I have below working for asynchronous connect ...

session = [[MQTTSession alloc] init];
NSString*  ca1 = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@“xxxxxx” ofType:@"der"];
NSString*  ca2 = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@“yyyyyy” ofType:@"der"];
MQTTSSLSecurityPolicy *securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];
securityPolicy.pinnedCertificates = @[[NSData dataWithContentsOfFile:ca1],[NSData dataWithContentsOfFile:ca2]];
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.validatesDomainName = YES;
securityPolicy.validatesCertificateChain = NO;
//
MQTTSSLSecurityPolicyTransport *secureTransport = [[MQTTSSLSecurityPolicyTransport alloc] init];
secureTransport.port = (uint32_t) c.port;
secureTransport.host = c.broker;
secureTransport.tls = (c.ssl) ? true : false;
secureTransport.securityPolicy = securityPolicy;
session.transport = secureTransport;
//
session.userName = c.username;
session.password = c.password;
session.delegate = self;

[session connect];

MQTTSSLSecurityPolicyTransport *transport = [[MQTTSSLSecurityPolicyTransport alloc]init];
transport.host = d[@"host"];
transport.port = [d[@"port"] intValue];
transport.tls = YES;

NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"ca" ofType:@"der"];
NSString *clientcerPath = [[NSBundle mainBundle] pathForResource:@"client" ofType:@"der"];
        
MQTTSSLSecurityPolicy *securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];
securityPolicy.pinnedCertificates = @[[NSData dataWithContentsOfFile:cerPath],[NSData dataWithContentsOfFile:clientcerPath]];
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.validatesDomainName = YES;
securityPolicy.validatesCertificateChain = NO;
transport.securityPolicy = securityPolicy;
        
_session = [[MQTTSession alloc] init];
_session.transport = transport;
_session.delegate = self;
_session.userName = @"username";
 _session.password = @"password";
        
[_session connect];

I converted the format of the certificate,and MQTT still can't connect,Are you using 'Two-way certification'? Do not need a client key(client.key)?

NSString* ca1 = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@“xxxxxx” ofType:@"der"];
NSString* ca2 = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@“yyyyyy” ofType:@"der"];

ca1 and ca2 conversion before what format? p12?

Can you just please use code formatting, it makes it a lot easier to read comments.

No I do not use a client key, the format of the certificates is openssl der format. Have you checked a valid path is returned. You can also try "securityPolicy.validatesDomainName = NO;" Additionally you check the MQTT side of things by using openssl to connect to the MQTT broker

Ok to use a client certificate you need to do few more things

 NSString*  client = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@"client" ofType:@"p12"];

attach the client certificate (P12) to the security policy

MQTTSSLSecurityPolicyTransport *secureTransport = [[MQTTSSLSecurityPolicyTransport alloc] init];
secureTransport.port = (uint32_t) c.port;
secureTransport.host = c.broker;
secureTransport.tls = true;
secureTransport.securityPolicy = securityPolicy;
secureTransport.certificates = [MQTTSSLSecurityPolicyTransport clientCertsFromP12:client passphrase:@"password"];
session.transport = secureTransport;

Do not forget to add the certificates to your bundle .....

You really helped me a great favor!This method is useful!Thanks!

NSString* ca = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@"ca" ofType:@"der"];
NSString* client = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@"certificate" ofType:@"p12"];

MQTTSSLSecurityPolicyTransport *transport = [[MQTTSSLSecurityPolicyTransport alloc]init];
transport.certificates = [MQTTSSLSecurityPolicyTransport clientCertsFromP12:client passphrase:@"password"];

MQTTSSLSecurityPolicy *securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];
securityPolicy.pinnedCertificates = @[[NSData dataWithContentsOfFile:ca]];

你好，请教下：
1.你使用的证书是自签证书还是从信任的证书机构购买的证书？
2.证书只能用信任机构颁发的证书吗？

你好，请教下：
1.你使用的证书是自签证书还是从信任的证书机构购买的证书？
2.证书只能用信任机构颁发的证书吗？

Hello, ask:

1. Are you using a self-signed certificate or a certificate purchased from a trusted certificate authority?
2. Certificates can only be issued by a certificate of trust?

I'm using self signed certificates ...

我也是使用的是自签证书 后台搞定的

It seems like issue here is resolved but feel free to reopen if not.

Excuse me, what's going on? Error Domain=NSOSStatusErrorDomain Code=-9807 "(null)" UserInfo={_kCFStreamErrorCodeKey=-9807, _kCFStreamErrorDomainKey=3}

Ok to use a client certificate you need to do few more things

 NSString*  client = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@"client" ofType:@"p12"];

attach the client certificate (P12) to the security policy

MQTTSSLSecurityPolicyTransport *secureTransport = [[MQTTSSLSecurityPolicyTransport alloc] init];
secureTransport.port = (uint32_t) c.port;
secureTransport.host = c.broker;
secureTransport.tls = true;
secureTransport.securityPolicy = securityPolicy;
secureTransport.certificates = [MQTTSSLSecurityPolicyTransport clientCertsFromP12:client passphrase:@"password"];
session.transport = secureTransport;

Do not forget to add the certificates to your bundle .....

