Eclipse Paho C Client SSL Connection on iOS
I have been trying for several days to establish a secure ( SSL / TLS ) connection to the IBM MessageSight Virtual Appliance using the equivalent of the latest Eclipse Paho C Client , which is the IBM WebSphere MQ Client Pack MA9B Mobile V1.0.0.4 .
Client side:
Objective-C Code:
...
client = [client initWithHosts:hosts ports:ports clientId:clientId];
ConnectOptions *opts = [[ConnectOptions alloc] init];
opts.timeout = 3600;
/*
opts.userName = @"******";
opts.password = @"******";
*/
opts.cleanSession = cleanSession;
opts.willMessage = nil;
NSBundle *mainBundle = [NSBundle mainBundle];
NSString *ksFile = [mainBundle pathForResource: @"ClientKeyStore" ofType: @"pem"];
NSString *pkFile = [mainBundle pathForResource: @"ClientKey" ofType: @"pem"];
NSString *tsFile = [mainBundle pathForResource: @"RootCAKey" ofType: @"pem"];
if (DEBUG) {
NSLog(@"Bundle ==> %@", mainBundle);
NSLog(@"ClientKeyStore ==> %@", ksFile);
NSLog(@"ClientKey ==> %@", pkFile);
NSLog(@"TrustStore ==> %@", tsFile);
}
SSLOptions *ssl = [[SSLOptions alloc] init];
ssl.enableServerCertAuth = NO;
// ssl.enabledCipherSuites = @"SHA2";
ssl.keyStore = ksFile;
ssl.privateKey = pkFile;
ssl.privateKeyPassword = @"******";
ssl.trustStore = tsFile;
opts.sslProperties = ssl;
[client connectWithOptions:opts invocationContext:self onCompletion:callback];
This is the Objective-C code that I used to interact with the C library through the wrapper (MqttOCClient.h / m).
Now the specs:
- iOS 7.1, Xcode 6.3.1 (Simulator).
- iOS 8.3, Xcode 6.3.1 (iPhone 5S).
- MQTT iOS client: IBM WebSphere MQ Client Pack MA9B for Mobile V1.0.0.4 ( http://www-01.ibm.com/support/knowledgecenter/?lang=en#!/SSFKSJ_7.5.0/com.ibm. mm.tc.doc / tc10120_.htm ).
Trace:
I have enabled trace mode in the library via 2 environment variables:
MQTT_C_CLIENT_TRACE_LEVEL = MAXIMUM
MQTT_C_CLIENT_TRACE = ON
and this is the result:
D] >>MessagingClient::connectWithOptions
I] first serverURI is ssl://example.com:1884
=========================================================
Trace Output
Product name: Paho Asynchronous MQTT C Client Library
Version: ##MQTTCLIENT_VERSION_TAG##
Build level: ##MQTTCLIENT_BUILD_TAG##
OpenSSL version: OpenSSL 1.0.1h 5 Jun 2014
OpenSSL flags: compiler: /Applications/Xcode.app/Contents/Developer/usr/bin/gcc -arch i386 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk -miphoneos-version-min=7.1 -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk -fomit-frame-pointer -fno-common
OpenSSL build timestamp: built on: Thu Jun 5 14:59:07 BST 2014
OpenSSL platform: platform: iphoneos-cross
OpenSSL directory: OPENSSLDIR: "/tmp/openssl-1.0.1h-iOS-i386"
=========================================================
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x7a068df0
19691231 200000.000 (42856916) (1)> Socket_outInitialize:124
19691231 200000.000 (42856916) (2)> SocketBuffer_initialize:85
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/SocketBuffer.c line 73 ptr 0x79f75480
19691231 200000.000 Allocating 1008 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/SocketBuffer.c line 75 ptr 0x7a917000
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79f791c0
19691231 200000.000 (42856916) (2)< SocketBuffer_initialize:89
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79f792a0
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79f786f0
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x7a26ba90
19691231 200000.000 (42856916) (1)< Socket_outInitialize:137
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x7a26bcb0
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x7a26ba20
19691231 200000.000 (42856916) (1)> SSLSocket_initialize:398
19691231 200000.000 Allocating 1808 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/SSLSocket.c line 414 ptr 0x7b8fd600
...
20150514 130126.866 (42856916) (2)< SSL_create_mutex:313 (0)
20150514 130126.866 (42856916) (2)> SSL_create_mutex:307
...
20150514 130126.867 (42856916) (1)< SSLSocket_initialize:438 (1)
20150514 130126.867 Allocating 144 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/MQTTAsync.c line 374 ptr 0x79f75f10
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/MQTTAsync.c line 386 ptr 0x79f75fb0
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79ec7160
20150514 130126.867 Allocating 16 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 93 ptr 0x79e78970
20150514 130126.867 Allocating 96 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/MQTTAsync.c line 391 ptr 0x79ec1840
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79ec1780
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79ed00c0
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79ec9090
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/MQTTAsync.c line 397 ptr 0x79ec2110
20150514 130126.867 (42856916) (1)> MQTTPersistence_create:47
20150514 130126.867 (42856916) (1)< MQTTPersistence_create:93 (0)
20150514 130126.867 (42856916) (1)> MQTTPersistence_initialize:108
20150514 130126.867 (42856916) (1)< MQTTPersistence_initialize:116 (0)
20150514 130126.867 (42856916) (1)> MQTTAsync_restoreCommands:666
20150514 130126.867 0 commands restored for client 32c94ab93d29fda895b02f6
20150514 130126.867 (42856916) (1)< MQTTAsync_restoreCommands:698 (0)
20150514 130126.867 (42856916) (1)> MQTTAsync_restoreMessageQueue:1872
20150514 130126.867 0 queued messages restored for client 32c94ab93d29fda895b02f6
20150514 130126.867 (42856916) (1)< MQTTAsync_restoreMessageQueue:1903 (0)
20150514 130126.867 Allocating 16 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 93 ptr 0x79e7cef0
20150514 130126.867 (42856916) (0)< MQTTAsync_create:416 (0)
2015-05-14 13:01:26.867 SmartBanking[2616:607] D] C Client created
20150514 130126.867 (42856916) (0)> MQTTAsync_setCallbacks:1658
20150514 130126.867 (42856916) (0)< MQTTAsync_setCallbacks:1672 (0)
2015-05-14 13:01:26.868 SmartBanking[2616:607] D] Calling C client to make connection
20150514 130126.867 (42856916) (0)> MQTTAsync_connect:1990
20150514 130126.867 (42856916) (0)< MQTTAsync_connect:2177 (-8)
E] C client connect failed
Connection Error: ErrorCode=8 ErrorMessage=Unable to connect
D] <<MessagingClient::connectWithOptions
Server side:
- IBM MessageSight v1.1.0
- Server certificate: 2048 bytes self-signed.
- Security is enabled and the endpoint is installed.
- User and password are included.
Side notes:
- If I use a browser, I can view the certificate, which means it can connect to the server.
- Works if I use Eclipse Paho for Java, checking the server certificate with the same TrustStore (which contains a self signed CA).
I would appreciate it if someone who established an SSL connection to MQTT from iOS using this library can point me in the right direction.
Respectfully,
+3
source to share
1 answer
I suspect your problem is related to the version of cipherspec / ssl you are using. Java encryption by default can be supported by MessageSight 1.1, but the default iOS cipherspec cannot.
You should try installing the specific cipherspec that is in the supported list .
+1
source to share