Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to use with SSL/TLS + certificate authority file? #7

Open
JulianKingman opened this issue Aug 1, 2017 · 10 comments
Open

How to use with SSL/TLS + certificate authority file? #7

JulianKingman opened this issue Aug 1, 2017 · 10 comments

Comments

@JulianKingman
Copy link

I searched around the googles for a while, but wasn't able to come up with anything. How does one use this client with SSL and a certificate authority file? The MQTT.js library has a way to handle it, and the original paho suggests that it's something handled by the browser (eclipse-paho#97), but as we don't have a browser in the RN version, what needs to happen for it to work? We should be able to test it on wss://test.mosquitto.org:1883/
@robhogan
Copy link
Owner

robhogan commented Aug 1, 2017
edited
Loading

The "browser" in this case is really just React Native's underlying WebSocket implementation, so you might ask "How do I use a custom CA / certificate pinning with React Native websockets?".

The short answer is there's no out-of-the-box way to do it. The long answer:

React Native uses okhttp under the hood on Android (see here), and CFStream on iOS (here). Googling around, it'd be possible if developing natively to supply custom CAs to either of those, but when using RN it looks like there's no API to do so.

I haven't looked exhaustively and I might be wrong, but I think this would need a PR to react native to achieve cleanly - or you can provide your own native implementation of WebSocket and have this library use your implementation instead, by passing your own WebSocket constructor as a Client constructor parameter named webSocket like the tests do.

On iOS it looks like it shouldn't be too much work, since RCTSRWebSocket.m already supports the option RCTSR_SSLPinnedCertificates. You'd just need to modify/override RCTWebSocketModule.m to allow pinned certificates to be passed as a connection parameter.

On Android, you'd need to provide a way here to build the OkHttpClient with certificatePinner.

I might have a closer look at this later since it's an interesting problem, but I can't guarantee anything. Hope the info helps.

@JulianKingman
Copy link
Author

Wow, thanks for the detailed response :)
I follow about half of what you're saying, I'll be coming back to this for my project in about a month, I'll see where things stand then. Thanks for looking into it!

@robhogan
Copy link
Owner

robhogan commented Aug 2, 2017

Some groundwork here facebook/react-native#15334 - just making room in the API to start with. Will see how it goes.

@carljoachim
Copy link

Any chance to pick up this thread again? 😇

@insytes
Copy link

insytes commented Dec 10, 2018

Slightly off topic but what about passing rejectUnauthorized to the WebSocket Client?

I can see the idea was there perhaps to implement an SSL abstraction, perhaps we could allow other connect options to be passed to ClientImplementation's connect?
https://github.com/rh389/react-native-paho-mqtt/blob/master/src/Client.js#L40

@pedry98
Copy link

pedry98 commented May 27, 2020

Any updates on this topic? I'm using paho client on react-native and it connects fine to the server, but once I add SSL/TLS configuration to the server, I need to pass either a cert.pem or key.pem for the server to do the handshake with the app. I tried couple of solutions on the web but for now the server response is: "TLS server: In state certify received CLIENT ALERT: Fatal - Certificate Unknown\n ". Thanks in advance.

@KrifaYounes
Copy link

Any updates on this topic? I'm using paho client on react-native and it connects fine to the server, but once I add SSL/TLS configuration to the server, I need to pass either a cert.pem or key.pem for the server to do the handshake with the app. I tried couple of solutions on the web but for now the server response is: "TLS server: In state certify received CLIENT ALERT: Fatal - Certificate Unknown\n ". Thanks in advance.

Have you find a response ?

@pedry98
Copy link

pedry98 commented Jun 29, 2020

@KrifaYounes I could not implement this in React Native. I switched to Xamarin Forms and I was able to connect to my server using TLS 1.2 and certificates.

@FrozenPyrozen
Copy link

You can try my fork, it worked on Android/IOS with tls certificates Try to use that fork of React native MQTT https://github.com/FrozenPyrozen/rn-native-mqtt it worked with TLS connection on Android and IOS

@bearkillerPT
Copy link

You can try my fork, it worked on Android/IOS with tls certificates Try to use that fork of React native MQTT https://github.com/FrozenPyrozen/rn-native-mqtt it worked with TLS connection on Android and IOS

I'm trying to change react-native-paho-mqtt for your fork. I'm using gradle 8.4 and I can't seem to get build.gradle to work... I've tried updating it to comply with the new gradle versions but I no dice.
I'm using Expo SDK 48 (used expo prebuild and am building a dev client with the native code) and RN .71.14.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@carljoachim @JulianKingman @insytes @robhogan @KrifaYounes @FrozenPyrozen @pedry98 @bearkillerPT