mqtt client with TLS on Android failure
928 views
Skip to first unread message
Roy Chen
Oct 6, 2019, 11:08:21 PM10/6/19
to rabbitmq-users
Hi there,
My Java MQTT client on desktop with TLS is working fine. But same is not working fine in Android (API 29) (MqttException (0) - javax.net.ssl.SSLHandshakeException: Handshake failed)
The strange thing is that not all rabbitmq will fail on Android, Some rabbitmq accept my android mqtt connection, but some does not accept.
Below are my codes and error message and rabbitmq versions:
Android Mqtt Client Code
import androidx.appcompat.app.AppCompatActivity;
import android.os.Bundle;
import org.eclipse.paho.client.mqttv3.IMqttToken;import org.eclipse.paho.client.mqttv3.MqttClient;import org.eclipse.paho.client.mqttv3.MqttConnectOptions;import org.eclipse.paho.client.mqttv3.persist.MemoryPersistence;
import java.security.SecureRandom;import java.util.UUID;
import javax.net.ssl.SSLContext;import javax.net.ssl.TrustManager;import javax.net.ssl.X509TrustManager;
public class MainActivity extends AppCompatActivity { void testMqtt(String url, String username, String password) { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { }
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } };
try { String clientId = UUID.randomUUID().toString();
SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustAllCerts, new SecureRandom());
MqttClient mqttClient = new MqttClient(url, clientId, new MemoryPersistence());
MqttConnectOptions options = new MqttConnectOptions();
options.setUserName(username); options.setPassword(password.toCharArray()); options.setSocketFactory(sslContext.getSocketFactory());
IMqttToken token = mqttClient.connectWithResult(options); token.waitForCompletion(5000); System.out.println("connect success"); } catch (Exception e) { e.printStackTrace(); } }
@Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main);
String url = "ssl://{RABBITMQ_ENDPOINT}:8883";
String username = ""; String password = "";
testMqtt(url, username, password); }}Rabbitmq Connection test result
| OS / Rabbitmq | Rabbitmq A |
| Rabbitmq C | |||
| OSX | ok | ok | ok | |||
| Win10 | ok | ok | ok | |||
| Android Simulator Pixel 3a (Simulator) (API 29) | ok | ok | Handshake failed | |||
| Android HTC One Max | ok | ok | Handshake failed |
RabbitMq
- Rabbitmq A
- RabbitMQ 3.6.9 / Erlang 19.3
- Rabbitmq B
- RabbitMQ 3.7.15 / Erlang 22.0.5
- Rabbitmq C
- RabbitMQ 3.7.9 / Erlang 20.3.8.3
Error message
2019-10-07 10:31:10.095 941-941/com.example.mqtttest W/System.err: MqttException (0) - javax.net.ssl.SSLHandshakeException: Handshake failed2019-10-07 10:31:10.095 941-941/com.example.mqtttest W/System.err: at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)2019-10-07 10:31:10.095 941-941/com.example.mqtttest W/System.err: at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:736)2019-10-07 10:31:10.095 941-941/com.example.mqtttest W/System.err: at java.lang.Thread.run(Thread.java:919)2019-10-07 10:31:10.095 941-941/com.example.mqtttest W/System.err: Caused by: javax.net.ssl.SSLHandshakeException: Handshake failed2019-10-07 10:31:10.095 941-941/com.example.mqtttest W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:288)2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:149)2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:722)2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: ... 1 more2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xd553d3f8: Failure in SSL library, usually a protocol error2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: error:100000f1:SSL routines:OPENSSL_internal:WRONG_CERTIFICATE_TYPE (external/boringssl/src/ssl/ssl_cert.cc:709 0xcfbd3543:0x00000000)2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:387)2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:226)2019-10-07 10:31:10.096 941-941/com.example.mqtttest W/System.err: ... 3 moreWireshark capture
Win10 Connect to Rabbitmq C
android connect to Rabbitmq C
Succes Android Mqtt Connection on rabbitmq management
Could anyone point out what happened on my android mqtt client, thanks!
Arnaud Cogoluègnes
Oct 7, 2019, 4:11:32 AM10/7/19
to rabbitm...@googlegroups.com
You should upgrade your C environment to the latest Erlang, 20.3.8.22 [1] or 21.3.8.7 [2], as suggested in [3]. RabbitMQ does not implement TLS, Erlang OTP does, so the problem is likely to lie there, especially if the client can connect on the other environment without any change.
Needless to say you should use the latest Erlang / RabbitMQ combination if you can.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/39f3426a-18a6-475b-9c43-680614bc22f8%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages