GithubHelp home page GithubHelp logo

Comments (2)

wwhai avatar wwhai commented on August 15, 2024

Can you try only use CA file?

from emqx-auth-mysql.

wwhai avatar wwhai commented on August 15, 2024

Hello.

I tried to connect via TLS connection (two way), and i got error:

2021-01-22 03:10:09.150 [error] <<"mosq-8uSquVlIsFP0oF0bHq">>@10.77.1.1:60320 [Hooks] Failed to execute {fun emqx_auth_mysql:check/3,[#{auth_query => {"select password from mqtt_user where username = ? limit 1",["'%C'"]},hash_type => md5,pool => emqx_auth_mysql,super_query => {"select is_superuser from mqtt_user where username = ? limit 1",["'%C'"]}}]}: {badarg,[{erlang,iolist_to_binary,[undefined],[]},{crypto,hash,2,[{file,"crypto.erl"},{line,604}]},{emqx_passwd,hash,2,[{file,"emqx_passwd.erl"},{line,59}]},{emqx_passwd,check_pass,2,[{file,"emqx_passwd.erl"},{line,41}]},{emqx_auth_mysql,check_pass,2,[{file,"emqx_auth_mysql.erl"},{line,85}]},{emqx_auth_mysql,check,3,[{file,"emqx_auth_mysql.erl"},{line,43}]},{emqx_hooks,safe_execute,2,[{file,"emqx_hooks.erl"},{line,164}]},{emqx_hooks,do_run_fold,3,[{file,"emqx_hooks.erl"},{line,143}]}]}
2021-01-22 03:10:09.151 [warning] <<"mosq-8uSquVlIsFP0oF0bHq">>@10.77.1.1:60320 [Channel] Client mosq-8uSquVlIsFP0oF0bHq (Username: 'undefined') login failed for not_authorized

My MySQL config is:

auth.mysql.auth_query = select password from mqtt_user where username = '%C' limit 1
auth.mysql.password_hash = md5
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%C' limit 1
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c' or clientid = '$all'

auth.mysql.ssl = on
auth.mysql.ssl.cafile  = root.pem
auth.mysql.ssl.certfile = server.pem
auth.mysql.ssl.keyfile = server.key

If i change %C to %us, connecting via username+password => it's ok.
But via TLS i got error. I don't have password for TLS certs, what should i do in this situation?
Should i use auth.mysql.* section?

I need to connect via TLS without password, using only root.pem -> client.pem -> client.key files.

If i allow anonymous - it's ok.

Help me, please. The intenet has information only for usersname+password connection.

Hi, have you resolved this? I will close this issue if you did it.

from emqx-auth-mysql.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.