我已经尝试了几天来建立安全( ssl/tls )连接到 ibm Messageight Virtual Appliance 等同于最新的 eclipse paho c client 库,它是 IBM WebM WebM websphere MQ客户端PACK MA9B MA9B用于移动v1.0.0.0.4 。
客户端:
Objective-C代码:
...
client = [client initWithHosts:hosts ports:ports clientId:clientId];
ConnectOptions *opts = [[ConnectOptions alloc] init];
opts.timeout = 3600;
/*
opts.userName = @"******";
opts.password = @"******";
*/
opts.cleanSession = cleanSession;
opts.willMessage = nil;
NSBundle *mainBundle = [NSBundle mainBundle];
NSString *ksFile = [mainBundle pathForResource: @"ClientKeyStore" ofType: @"pem"];
NSString *pkFile = [mainBundle pathForResource: @"ClientKey" ofType: @"pem"];
NSString *tsFile = [mainBundle pathForResource: @"RootCAKey" ofType: @"pem"];
if (DEBUG) {
NSLog(@"Bundle ==> %@", mainBundle);
NSLog(@"ClientKeyStore ==> %@", ksFile);
NSLog(@"ClientKey ==> %@", pkFile);
NSLog(@"TrustStore ==> %@", tsFile);
}
SSLOptions *ssl = [[SSLOptions alloc] init];
ssl.enableServerCertAuth = NO;
// ssl.enabledCipherSuites = @"SHA2";
ssl.keyStore = ksFile;
ssl.privateKey = pkFile;
ssl.privateKeyPassword = @"******";
ssl.trustStore = tsFile;
opts.sslProperties = ssl;
[client connectWithOptions:opts invocationContext:self onCompletion:callback];
这是我用来通过其包装器(mqttocclient.h/m)与C库进行交互的Objective-C代码。
现在规格:
- iOS 7.1开始,xcode 6.3.1(模拟器)。
- iOS 8.3,xcode 6.3.1(iPhone 5s)。
- MQTT iOS客户端:IBM WebSphere MQ客户端PACK MA9B用于移动v1.0.0.4(http://wwww-01.ibm.com/support/support/knowledgecenter/?lang= en#!ibm.mm.tc.doc/tc10120_.htm)。
跟踪:
我已经通过2个环境变量在库上启用了跟踪模式:
MQTT_C_CLIENT_TRACE_LEVEL = MAXIMUM
MQTT_C_CLIENT_TRACE = ON
这是输出:
D] >>MessagingClient::connectWithOptions
I] first serverURI is ssl://example.com:1884
=========================================================
Trace Output
Product name: Paho Asynchronous MQTT C Client Library
Version: ##MQTTCLIENT_VERSION_TAG##
Build level: ##MQTTCLIENT_BUILD_TAG##
OpenSSL version: OpenSSL 1.0.1h 5 Jun 2014
OpenSSL flags: compiler: /Applications/Xcode.app/Contents/Developer/usr/bin/gcc -arch i386 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk -miphoneos-version-min=7.1 -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk -fomit-frame-pointer -fno-common
OpenSSL build timestamp: built on: Thu Jun 5 14:59:07 BST 2014
OpenSSL platform: platform: iphoneos-cross
OpenSSL directory: OPENSSLDIR: "/tmp/openssl-1.0.1h-iOS-i386"
=========================================================
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x7a068df0
19691231 200000.000 (42856916) (1)> Socket_outInitialize:124
19691231 200000.000 (42856916) (2)> SocketBuffer_initialize:85
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/SocketBuffer.c line 73 ptr 0x79f75480
19691231 200000.000 Allocating 1008 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/SocketBuffer.c line 75 ptr 0x7a917000
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79f791c0
19691231 200000.000 (42856916) (2)< SocketBuffer_initialize:89
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79f792a0
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79f786f0
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x7a26ba90
19691231 200000.000 (42856916) (1)< Socket_outInitialize:137
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x7a26bcb0
19691231 200000.000 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x7a26ba20
19691231 200000.000 (42856916) (1)> SSLSocket_initialize:398
19691231 200000.000 Allocating 1808 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/SSLSocket.c line 414 ptr 0x7b8fd600
...
20150514 130126.866 (42856916) (2)< SSL_create_mutex:313 (0)
20150514 130126.866 (42856916) (2)> SSL_create_mutex:307
...
20150514 130126.867 (42856916) (1)< SSLSocket_initialize:438 (1)
20150514 130126.867 Allocating 144 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/MQTTAsync.c line 374 ptr 0x79f75f10
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/MQTTAsync.c line 386 ptr 0x79f75fb0
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79ec7160
20150514 130126.867 Allocating 16 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 93 ptr 0x79e78970
20150514 130126.867 Allocating 96 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/MQTTAsync.c line 391 ptr 0x79ec1840
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79ec1780
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79ed00c0
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 56 ptr 0x79ec9090
20150514 130126.867 Allocating 32 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/MQTTAsync.c line 397 ptr 0x79ec2110
20150514 130126.867 (42856916) (1)> MQTTPersistence_create:47
20150514 130126.867 (42856916) (1)< MQTTPersistence_create:93 (0)
20150514 130126.867 (42856916) (1)> MQTTPersistence_initialize:108
20150514 130126.867 (42856916) (1)< MQTTPersistence_initialize:116 (0)
20150514 130126.867 (42856916) (1)> MQTTAsync_restoreCommands:666
20150514 130126.867 0 commands restored for client 32c94ab93d29fda895b02f6
20150514 130126.867 (42856916) (1)< MQTTAsync_restoreCommands:698 (0)
20150514 130126.867 (42856916) (1)> MQTTAsync_restoreMessageQueue:1872
20150514 130126.867 0 queued messages restored for client 32c94ab93d29fda895b02f6
20150514 130126.867 (42856916) (1)< MQTTAsync_restoreMessageQueue:1903 (0)
20150514 130126.867 Allocating 16 bytes in heap at file /Users/asm/workspace/Client/client_ios/iosMQTT/iosMQTT/mqttCClient/LinkedList.c line 93 ptr 0x79e7cef0
20150514 130126.867 (42856916) (0)< MQTTAsync_create:416 (0)
2015-05-14 13:01:26.867 SmartBanking[2616:607] D] C Client created
20150514 130126.867 (42856916) (0)> MQTTAsync_setCallbacks:1658
20150514 130126.867 (42856916) (0)< MQTTAsync_setCallbacks:1672 (0)
2015-05-14 13:01:26.868 SmartBanking[2616:607] D] Calling C client to make connection
20150514 130126.867 (42856916) (0)> MQTTAsync_connect:1990
20150514 130126.867 (42856916) (0)< MQTTAsync_connect:2177 (-8)
E] C client connect failed
Connection Error: ErrorCode=8 ErrorMessage=Unable to connect
D] <<MessagingClient::connectWithOptions
服务器端:
- IBM MessagesIght v1.1.0
- 服务器证书:2048bits自签名。
- 启用了安全性,端点已上升。
- 用户并通过启用。
侧面注:
- 如果我使用浏览器,我可以查看证书,这意味着它可以连接到服务器。
- 如果我使用Eclipse paho进行Java,可以使用相同的信托店验证服务器证书(其中包含自签名的CA)。
如果使用此库与iOS与MQTT建立SSL连接的人可以将我指向正确的方向。
问:
我怀疑您的问题是您正在使用的CIPHERSPEC/SSL版本。Java默认CIPHERSPEC可以由MessagesIght 1.1支持,但是默认的iOS CiphersPec可能不。
您应该尝试设置受支持列表中的特定cipherspec。