to your account
self.logger.info("Setting TLS INSECURE")
self.client.tls_insecure_set(True)
self.client.connect(self.address, port=self.port, keepalive=self.keepAlive)
self.client.loop_start()
except socket.error as serr:
self.client.loop_stop()
self.logAndRaiseException(ConnectionException("<yadda yadda yadda> - %s" % (str(serr))))
INFO Setting TLS INSECURE
CRITICAL <yadda yadda yadda> - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
Trying to get this working in a development environment where we know the certificates aren't going to match up and understand the risk associated with disabling verify (e.g. in requests library we are setting verify=False). Yet can't seem to get the mqtt library to do similar as get the above socket error on connect, is there some other setting I need to also use?
Have tried with both paho-mqtt 1.1 and 1.2, hitting the same issue (on python 2.7.13).
your code snippet is incomplete, it does not show the tls_set() option that is the important part in your problem. I assume that you use something like tls_set(ca_certs="/etc/ssl/certs/ca-certificate").
The error is that the certificate could not be validated using the given CA on tls_set(). This verification occur because you called tls_set() with cert_reqs=ssl.CERT_REQUIRED (or keeps the default value for it).
tls_set_insecure(True) will only disable the verification that the hostname of the connection (self.address) match the certificate CN.
To fix your issue, you have 2 possibilities:
either you can provide the CA (or the self-signed certificate) to the client, and use it in tls_set(ca_certs).
or you can disable all certificate checks with cert_reqs=ssl.CERT_NONE in tls_set()
