如何使用QtMqtt和SSL执行安全的MQTT?
我正在尝试使用一个简单的QtMQtt示例项目。但我想执行一个安全的MQTT。我该怎么处理这个?
我读过这个博客(https://www.qt.io/blog/2017/08/14/introducing-qtmqtt-protocol)。但这对我没有多大帮助。
我必须使用QsslSocket的connectToHostEncrypted()还是应该使用QTMQTT客户端的connectToHostEncrypted()
如果我使用QTMQTT客户端的connectToHostEncrypted()。它只允许我设置sslpeername。它不允许我设置证书或私钥。
或者如果我使用QSSLSOCKECT的connectToHostEncrypted()。如何通知我的MQTT客户端已经建立了连接。我现在应该可以发布和订阅
现在我正在做这样的事情:
connect(this->(QSslSockets's Object),SIGNAL(encrypted),this, SLOT(foo()))
void foo()
{
QTMQTTClient's object->connectToHostEncrypted("Hostname")
}这不允许我发布或订阅。如果有人能给我指明正确的方向。一些文档或例子对我有很大的帮助
回答 2
Stack Overflow用户
发布于 2019-09-07 06:04:15
如果您的Qt支持SSL,QMqttClient将用作QSslSocket的传输设备,以验证它是否支持SSL -- QSslSocket::supportsSsl()函数必须返回true。如果它不支持它,那么您必须按照指南:启用和禁用SSL支持来启用它。
考虑到上面的操作有效,那么您可以全局设置证书,以便所有QSslSocket默认使用它:
QSslCertificate cert = QSslCertificate(...);
QSslSocket::addDefaultCaCertificate(cert);
QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();例如,使用http://test.mosquitto.org/
#include <QtMqtt>
const QByteArray pem = R"(-----BEGIN CERTIFICATE-----
MIIC8DCCAlmgAwIBAgIJAOD63PlXjJi8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
VQQGEwJHQjEXMBUGA1UECAwOVW5pdGVkIEtpbmdkb20xDjAMBgNVBAcMBURlcmJ5
MRIwEAYDVQQKDAlNb3NxdWl0dG8xCzAJBgNVBAsMAkNBMRYwFAYDVQQDDA1tb3Nx
dWl0dG8ub3JnMR8wHQYJKoZIhvcNAQkBFhByb2dlckBhdGNob28ub3JnMB4XDTEy
MDYyOTIyMTE1OVoXDTIyMDYyNzIyMTE1OVowgZAxCzAJBgNVBAYTAkdCMRcwFQYD
VQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwGA1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1v
c3F1aXR0bzELMAkGA1UECwwCQ0ExFjAUBgNVBAMMDW1vc3F1aXR0by5vcmcxHzAd
BgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hvby5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMYkLmX7SqOT/jJCZoQ1NWdCrr/pq47m3xxyXcI+FLEmwbE3R9vM
rE6sRbP2S89pfrCt7iuITXPKycpUcIU0mtcT1OqxGBV2lb6RaOT2gC5pxyGaFJ+h
A+GIbdYKO3JprPxSBoRponZJvDGEZuM3N7p3S/lRoi7G5wG5mvUmaE5RAgMBAAGj
UDBOMB0GA1UdDgQWBBTad2QneVztIPQzRRGj6ZHKqJTv5jAfBgNVHSMEGDAWgBTa
d2QneVztIPQzRRGj6ZHKqJTv5jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAAqw1rK4NlRUCUBLhEFUQasjP7xfFqlVbE2cRy0Rs4o3KS0JwzQVBwG85xge
REyPOFdGdhBY2P1FNRy0MDr6xr+D2ZOwxs63dG1nnAnWZg7qwoLgpZ4fESPD3PkA
1ZgKJc2zbSQ9fCPxt2W3mdVav66c6fsb7els2W2Iz7gERJSX
-----END CERTIFICATE-----
)";
int main(int argc, char *argv[]) {
QCoreApplication a(argc, argv);
const QString hostname{"test.mosquitto.org"};
const quint16 port = 8883;
const QMqttTopicName topic{"qtmqtt/ssl_test"};
const QMqttTopicFilter filter{"qtmqtt/#"};
QSslCertificate cert = QSslCertificate(pem, QSsl::Pem);
QSslSocket::addDefaultCaCertificate(cert);
QMqttClient client;
client.setHostname(hostname);
client.setPort(port);
QObject::connect(&client, &QMqttClient::stateChanged, [](QMqttClient::ClientState state){
if(state == QMqttClient::Disconnected)
qDebug() << " State: Disconnected";
else if(state == QMqttClient::Connecting)
qDebug() << " State: Connecting";
else if(state == QMqttClient::Connected)
qDebug() << " State: Connected";
});
QObject::connect(&client, &QMqttClient::errorChanged, [](QMqttClient::ClientError error){
qDebug() << error;
});
QObject::connect(&client, &QMqttClient::messageReceived, [](const QByteArray &message, const QMqttTopicName &topic){
qDebug() << " Received Topic:" << topic.name() << " Message: " << message;
});
QTimer timer;
QObject::connect(&timer, &QTimer::timeout, [&client, &topic](){
if(client.publish(topic, QDateTime::currentDateTime().toString().toUtf8()) == -1)
qDebug() << "Error: Could not publish message";
});
QObject::connect(&client, &QMqttClient::connected, [&client, &timer, &filter](){
QMqttSubscription *subscription = client.subscribe(filter);
if(!subscription)
qDebug() << "Could not subscribe";
timer.start(1000);
});
client.connectToHostEncrypted();
return a.exec();
}输出:
State: Connecting
State: Connected
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:08 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:09 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:10 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:11 2019"
Received Topic: "qtmqtt/ssl_test" Message: "Sat Sep 7 00:58:12 2019"
...还可以使用QSslConfiguration设置证书和/或私钥:
QSslCertificate cert = QSslCertificate(...);
QSslConfiguration conf;
conf.setCaCertificates({cert});
// conf.setPrivateKey();
QSslConfiguration::setDefaultConfiguration(conf);
QMqttClient client;
client.setHostname(...);
client.setPort(...);
// ...
client.connectToHostEncrypted();还可以通过将QSslSocket设置为传输设备直接传递它:
QSslCertificate cert = QSslCertificate(...);
QSslSocket socket;
socket.addCaCertificate(cert);
// conf.setPrivateKey();
QMqttClient client;
client.setHostname(...);
client.setPort(...);
client.setTransport(&socket, QMqttClient::SecureSocket);
// ...
client.connectToHostEncrypted();Stack Overflow用户
发布于 2019-09-23 13:05:44
如果使用的是setTransport(),则必须确保传递的套接字也已加密和连接。或者,正如https://bugreports.qt.io/browse/QTBUG-68031中提到的,让传输处于有效和可用的状态是用户的责任。
但是,如果您使用的是QT5.14,则可以简单地使用带有QSslConfiguration参数的QMqttClient::connectToHostEncrypted()。见此处:https://code.qt.io/cgit/qt/qtmqtt.git/tree/src/mqtt/qmqttclient.h?h=5.14#n137
https://stackoverflow.com/questions/57829480
复制相似问题
腾讯云开发者
