Rejig OCSP code.
This commit is contained in:
parent
ea046c2405
commit
1220ba4bfe
@ -19,6 +19,7 @@ Broker features:
|
||||
- Add support for Automotive DLT logging.
|
||||
- Disallow writing to $ topics where appropriate.
|
||||
- Fix mosquitto_passwd crashing on corrupt password file. Closes #1207.
|
||||
- Add support for OCSP stapling.
|
||||
|
||||
Client library features:
|
||||
- Add mosquitto_subscribe_multiple() for sending subscriptions to multiple
|
||||
@ -26,6 +27,7 @@ Client library features:
|
||||
- Add TLS Engine support.
|
||||
- Add explicit support for TLS v1.3.
|
||||
- Drop support for TLS v1.0.
|
||||
- Add support for OCSP stapling to bridges.
|
||||
|
||||
Client features:
|
||||
- Add -E to mosquitto_sub, which causes it to exit immediately after having
|
||||
|
@ -378,8 +378,4 @@ int mosquittopp::tls_psk_set(const char *psk, const char *identity, const char *
|
||||
return mosquitto_tls_psk_set(m_mosq, psk, identity, ciphers);
|
||||
}
|
||||
|
||||
int mosquittopp::tls_ocsp_set(int ocsp_reqs)
|
||||
{
|
||||
return mosquitto_tls_ocsp_set(m_mosq, ocsp_reqs);
|
||||
}
|
||||
}
|
||||
|
@ -110,7 +110,6 @@ class mosqpp_EXPORT mosquittopp {
|
||||
int tls_opts_set(int cert_reqs, const char *tls_version=NULL, const char *ciphers=NULL);
|
||||
int tls_insecure_set(bool value);
|
||||
int tls_psk_set(const char *psk, const char *identity, const char *ciphers=NULL);
|
||||
int tls_ocsp_set(int ocsp_reqs);
|
||||
int opts_set(enum mosq_opt_t option, void *value);
|
||||
|
||||
int loop(int timeout=-1, int max_packets=1);
|
||||
|
@ -126,7 +126,6 @@ MOSQ_1.6 {
|
||||
mosquitto_subscribe_multiple;
|
||||
mosquitto_subscribe_v5;
|
||||
mosquitto_subscribe_v5_callback_set;
|
||||
mosquitto_tls_ocsp_set;
|
||||
mosquitto_unsubscribe_multiple;
|
||||
mosquitto_unsubscribe_v5;
|
||||
mosquitto_unsubscribe_v5_callback_set;
|
||||
|
@ -109,6 +109,7 @@ enum mosq_opt_t {
|
||||
MOSQ_OPT_TLS_KEYFORM = 6,
|
||||
MOSQ_OPT_TLS_ENGINE = 7,
|
||||
MOSQ_OPT_TLS_ENGINE_KPASS_SHA1 = 8,
|
||||
MOSQ_OPT_TLS_OCSP_REQUIRED = 9,
|
||||
};
|
||||
|
||||
|
||||
@ -1452,9 +1453,13 @@ libmosq_EXPORT int mosquitto_opts_set(struct mosquitto *mosq, enum mosq_opt_t op
|
||||
* use <mosquitto_tls_set> to configure the cafile/capath as a
|
||||
* minimum.
|
||||
* This option is only available for openssl 1.1.0 and higher.
|
||||
* MOSQ_OPT_TLS_OCSP_REQUIRED
|
||||
* Set whether OCSP checking on TLS connections is required. Set to
|
||||
* 1 to enable checking, or 0 (the default) for no checking.
|
||||
*/
|
||||
libmosq_EXPORT int mosquitto_int_option(struct mosquitto *mosq, enum mosq_opt_t option, int value);
|
||||
|
||||
|
||||
/*
|
||||
* Function: mosquitto_void_option
|
||||
*
|
||||
@ -1725,26 +1730,6 @@ libmosq_EXPORT int mosquitto_tls_opts_set(struct mosquitto *mosq, int cert_reqs,
|
||||
*/
|
||||
libmosq_EXPORT int mosquitto_tls_psk_set(struct mosquitto *mosq, const char *psk, const char *identity, const char *ciphers);
|
||||
|
||||
/*
|
||||
* Function: mosquitto_tls_ocsp_set
|
||||
*
|
||||
* Set advanced SSL/TLS options. Must be called before <mosquitto_connect>.
|
||||
*
|
||||
* Parameters:
|
||||
* mosq - a valid mosquitto instance.
|
||||
* ocsp_reqs - whether OCSP checking is required:
|
||||
* 0 - no checking required
|
||||
* 1 - checking required
|
||||
*
|
||||
* Returns:
|
||||
* MOSQ_ERR_SUCCESS - on success.
|
||||
* MOSQ_ERR_INVAL - if the input parameters were invalid.
|
||||
*
|
||||
* See Also:
|
||||
* <mosquitto_tls_set>
|
||||
*/
|
||||
libmosq_EXPORT int mosquitto_tls_ocsp_set(struct mosquitto *mosq, int ocsp_reqs);
|
||||
|
||||
|
||||
/* ======================================================================
|
||||
*
|
||||
|
@ -195,24 +195,6 @@ int mosquitto_tls_set(struct mosquitto *mosq, const char *cafile, const char *ca
|
||||
}
|
||||
|
||||
|
||||
int mosquitto_tls_ocsp_set(struct mosquitto *mosq, int ocsp_reqs)
|
||||
{
|
||||
#ifdef WITH_TLS
|
||||
if (ocsp_reqs==0) {
|
||||
mosq->tls_ocsp_required = false;
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (ocsp_reqs==1) {
|
||||
mosq->tls_ocsp_required = true;
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
#endif
|
||||
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
|
||||
|
||||
int mosquitto_tls_opts_set(struct mosquitto *mosq, int cert_reqs, const char *tls_version, const char *ciphers)
|
||||
{
|
||||
#ifdef WITH_TLS
|
||||
@ -429,6 +411,14 @@ int mosquitto_int_option(struct mosquitto *mosq, enum mosq_opt_t option, int val
|
||||
return MOSQ_ERR_NOT_SUPPORTED;
|
||||
#endif
|
||||
|
||||
case MOSQ_OPT_TLS_OCSP_REQUIRED:
|
||||
#ifdef WITH_TLS
|
||||
mosq->tls_ocsp_required = (bool)value;
|
||||
#else
|
||||
return MOSQ_ERR_NOT_SUPPORTED;
|
||||
#endif
|
||||
break;
|
||||
|
||||
default:
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
|
@ -1779,6 +1779,13 @@ topic clients/total in 0 test/mosquitto/org $SYS/broker/
|
||||
can be used on one bridge at once.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>bridge_require_ocsp</option> [ true | false ]</term>
|
||||
<listitem>
|
||||
<para>When set to true, the bridge requires OCSP on the TLS
|
||||
connection it opens as client.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>bridge_tls_version</option> <replaceable>version</replaceable></term>
|
||||
<listitem>
|
||||
@ -1792,13 +1799,6 @@ topic clients/total in 0 test/mosquitto/org $SYS/broker/
|
||||
connection to succeed.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>bridge_require_ocsp</option> [ true | false ]</term>
|
||||
<listitem>
|
||||
<para>When set to true, the bridge requires OCSP on the TLS
|
||||
connection it opens as client.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
Loading…
Reference in New Issue
Block a user