New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to start bridge (but config 'ok') #851

Closed
chelliwell opened this Issue Jun 7, 2018 · 3 comments

Comments

Projects
None yet
3 participants
@chelliwell

chelliwell commented Jun 7, 2018

I'm starting to explore a mosquitto [1.4.14] bridge for our embedded platform, connecting to AWS with TLS.
The certificates are good (I can connect fine using them with mosquitto_sub); I can also do a bridge connection on Ubuntu [1.4.15] using the same config and same certs.
The config is

log_dest stderr
log_type information
connection MyBridge
bridge_cafile /home/aws-iot-rootCA.crt
bridge_certfile /home/2751a7-certificate.pem.crt
bridge_keyfile /home/2751a7-private.pem.key
address a22ycnwh1dogb9.iot.eu-west-2.amazonaws.com:8883
topic Gw/Br/# in
topic Gw/Br/# out
notifications false
cleansession true

On my platform, however, the connection fails:

1528379856: mosquitto version 1.4.14 (build date 2018-05-29 09:31:30+0100) starting
1528379856: Config loaded from /etc/mosquitto/mosquitto.conf.
1528379856: Opening ipv4 listen socket on port 1883.
1528379856: Opening ipv6 listen socket on port 1883.
1528379856: Warning: Address family not supported by protocol
1528379856: Bridge local.wg2.Bridge doing local SUBSCRIBE on topic Gw/Br/#
1528379856: Connecting bridge Bridge (a22ycnwh1dogb9.iot.eu-west-2.amazonaws.com:8883)
1528379857: Error: Unable to load CA certificates, check bridge_cafile "/home/aws-iot-rootCA.crt".
Segmentation fault

The segfault makes me wonder if it's a build problem. Any 'obvious' possibilities for causes of this? Could be something in how my custom build is configured and/or made?
As I say: a mosquitto_pub - on my platform - is ok using the same credentials.
Thanks.

@chelliwell

This comment has been minimized.

Show comment
Hide comment
@chelliwell

chelliwell Jun 8, 2018

Ok, figured this out with an strace: the directory containing the credentials files need to have permissions 755 (executable for all). Even though I'm running mosquitto as root.
Odd that mosquitto_sub doesn't object without it.

chelliwell commented Jun 8, 2018

Ok, figured this out with an strace: the directory containing the credentials files need to have permissions 755 (executable for all). Even though I'm running mosquitto as root.
Odd that mosquitto_sub doesn't object without it.

@toast-uz

This comment has been minimized.

Show comment
Hide comment
@toast-uz

toast-uz Jul 31, 2018

Contributor

Is this all your config? Is there the user directive in your config? Without the user directive, if you run mosquitto-broker as root, mosuqitto should show a waning message "Warning: Mosquitto should not be run as root/administrator." If there is the user directive, your report is normal because of dropping privilege of mosquitto-broker.

Contributor

toast-uz commented Jul 31, 2018

Is this all your config? Is there the user directive in your config? Without the user directive, if you run mosquitto-broker as root, mosuqitto should show a waning message "Warning: Mosquitto should not be run as root/administrator." If there is the user directive, your report is normal because of dropping privilege of mosquitto-broker.

ralight added a commit that referenced this issue Aug 2, 2018

Fix segfault on startup if bridge CA certificates could not be read.
Closes #851.

Thanks to chelliwell.

Signed-off-by: Roger A. Light <roger@atchoo.org>

@ralight ralight added this to the 1.5.1 milestone Aug 2, 2018

@ralight

This comment has been minimized.

Show comment
Hide comment
@ralight

ralight Aug 2, 2018

Contributor

I'm glad you've got this sorted. The segfault you found is real and worth fixing, so I've done that. Thanks for finding it!

Contributor

ralight commented Aug 2, 2018

I'm glad you've got this sorted. The segfault you found is real and worth fixing, so I've done that. Thanks for finding it!

@ralight ralight closed this Aug 2, 2018

ralight added a commit that referenced this issue Aug 8, 2018

Better fix for #851.
Ensure all sockets that are closed are set to INVALID_SOCKET.

Signed-off-by: Roger A. Light <roger@atchoo.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment