Mochi MQTT
How to reference a common name inside a client certification in server.Events? #87
-
|
Dear, great developers! This product is extremely clean and neat code, also easy to understand. Thank all of the developers for your effort. I've looked around some documents and tested this product. And after reading almost the code of this product, I could not find how to access a common name in the certificate at Currently, I've created a management system of IoT devices using AWS IoT and I would like to move all to a self-managed MQTT server from AWS. Looks Mochi MQTT server is the best for my purpose. The current devices use the TLS and provide the client certificates for each device to be identified what devices are accessed. I know MQTT defines other authentication methods on the layer itself, however, we wanted to manage all devices by the certificates. Now I'm looking around |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 5 replies
-
|
How about instead of trying to do it in the EstablishFunc set up a VerifyPeerCertificate function on the Server's TLSConfig? Also, I'd be really interested in hearing about the reasons that helped you to decide to spin your own solution intsead of using AWS IoT? Either here or could I contact you off list? |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your reply! I'll try your solution candidate and report the result later. AWS IoT is still a great platform to launch MQTT servers quickly, and another advantage of AWS IoT is a managed service. I could get a result of what I want to do. AWS IoT is an entrance of the data. It means all things should depend on other AWS services. Lambda, DynamoDB, and Awww, yeah, many other services are required. Each service is tiny, but assembling all services is too much for me as a system. I want the system to become smaller and simpler. I want to add other features and restart the system quickly. golang generates a single binary and becomes it easy to install. Just compiling, running, and testing is very handy for me. Mochi MQTT Server is the best for this philosophy. The serverless like AWS IoT is the best solution for me in the early phase to confirm the sort of feasibility. |
Beta Was this translation helpful? Give feedback.
-
|
it greatly works fine! thank you very much! |
Beta Was this translation helpful? Give feedback.
-
|
@YamazakiYasuhiro I'm also looking for emulating AWS IOT core locally, mainly for testing, did you get far on this, is it viable? |
Beta Was this translation helpful? Give feedback.
-
|
@RangelReale If you want to test MQTT with other compatible AWS features, the answer is no. AWS IoT Core has a bunch of features and Web APIs. My implementation is independent of these. Only a test of simple connectivity of MQTT would work fine. |
Beta Was this translation helpful? Give feedback.
-
|
looks like it is also available in |
Beta Was this translation helpful? Give feedback.
-
|
@RangelReale Client.Net.conn is currently not exported, but I can change it to be exported if that would be beneficial for everyone. Let me know what you think 👍🏻 |
Beta Was this translation helpful? Give feedback.
-
|
@RangelReale Client.Net.Conn is now exported as of v2.1.3 - let me know if this helps |
Beta Was this translation helpful? Give feedback.
-
|
just tested, I am able to get the same certificate as the one in the func (h *AuthHook) OnConnectAuthenticate(cl *mqtt.Client, pk packets.Packet) bool {
if tlsConn, ok := cl.Net.Conn.(*tls.Conn); ok {
for _, cert := range tlsConn.ConnectionState().PeerCertificates {
fmt.Println("Public Key: ")
fmt.Println(x509.MarshalPKIXPublicKey(cert.PublicKey))
fmt.Println("Subject: ")
fmt.Println(cert.Subject)
}
}
return true
} |
Beta Was this translation helpful? Give feedback.
How about instead of trying to do it in the EstablishFunc set up a VerifyPeerCertificate function on the Server's TLSConfig?
Also, I'd be really interested in hearing about the reasons that helped you to decide to spin your own solution intsead of using AWS IoT? Either here or could I contact you off list?