The framework crashed when connecting to broker with client certificate. My code is

    NSString *sHost = @"mqtt.myserver.com";
    UInt32 port = 1883;

    NSString *sClientP12Path = [[NSBundle bundleForClass:[self class]] pathForResource:@"client" ofType:@"p12"];
    NSData *clientP12Data = [NSData dataWithContentsOfFile:sClientP12Path];

    MQTTSSLSecurityPolicy *securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];    securityPolicy.pinnedCertificates = @[clientP12Data];
    securityPolicy.allowInvalidCertificates = YES;

    MQTTSSLSecurityPolicyTransport *secureTransport = [[MQTTSSLSecurityPolicyTransport alloc] init];
    secureTransport.port = port;
    secureTransport.host = sHost;
    secureTransport.tls = YES;
    secureTransport.securityPolicy = securityPolicy;
    secureTransport.certificates = [MQTTSSLSecurityPolicyTransport clientCertsFromP12:sClientP12 passphrase:@"password"];
    
    MQTTSession *session = [[MQTTSession alloc] initWithClientId:@"MQTTOverTLS" userName:nil password:nil keepAlive:60 cleanSession:YES will:YES willTopic:@"BYE" willMsg:[@"Client off-line" dataUsingEncoding:NSUTF8StringEncoding] willQoS:2 willRetainFlag:YES protocolLevel:4 runLoop:[NSRunLoop currentRunLoop] forMode:NSRunLoopCommonModes securityPolicy:securityPolicy certificates:@[clientP12Data]];
    session.transport = secureTransport;
    [session connectWithConnectHandler:^(NSError *error) {
        if (error) {
            NSLog(@"error: %@", error.description);
        }
    }];

It crashed here in the framework

Some debug information around the crash breakpoint

The version of framework (from Podfile.lock)

  - MQTTClient (0.9.9):
    - MQTTClient/Core (= 0.9.9)
  - MQTTClient/Core (0.9.9):
    - MQTTClient/Manager
    - MQTTClient/Min
  - MQTTClient/Manager (0.9.9):
    - MQTTClient/Min
  - MQTTClient/Min (0.9.9)

Did I miss something or do something wrong? Asking for help. Any advice would be highly appreciated.

Did I miss something or do something wrong? Asking for help. Any advice would be highly appreciated.

Same thing for me. Did you manage to fix it? @kuangzq

我也是使用的是自签证书 后台搞定的
您好,请问为什么您最后用的[NSBundle bundleForClass:[MQTTSession class]] 方法,而不是[NSBundle mainBundle] pathForResource: 方法呢? 您是改了证书的名字嘛?您用的两个证书对应的是ca.crt,client.cer,client.key中的哪两个呢?

It has been quite a long time and couldn’t remember the details. But I think I must have tried pathForResource first, and found it didn’t work, then I tried something else.
On Thu, Feb 27, 2020 at 03:46 Damo @.***> wrote: 我也是使用的是自签证书 后台搞定的 您好,请问为什么您最后用的[NSBundle bundleForClass:[MQTTSession class]] 方法,而不是[NSBundle mainBundle] pathForResource: 方法呢? 您是改了证书的名字嘛?您用的两个证书对应的是ca.crt,client.cer,client.key中的哪两个呢? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#396?email_source=notifications&email_token=ADSBFQSUBSFRWRCB4FVBBJLRE6DZBA5CNFSM4EDZ7QAKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENDVS2I#issuecomment-591878505>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADSBFQWT7POTU5RNP56IXVDRE6DZBANCNFSM4EDZ7QAA .
-- Zhengqian (John) Kuang
Where is your certificate? Is it mainBundle or somewhere else?

[MQTTCFSocketTransport] Error while importing pkcs12 为什么会报错啊 ？ 我使用的方式有问题吗 ？
NSString *ca = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@"cacert" ofType:@"der"];
NSString *client = [[NSBundle bundleForClass:[MQTTSession class]] pathForResource:@"client" ofType:@"p12"];
MQTTSSLSecurityPolicyTransport *transport = [[MQTTSSLSecurityPolicyTransport alloc]init];
transport.host = host;
transport.port = port;
transport.tls = YES;
MQTTSSLSecurityPolicy *securityPolicy = [MQTTSSLSecurityPolicy policyWithPinningMode:MQTTSSLPinningModeCertificate];
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.validatesDomainName = NO;
securityPolicy.validatesCertificateChain = NO;
securityPolicy.pinnedCertificates = @[[NSData dataWithContentsOfFile:ca]];
transport.securityPolicy = securityPolicy;
[self.sessionManager connectTo:host
port:port
tls:YES
keepalive:60
clean:NO
auth:YES
user:[CYUserInfo shareUserInfo].uid
pass:[CYUserInfo shareUserInfo].access_token
will:YES
willTopic:@""
willMsg:nil
willQos:0
willRetainFlag:NO
withClientId:clientId
securityPolicy:securityPolicy
certificates:[MQTTSSLSecurityPolicyTransport clientCertsFromP12:client passphrase:@"password"]];