Reputation: 23
Wrapping MQTT data in SSL certificate while sending it to MQTT broker
I am using MQTT python client running on RPI. I am not a guy from Web related field, but i need to implement SSL security while i send some data from my python client to a open source MQTT broker.
I had find out certain package in python for wrapping up SSL security while opening a socket. I am kind of new in python. So i want to understand it how it work and what we need to do if we want to implement SSL security.This question explain much about SSl and how does it happen. But what if i need to implement it with python and how will i install a SSL certificate locally on my RPI (i want some short of open source SSL certificate as i am doing this as local project as of now.)
I used below python code to open a SSL socket and then connect to www.google.com over 443 port.
import socket
import ssl
s_ = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = ssl.wrap_socket(s_, ca_certs='/usr/local/lib/python2.7/dist-packages/requests/cacert.pem',cert_reqs=ssl.CERT_REQUIRED)
s.connect(('www.google.com', 443))
s.write("""GET / HTTP/1.1\r
Host: www.google.com\r\n\r\n""")
d=s.read()
print(d)
s.close()
and i get this output on my console
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: https://www.google.co.in/?gfe_rd=cr&ei=PkW8U8SsPOqK8Qfwt4DYAw
Content-Length: 262
Date: Tue, 08 Jul 2014 19:23:42 GMT
Server: GFE/2.0
Alternate-Protocol: 443:quic
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.co.in/?gfe_rd=cr&ei=PkW8U8SsPOqK8Qfwt4DYAw">here</A>.
</BODY></HTML>
But still i want to ask or understand (what i studied from the available resources) that who ever is opening a SSL socket need to have a SSL certificate, where we are doing that part of sending our SSL certificate to the server or that is being done by openssl library. Also i want to confirm that openssl provide SSL certificate that openssl is using and sending to server?
This link help a bit to understand the basics of SSL security.
Upvotes: 1
Views: 5798
Answers (1)
Reputation: 11608
Could you just use the Paho Python client library to deal with both the MQTT and SSL side of your problem?
A trivial example of subscribing to a topic on the test.mosquitto.org test server and printing the messages received, with SSL support:
import paho.mqtt.client as paho
def on_message(clnt, userdata, msg):
print(msg.topic+" "+str(msg.payload))
mqttc = paho.Client()
mqttc.on_message = on_message
mqttc.tls_set("mosquitto.org.crt") # http://test.mosquitto.org/ssl/mosquitto.org.crt
mqttc.connect("test.mosquitto.org", 8883)
mqttc.subscribe("bbc/#")
mqttc.loop_forever()
Upvotes: 5
Related Questions
- How to use ssl/tls in paho mqtt using python? I got certificate verify failed
- Mqtt TLS certificate verify failed : self signed certificate
- Trying to use mosquitto broker with TLS using paho python
- error while using Self signed ssl certificate for Mqtt broker
- Python Paho-mqtt client with server side certificate problem
- Problem connecting with external MQTT broker
- How to prevent direct access to cert files when connecting MQTT client with Python
- TLS certificate validation failure
- MQTT (Mosquitto) over TLS - certificate error in some programs
- python paho mqtt client connection through ssl/tls giving an error