Comments (10)
@seguidor777 updated docker image here:
#176
for the enoent
, please make sure the files are mounted to docker and use abs path for the options (--certfile
etc.).
from emqtt-bench.
Hi @seguidor777
We discussed it before, the conclusion is: bench is a load generator, adding more load (cert validation) to the load-generator doesn’t really benefit anyone.
from emqtt-bench.
I see, the issue is that currently I'm trying to load test my mqtt broker using self-signed certificates, but that means that I'd need to skip the peer verification or to use a trusted CA instead.
Thanks for the clarification, I think we can close this issue
from emqtt-bench.
You can still configure key and cert for the client to send to the broker. The broker will validate its cert against its own trusted ca bundle.
cacertfile for the client is only to validate server’s cert.
I.e. self-signed or not makes no difference in this regard.
from emqtt-bench.
cacertfile for the client is only to validate server’s cert.
Yeah I agree on that, but in my case I have a self-signed cert and the emqx server is running with the verify_peer setting enabled. I think that I have two options if I want to continue using the self-signed cert:
- Change the emqx ssl setting to verify_none
- Pass the cacert to emqtt-bench in order to do the x509 path validation
from emqtt-bench.
cacertfile for the client is only to validate server’s cert.
Yeah I agree on that, but in my case I have a self-signed cert and the emqx server is running with the verify_peer setting enabled. I think that I have two options if I want to continue using the self-signed cert:
- Change the emqx ssl setting to verify_none
- Pass the cacert to emqtt-bench in order to do the x509 path validation
Sorry for the late reply, my inbox exploded.
For emqx to verify client certificates, you only need to supply client side (emqtt_bench) certfile
option, but no need for a cacertfile
in certfile
, put client certificate at the top of the file, and follwed by the immediate issuer certificate, then the issuer’s issuer certificate, and so on, all the way to the root ca certificate (root is actually optional)
from emqtt-bench.
Hi @zmstone.
No worries, thanks for getting back.
I've tested passing the client certificate with the issuer after, but the mqtt client is still asking for cacertsfile/cacert, how can I workaround this?
$docker run -it emqtt_bench conn -c 1 -i 10 -h 192.168.1.68 -p 8883 --ssl --certfile cert-chain.crt --keyfile client.key
Start with 8 workers, addrs pool size: 1 and req interval: 80 ms
=WARNING REPORT==== 31-May-2022::22:43:53.043774 ===
Description: "Authenticity is not established by certificate path validation"
Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing"
client(1): connect error - {options,
{keyfile,
"client.key",
{error,enoent}}}
client(1): EXIT for {shutdown,
{options,
{keyfile,
"client.key",
{error,enoent}}}}
1s connect_fail total=1 rate=1.00/sec
from emqtt-bench.
enoent
indicates the file doesn’t exist.
The warning is a bug from Erlang/OTP. Which version do you use?
from emqtt-bench.
I'm using docker image version 0.4.4-33-g09752e5, not sure which Erlang version it's using
from emqtt-bench.
Rookie mistake, thanks @zmstone
from emqtt-bench.
Related Issues (20)
- 最新源码编译最低要求23.2
- error:~/emqtt-bench$ make /home/deploy/emqtt-bench/scripts/ensure-rebar3.sh 3.19.0-emqx-1 /home/deploy/emqtt-bench/rebar3 compile /usr/bin/env: ‘escript’: No such file or directory Makefile:12: recipe for target 'compile' failed make: *** [compile] Error 127 HOT 23
- exception exit: econnrefused HOT 1
- Problem with ./emqtt_bench conn HOT 2
- Sometimes the `-c` is not work HOT 2
- Getting connect error - eaddrnotavail HOT 1
- window 上应该如何运行此工具 HOT 1
- 0.4.12 and 0.4.13 no bin and escript directories.
- Instead of username+password, how to use clientId+password with emqtt-bench?
- bench script start error HOT 1
- IPv6 support HOT 2
- docker build error HOT 1
- print receive message when run benchmark
- How to define payload content?
- Parameter setting of ca certificate is not supported HOT 1
- Mismatched payload makes emqttbench crash HOT 2
- 980 connection limit HOT 2
- add the option of Reconnect in readme
- client(43769): connect error - {tcp_closed,#Port<0.99717>} client(43769): EXIT for {shutdown,tcp_closed}
- emqtt-bench压测时如何打印客户端的报文信息
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emqtt-bench.