MQTTnet TLS 1.2 加密服务器答案

【问题标题】：MQTTnet TLS 1.2 Encrypted ServerMQTTnet TLS 1.2 加密服务器
【发布时间】：2022-08-23 00:47:32
【问题描述】：

我正在尝试使用 MQTTnet 创建 TLS 1.2 加密的代理和客户端（假设在端口 2000 上）。以下是我的尝试：

using MQTTnet;
using MQTTnet.Client;
using MQTTnet.Server;
using System.Security.Authentication;

MqttFactory factory = new MqttFactory();
MqttServerOptionsBuilder serverOptions = new MqttServerOptionsBuilder()
                        .WithEncryptedEndpoint()
                        .WithEncryptedEndpointPort(2000)
                        .WithEncryptionSslProtocol(SslProtocols.Tls12)
                        .WithoutDefaultEndpoint();
MqttServer mqttServer = factory.CreateMqttServer(serverOptions.Build());
mqttServer.StartAsync();

MqttClientOptionsBuilder clientOptions = new MqttClientOptionsBuilder()
                    .WithClientId(\"myClient\")
                    .WithTcpServer(\"localhost\", 2000)
                    .WithTls(new MqttClientOptionsBuilderTlsParameters()
                    {
                        UseTls = true,
                        SslProtocol = SslProtocols.Tls12,
                        CertificateValidationHandler = x => { return true; }
                    });
MQTTnet.Client.MqttClient mqttClient = factory.CreateMqttClient() as MQTTnet.Client.MqttClient;
while (!mqttClient.IsConnected)
{
    mqttClient.ConnectAsync(clientOptions.Build()).GetAwaiter();
    Thread.Sleep(1000);
}
Console.WriteLine(\"Connected\");
Console.ReadLine();

我创建的客户端没有连接到代理。我相信问题来自服务器端（如果不是两者），因为当我检查 netstat 时，端口 2000 上没有任何连接。

我错过了什么？

在尝试连接客户端之前，您无需等待服务器启动。尝试在mqttServer.StartAsync(); 之前添加await
试过了，它抛出一个异常并说“未设置 TLS 证书”。在使用有效的X509Certificate2 添加.WithEncryptionCertificate() 后工作。非常感谢！
请添加正确详细信息的答案。

标签： c# .net mqtt mqttnet

【解决方案1】：

这是对我有用的代码。基本上在等待服务器并添加 X509 证书之后，服务器现在允许具有相同证书的客户端进行连接。

using MQTTnet;
using MQTTnet.Client;
using MQTTnet.Server;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;

X509Store store = new X509Store(StoreLocation.CurrentUser);
X509Certificate2 certificate;
try
{
    store.Open(OpenFlags.ReadOnly);
    X509Certificate2Collection certCollection = store.Certificates;
    X509Certificate2Collection currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
    certificate = currentCerts[0];
}
finally
{
    store.Close();
}
MqttFactory factory = new MqttFactory();
MqttServerOptionsBuilder serverOptions = new MqttServerOptionsBuilder()
                        .WithEncryptedEndpoint()
                        .WithEncryptedEndpointPort(2000)
                        .WithEncryptionCertificate(certificate)
                        .WithRemoteCertificateValidationCallback( (obj, cert, chain, ssl) => { return true; } )
                        .WithEncryptionSslProtocol(SslProtocols.Tls12)
                        .WithoutDefaultEndpoint();
MqttServer mqttServer = factory.CreateMqttServer(serverOptions.Build());
await mqttServer.StartAsync();

MqttClientOptionsBuilder clientOptions = new MqttClientOptionsBuilder()
                    .WithClientId("myClient")
                    .WithTcpServer("localhost", 2000)
                    .WithTls(new MqttClientOptionsBuilderTlsParameters()
                    {
                        UseTls = true,
                        SslProtocol = SslProtocols.Tls12,
                        CertificateValidationHandler = x => { return true; }
                    });
MQTTnet.Client.MqttClient mqttClient = factory.CreateMqttClient() as MQTTnet.Client.MqttClient;
while (!mqttClient.IsConnected)
{
    mqttClient.ConnectAsync(clientOptions.Build()).GetAwaiter();
    Thread.Sleep(1000);
}
Console.WriteLine("Connected");
Console.ReadLine();

【讨论】：