QByteArray pem = R"(-----BEGIN CERTIFICATE-----
MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5
MRIwEAYDVQQKDAlNb3NxdWl0dG8xCzAJBgNVBAsMAkNBMRYwFAYDVQQDDA1tb3Nx
dWl0dG8ub3JnMR8wHQYJKoZIhvcNAQkBFhByb2dlckBhdGNob28ub3JnMB4XDTEy
MDYyOTIyMTE1OVoXDTIyMDYyNzIyMTE1OVowgZAxCzAJBgNVBAYTAkdCMRcwFQYD
VQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwGA1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1v
c3F1aXR0bzELMAkGA1UECwwCQ0ExFjAUBgNVBAMMDW1vc3F1aXR0by5vcmcxHzAd
BgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hvby5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMYkLmX7SqOT/jJCZoQ1NWdCrr/pq47m3xxyXcI+FLEmwbE3R9vM
rE6sRbP2S89pfrCt7iuiTXPKycpucIU0mtcT1OqxGBV2lb6RaOT2gC5pxyGaFJ+h
A+GIbdYKO3JprPxSBoRponZJvDGEZuM3N7p3S/lRoi7G5wG5mvUmaE5RAgMBAAGj
UDBOMB0GA1UdDgQWBBTad2QneVztIPQzRRGj6ZHKqJTv5jAfBgNVHSMEGDAWgBTa
d2QneVztIPQzRRGj6ZHKqJTv5jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAqw1rK4NlRUCUBLhEFUQasjP7xfFqlVbE2cRy0Rs4o3KS0JwzQVBwG85xge
REyPOFdGdhBY2P1FNRy0MDr6xr+D2ZOwxs63dG1nnAnWZg7qwoLgpZ4fESPD3PkA
1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX
-----END CERTIFICATE-----
)";
#endif

// Connecting to Secure MQTT with QtMqtt and SSL
// https://stackoverflow.com/questions/57829480/how-do-i-perform-a-secure-mqtt-using-qtmqtt-and-ssl

int main(int argc,char *argv[])
{
    QCoreApplication a(argc,argv);

//  const QString hostname{"test.mosquitto.org"};       // Mosquitto public test server
    const QString hostname{"192.168.1.34"};         // Local Mosquitto test server
    const quint16 port = 8883;
    const QMqttTopicName topic{"qtmqtt/ssl_test"};
    const QMqttTopicFilter filter{"qtmqtt/#"};
    QSslCertificate cert = QSslCertificate(pem,QSsl::Pem);

    QSslConfiguration config;               // Since QT 5.14,SSL transport config
    config.defaultConfiguration();
    config.setProtocol(QSsl::TlsV1_2);          // needs to be handled explicitly with
    config.addCaCertificate(cert);              // client.connectToHostEncrypted(config);
    config.setLocalCertificate(cert);

    QMqttClient client;
    client.setHostname(hostname);
    client.setPort(port);

    QNetworkAccessManager qnam;
    qnetworkrequest request;
    QNetworkReply *reply = qnam.get(request);

    // Check OpenSSL support is functional
    // https://stackoverflow.com/questions/58625924/qt-error-message-qt-network-ssl-qsslsocketconnecttohostencrypted-tls-initia
    qDebug() << QSslSocket::ssllibraryBuildVersionString();
    qDebug() << QSslSocket::supportsSsl();
    qDebug() << QSslSocket::ssllibraryVersionString();

    // Check SSL configuration
    // https://stackoverflow.com/questions/3683826/qnetworkrequest-and-default-ssl-configuration
    qDebug() << "Default SSL configuration isNull: "
         << QSslConfiguration::defaultConfiguration().isNull();

    qDebug() << "SSL configuration used by QNAM isNull: "
         << reply->sslConfiguration().isNull();

    QObject::connect(&client,&QMqttClient::stateChanged,[](QMqttClient::ClientState state){
        if(state == QMqttClient::disconnected)
        qDebug() << " State: disconnected";
        else if(state == QMqttClient::Connecting)
        qDebug() << " State: Connecting";
        else if(state == QMqttClient::Connected)
        qDebug() << " State: Connected";
    });

    QObject::connect(&client,&QMqttClient::errorChanged,[](QMqttClient::ClientError error){
        qDebug() << error;

    });

    QObject::connect(&client,&QMqttClient::messageReceived,[](const QByteArray &message,const QMqttTopicName &topic){
        qDebug() << " Received Topic:" << topic.name() << " Message: " << message;
    });

    QTimer timer;
    QObject::connect(&timer,&QTimer::timeout,[&client,&topic](){
        if(client.publish(topic,QDateTime::currentDateTime().toString().toUtf8()) == -1)
        qDebug() << "Error: Could not publish message";
    });

    QObject::connect(&client,&QMqttClient::connected,&timer,&filter](){
        QMqttSubscription *subscription = client.subscribe(filter);
        if(!subscription)
        qDebug() << "Could not subscribe";
        timer.start(1000);
    });

    client.connectToHostEncrypted(config);

    return a.exec();
}

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)