-
-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
listener.wss.use_identity_as_username supported? #563
Comments
@larshesel No, I haven't resolved the issue. Here's my current conf, but I've also played around with various combinations of
|
I don't see any real issue with the config file except that you have quite a lot of listeners configured. Are you 100% sure you're connecting to the one on port 8084? Afaict these are the configured listeners:
Which websocket/mqtt client are you using? |
I'm using the golang paho client library with the URL |
I finally had time to look closer into this and I can reproduce this problem. |
We just merged a fix for this issue to master. |
Hi,
I'm attempting to perform certificate-only authentication and set ACL restrictions based on the CN of the client certificate. I have
listener.wss.use_identity_as_username = on
andlistener.wss.require_certificate = on
and can complete the SSL handshake successfully, but cannot get the username to change when using thewss://
listener, while thessl://
listener seems to work fine.I've tried disabling
vnq_passwd
andallow_anonymous
, as well as enabling both and using a username/password.In my latest config, this is the error I'm seeing:
vmq_mqtt_fsm:auth_on_publish:658 can't auth publish [<<"foo">>,{[],<<"agent-foo">>},0,[<<"25ba1b99-9bab-4d8c-8351-6dd816060d45">>],<<"this is msg #43!">>,false] due to chain_exhausted
In this attempt,
25ba1b99-9bab-4d8c-8351-6dd816060d45
is the CN of the cert,foo
was the username andagent-foo
was the client id.Probably unrelated, but my vnq.acl consists of
pattern write %u
.Does the wss listener support
use_identity_as_username
parameter?Environment
The text was updated successfully, but these errors were encountered: