Mqtt Socket Error on Client <Unknown>

Flask-MQTT disconnects after 'Socket error on client unknown' while running on uWSGI NGINX

Alright, it turns I could've read that the whole multiple processes wouldn't work from the start at the official Flask-MQTT documentation. It sais right there in think letters:

Flask-MQTT is currently not suitable for the use with multiple worker
instances.

So I looked at my uwsgi app.ini file again closely and actually the answer is quite simple. I turned out i had a like in there master = true.. after I removed that it works like a charm.

Socket error on client clientid, disconnecting

Apparently there was an exception thrown by client during subscription and the client was trying to reconnect with the same id. Hence the socket error. Fixing the cause of exception fixed the issue.

Mosquitto 2.0.14 MQTT with TLS1.2 connection issues Client unknown disconnected due to malformed packet

Here is a basic setup to get you started. I created the certificates in the same way you did (I usually use certstrap for this due to its ease of use):

openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
openssl genrsa -out mosquitto.key 2048
openssl req -new -key mosquitto.key -out mosquitto.csr
openssl x509 -req -in mosquitto.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out mosquitto.crt -days 3650 -sha256

When generating mosquitto.csr I gave it the CN (Common Name) 127.0.0.1. Basic mosquitto.conf:

log_type all

# Don't do the below in production (it allows anyone to connect with no auth)
allow_anonymous true

listener 8883
keyfile /path/mosquitto.key
certfile /path/mosquitto.crt

After starting mosquitto (I did this in the console using mosquitto -c ./mosquitto.conf) I then ran:

mosquitto_sub -h 127.0.0.1 -p 8883 --cafile ./ca.crt -t sensors/drone01/altitude -d

This successfully connected:

Client null sending CONNECT
Client null received CONNACK (0)
Client null sending SUBSCRIBE (Mid: 1, Topic: sensors/drone01/altitude, QoS: 0, Options: 0x00)
Client null received SUBACK
Subscribed (mid: 1): 0

This does not use client certificates for authentication but it does check that the server name matches the CN in the certificate (try changing 127.0.0.1 to localhost). If your cert does not have the correct CN you would need the --insecure option).

Now that TLS is working lets add the requirement for the client certificate. Technically I could use the same certificate as above but that could be confusing so I'll generate a new one (in production I would use a different CA for this):

openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650 -sha256

Now we update the mosquitto.conf:

log_type all

listener 8883
keyfile /path/mosquitto.key
certfile /path/mosquitto.crt

# We want to require a client certificate
require_certificate true

# This CA is used to verify the client certificate (it need not be the one used for the above mosquitto.crt)
cafile /path/ca.crt

# As we are passing a certificate we can choose to use the certificate CN as out username (removing need for allow_anonymous)
use_identity_as_username true

If you try connecting using the mosquitto_sub parameters used above it should now fail but the following works (or did when I tested it):

mosquitto_sub -h 127.0.0.1 -p 8883 --cafile ./ca.crt --cert ./client.crt --key ./client.key -t sensors/drone01/altitude -d

mosquitto 1.4 - once running with ACL enabled, gets Socket error on client unknown, disconnecting

1429857949: Sending CONNACK to 127.0.0.1 (0, 5)

CONNACK return code of 5 means the connection was not authorised. If it
works with allow_anonymous=true, then it sounds like your client isn't
sending a username / or isn't sending a correct username&password.

It looks like you have a Paho Python client running.

---

Related Topics