MQTTSubscribeDriver TLS

[Fjordey]

Does anyone know if it is possible for MQTTSubscribeDriver to make a TLS connection? 

Using a cloud broker and they are all using TLS connections. (at least all the free brokers are)

I dug into the readme files of that driver and it talks about having TLS added awhile back and shows how to add certs etc... but I do not see how to connect to MQTTS.

FJ

[bell...@gmail.com]

I’m not following your question. I was able to connect to test.mosquitto.org using the following configuration.

[MQTTSubscribeDriver]
    driver = user.MQTTSubscribe

    host = test.mosquitto.org 

  port = 8886 

  [[tls]] 

    tls_version = tls 

 . 

 . 

 .

rich

[Fjordey]

Rich, 

I was missing that part... but still not working... 

[[tls]] 

    tls_version = tls 

The problem now is I'm getting an error code 5 - I'm sure it's something simple.

CRITICAL weewx.engine:     ****  weewx.WeeWxIOError: Unable to connect. Return code is 5 flags are {'session present': 0}.

here's my config for that now which fails:

    # The driver to use:

    driver = user.MQTTSubscribe

    # The MQTT server.
    # Default is localhost.
    host = **************.s2.eu.hivemq.cloud

    # The port to connect to.
    # Default is 1883.
    port = 8883

    [[tls]]
    tls_version = tls

    # Maximum period in seconds allowed between communications with the broker.
    # Default is 60.
    keepalive = 60

    # username for broker authentication.
    # Default is None.
    username = *******

    # password for broker authentication.
    # Default is None.
    password = *********

    # Configuration for the message callback.
    [[message_callback]]

[Fjordey]

Resolved: 

I had to do some investigative work here: 

#1 After going through the code I found out what code 5 meant - (Connection refused - not authorised) (found that  in pubmqtt.py)

#2 That told me right there that the username and password were not being passed - then looking at my config I see I put the  [[tls]]

    tls_version = tls before the username and password when it should have been after. 

#3 looking through the code further I found .conf examples in the MQTTSubscribe.py -   which clearly shows where the [[tls]] needed to go, and just verifying the observation I made above.

Rich - Thank You for your help, it helped me dig deeper... Not sure if there is a way to get the TLS option added during the station re-config phase of this, it would have made it easier. [MQTTSubscribeDriver]

For others that may run into this here's the config that I am using now... 

Also I'm using the newest WeeWx 5.0 beta - 

[MQTTSubscribeDriver]
    # This section is for the MQTTSubscribe driver.

    # The driver to use:
    driver = user.MQTTSubscribe

    # The MQTT server.
    # Default is localhost.

     host = localhost

    # The port to connect to.
    # Default is 1883.
    port = 8883

    # Maximum period in seconds allowed between communications with the broker.
    # Default is 60.
    keepalive = 60

    # username for broker authentication.
    # Default is None.

    username = what ever you have it set at (none is default)

    # password for broker authentication.

    password = what ever you have it set at (none is default)

    # Controls the MQTT logging.
    # Default is false.
    log = false

    # The TLS options that are passed to tls_set method of the MQTT client.
    # For additional information see, https://eclipse.org/paho/clients/python/docs/strptime-format-code
    [[tls]]
        # The version of the SSL/TLS protocol to be used.
        # Valid values: sslv2, sslv23, sslv3, tls, tlsv1, tlsv11, tlsv12.
        # Default is tlsv12.
        tls_version = tlsv12

FJ

[Graham Eddy]

for the record, a reminder:

conf syntax is driven by the [..[ ]..] sections, not by indent.

putting ‘username’ after ‘[[tls]]’ means username is inside [[tls]] section, not in parent section (indenting irrelevant)

⊣GE⊢

[bell...@gmail.com]

FJ,  
Thanks for letting us know you are up and running. When I first started with WeeWX, the fact that indentation is just for readability tripped me up. A couple of additional things.
- The complete documentation for the [[tls]] section is here, https://github.com/bellrichm/WeeWX-MQTTSubscribe/wiki/Configuring-additional-options#the-tls-section.
- I found the function to lookup the string value for connection errors. The message will now look like this, “CRITICAL weewx.engine: **** weewx.WeeWxIOError: Unable to connect. Return code is 5, ‘Connection Refused: not authorised.’, flags are {'session present': 0}.”. This will be in MQTTSubscribe 2.3.0.
- In MQTTSubscribe v3 I am dropping support for python 2.7.x and therefore WeeWX 3 (technically 3.7.1+). Documentation updates for WeeWX 5 are planned. This seems to be a good time for me to revisit the install of MQTTSubscribe. I’ve learned a lot since I first wrote it.  
    rich