You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a HiveMQ-Broker with TLS Encryption enabled. We were able to connect via iOS, but got an error on android, even though we do not use platform-specific code. To inspect the issue, we added a debug output to the CertificateValidationHandler, like described in the client sample 'Inspect_Certificate_Validation_Errors()'. There we can see the difference between iOS and Android.
For iOS we see, that there are no errors in validating the certificate chain.
For Android we see, that there are 'RemoteCertificateChainErrors', because the RevocationStatus is unknown.
The certificate chain presented by the HiveMQ Broker is valid, we already checked that and it is reproducable on different brokers not only HiveMQ.
Which component is your bug related to?
Client
To Reproduce
Steps to reproduce the behavior:
Using this code, it's everything in there, like an example broker. Deploy it to android and iOS to get the described behavior.
`varmqttFactory=new MqttFactory();using(varmqttClient= mqttFactory.CreateMqttClient()){varmqttClientOptions=new MqttClientOptionsBuilder().WithTcpServer("689fc9876685493f8f11ba11d0154f35.s2.eu.hivemq.cloud",8883).WithCredentials("AppIot","Michael1$").WithTlsOptions(o =>{ o.WithCertificateValidationHandler(eventArgs =>{ System.Diagnostics.Debug.WriteLine(eventArgs.Certificate.Subject); System.Diagnostics.Debug.WriteLine(eventArgs.Certificate.GetExpirationDateString()); System.Diagnostics.Debug.WriteLine(eventArgs.Chain.ChainPolicy.RevocationMode); System.Diagnostics.Debug.WriteLine("Chain Certs"); eventArgs.Chain.ChainElements.ToList().ForEach(x => System.Diagnostics.Debug.WriteLine(x.Certificate.Subject)); System.Diagnostics.Debug.WriteLine("ChainElements Status"); eventArgs.Chain.ChainStatus.ToList().ForEach(x => System.Diagnostics.Debug.WriteLine($"{x.Status}: {x.StatusInformation}")); System.Diagnostics.Debug.WriteLine("SSL Policy Error"); System.Diagnostics.Debug.WriteLine(eventArgs.SslPolicyErrors);returntrue;});}).Build();// In MQTTv5 the response contains much more information.using(vartimeout=new CancellationTokenSource(5000)){await mqttClient.ConnectAsync(mqttClientOptions, timeout.Token);}}
Expected behavior
Because we have the same connect-code and the same broker we connecting to, there should not be a different behavior on iOS and Android. Android should behave like iOS.
Screenshots
No screenshots, because all code needed is given in "To reproduce" above,
Additional context / logging
Add any other context about the problem here.
Include debugging or logging information here:
CN=*.s2.eu.hivemq.cloud
02.03.2024 23:20:23
Online
Chain Certs
CN=*.s2.eu.hivemq.cloud
CN=R3, O=Let's Encrypt, C=US
CN=ISRG Root X1, O=Internet Security Research Group, C=US
ChainElements Status
RevocationStatusUnknown: Certificate does not specify OCSP responder
RevocationStatusUnknown: The certificate's revocation status could not be determined.
SSL Policy Error
RemoteCertificateChainErrors
The text was updated successfully, but these errors were encountered:
Describe the bug
We have a HiveMQ-Broker with TLS Encryption enabled. We were able to connect via iOS, but got an error on android, even though we do not use platform-specific code. To inspect the issue, we added a debug output to the CertificateValidationHandler, like described in the client sample 'Inspect_Certificate_Validation_Errors()'. There we can see the difference between iOS and Android.
For iOS we see, that there are no errors in validating the certificate chain.
For Android we see, that there are 'RemoteCertificateChainErrors', because the RevocationStatus is unknown.
The certificate chain presented by the HiveMQ Broker is valid, we already checked that and it is reproducable on different brokers not only HiveMQ.
Which component is your bug related to?
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Because we have the same connect-code and the same broker we connecting to, there should not be a different behavior on iOS and Android. Android should behave like iOS.
Screenshots
No screenshots, because all code needed is given in "To reproduce" above,
Additional context / logging
Add any other context about the problem here.
Include debugging or logging information here:
iOS debug log:
Android debug log:
The text was updated successfully, but these errors were encountered: