CODEWITHSUNDEEP
androidsslmqtthivemqtrustmanager
Palakkumar Darji
Palakkumar Darji

Reputation: 1

Unable to connect test.mosquitto.org over port 8885 encrypted, authenticated from HiveMQ Android client

I am trying to connect to test.mosquitto.org over port 8885 with tls from Android HiveMQ library. Username : rw, password: readwrite

MqttClientBuilder mqttClientBuilder = MqttClient.builder()
    .identifier(UUID.randomUUID().toString())
    .serverHost("test.mosquitto.org")
    .serverPort(8885);

I use this builder to create Mqtt3AsyncClient with this code:

Mqtt3AsyncClient mqtt3Client = mqttClientBuilder
   .useMqttVersion3()
   .buildAsync();

I am getting this error while making connection.

[RxComputationThreadPool-1] connect failed javax.net.ssl.SSLHandshakeException: No subjectAltNames on the certificate match
com.hivemq.client.mqtt.exceptions.ConnectionFailedException: javax.net.ssl.SSLHandshakeException: No subjectAltNames on the certificate match
Caused by: javax.net.ssl.SSLHandshakeException: No subjectAltNames on the certificate match
    at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:363)
    at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
    at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
    at com.android.org.conscrypt.Java8EngineWrapper.unwrap(Java8EngineWrapper.java:237)
    at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:309)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1473)
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1366)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1415)
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.lang.Thread.run(Thread.java:1012)
Caused by: java.security.cert.CertificateException: No subjectAltNames on the certificate match
    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:419)
    at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:366)
    at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102)
    at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:106)
    at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:256)
    at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
    at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
    at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
    at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
    at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataHeap(ConscryptEngine.java:1115)
    at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1087)
    ... 27 more

I am not sure why its not working. I tried to connect on 8883, 8886 which works fine with this code. According to this page on https://test.mosquitto.org, port 8885 does not require any certificate.

Above error is related to certificate. Any help would be greatly appreciated. We want to use this lib on prod app. Thank you.

I tried with this:

mqttClientBuilder.sslWithDefaultConfig();

as well as this:

mqttClientBuilder.sslConfig(
    MqttClientSslConfig
        .builder()
        .trustManagerFactory(null)
        .keyManagerFactory(null)
        .build()
    );

Upvotes: 0

Views: 38

Answers (0)

Related Questions