SSL with Tortoise lib not working

I’m trying to create a secure connection to an MQTT broker using Tortoise however I receive an error {:error, {:options, {:cert, '/Users/packardgoose/Desktop/host.cert'}}} I’m not sure what I’m doing wrong, should the certificate be a .pem file? I should be able to use a directory for this argument according to some documentation I read.

Here’s the code

@cert '/Users/packardgoose/Desktop/host.cert'
@key '/Users/packardgoose/Desktop/host.key'

{:ok, _pid} = Tortoise.Supervisor.start_child(
client_id: "my_id",
handler: {Tortoise.Handler.Logger, []},
    [host: '',
     port: 8885,
     cacertfile: :certifi.cacertfile(),
     key: @key,
     cert: @cert
keep_alive: 300000,
user_name: Keyword.fetch!(state_tokens, :mqtt_token),
password: Keyword.fetch!(state_tokens, :mqtt_token_pass))

You can either pass in paths to PEM files using the certfile and keyfile options, or DER encoded binary values using the cert and key options.

1 Like

Thanks, can’t believe I missed that. Also I had to add the verify: :verify_none option for the connection to work. Although my client is working now any idea as to why it won’t work with the default verify value? Would it be an issue on my end or the server end?

I’d have to have a look at the error message you’re getting. But if I had to venture a guess, the server might have a wildcard certificate, which is unfortunately not handled very well by Erlang/OTP.

If that is indeed the case, then you have two options:

  1. If you’re on OTP 21, add customize_hostname_check: [match_fun: :public_key.pkix_verify_hostname_match_fun(:https)] to the SSL options

  2. If you’re on an older version, you could use the ssl_verify_fun package to handle the hostname verification

1 Like