parent
9097577b49
commit
a00dd29af8
@ -28,6 +28,9 @@ Client:
|
|||||||
- Always print leading zeros in mosquitto_sub when output format is hex.
|
- Always print leading zeros in mosquitto_sub when output format is hex.
|
||||||
Closes #1066.
|
Closes #1066.
|
||||||
|
|
||||||
|
Build:
|
||||||
|
- Fix building where TLS-PSK is not available. Closes #68.
|
||||||
|
|
||||||
|
|
||||||
1.5.4 - 20181108
|
1.5.4 - 20181108
|
||||||
================
|
================
|
||||||
|
@ -151,7 +151,7 @@ void client_config_cleanup(struct mosq_config *cfg)
|
|||||||
free(cfg->keyfile);
|
free(cfg->keyfile);
|
||||||
free(cfg->ciphers);
|
free(cfg->ciphers);
|
||||||
free(cfg->tls_version);
|
free(cfg->tls_version);
|
||||||
# ifdef WITH_TLS_PSK
|
# ifdef FINAL_WITH_TLS_PSK
|
||||||
free(cfg->psk);
|
free(cfg->psk);
|
||||||
free(cfg->psk_identity);
|
free(cfg->psk_identity);
|
||||||
# endif
|
# endif
|
||||||
@ -309,7 +309,7 @@ int client_config_load(struct mosq_config *cfg, int pub_or_sub, int argc, char *
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if((cfg->cafile || cfg->capath) && cfg->psk){
|
if((cfg->cafile || cfg->capath) && cfg->psk){
|
||||||
if(!cfg->quiet) fprintf(stderr, "Error: Only one of --psk or --cafile/--capath may be used at once.\n");
|
if(!cfg->quiet) fprintf(stderr, "Error: Only one of --psk or --cafile/--capath may be used at once.\n");
|
||||||
return 1;
|
return 1;
|
||||||
@ -673,7 +673,7 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c
|
|||||||
i++;
|
i++;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
}else if(!strcmp(argv[i], "--psk")){
|
}else if(!strcmp(argv[i], "--psk")){
|
||||||
if(i==argc-1){
|
if(i==argc-1){
|
||||||
fprintf(stderr, "Error: --psk argument given but no key specified.\n\n");
|
fprintf(stderr, "Error: --psk argument given but no key specified.\n\n");
|
||||||
@ -912,7 +912,7 @@ int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
|
|||||||
mosquitto_lib_cleanup();
|
mosquitto_lib_cleanup();
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
# ifdef WITH_TLS_PSK
|
# ifdef FINAL_WITH_TLS_PSK
|
||||||
if(cfg->psk && mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){
|
if(cfg->psk && mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){
|
||||||
if(!cfg->quiet) fprintf(stderr, "Error: Problem setting TLS-PSK options.\n");
|
if(!cfg->quiet) fprintf(stderr, "Error: Problem setting TLS-PSK options.\n");
|
||||||
mosquitto_lib_cleanup();
|
mosquitto_lib_cleanup();
|
||||||
@ -985,7 +985,7 @@ int client_connect(struct mosquitto *mosq, struct mosq_config *cfg)
|
|||||||
if(cfg->port < 0){
|
if(cfg->port < 0){
|
||||||
#ifdef WITH_TLS
|
#ifdef WITH_TLS
|
||||||
if(cfg->cafile || cfg->capath
|
if(cfg->cafile || cfg->capath
|
||||||
# ifdef WITH_TLS_PSK
|
# ifdef FINAL_WITH_TLS_PSK
|
||||||
|| cfg->psk
|
|| cfg->psk
|
||||||
# endif
|
# endif
|
||||||
){
|
){
|
||||||
|
@ -66,7 +66,7 @@ struct mosq_config {
|
|||||||
char *ciphers;
|
char *ciphers;
|
||||||
bool insecure;
|
bool insecure;
|
||||||
char *tls_version;
|
char *tls_version;
|
||||||
# ifdef WITH_TLS_PSK
|
# ifdef FINAL_WITH_TLS_PSK
|
||||||
char *psk;
|
char *psk;
|
||||||
char *psk_identity;
|
char *psk_identity;
|
||||||
# endif
|
# endif
|
||||||
|
@ -223,7 +223,7 @@ void print_usage(void)
|
|||||||
#ifdef WITH_TLS
|
#ifdef WITH_TLS
|
||||||
printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n");
|
printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n");
|
||||||
printf(" [--ciphers ciphers] [--insecure]]\n");
|
printf(" [--ciphers ciphers] [--insecure]]\n");
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n");
|
printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
@ -280,7 +280,7 @@ void print_usage(void)
|
|||||||
printf(" hostname. Using this option means that you cannot be sure that the\n");
|
printf(" hostname. Using this option means that you cannot be sure that the\n");
|
||||||
printf(" remote host is the server you wish to connect to and so is insecure.\n");
|
printf(" remote host is the server you wish to connect to and so is insecure.\n");
|
||||||
printf(" Do not use this option in a production environment.\n");
|
printf(" Do not use this option in a production environment.\n");
|
||||||
# ifdef WITH_TLS_PSK
|
# ifdef FINAL_WITH_TLS_PSK
|
||||||
printf(" --psk : pre-shared-key in hexadecimal (no leading 0x) to enable TLS-PSK mode.\n");
|
printf(" --psk : pre-shared-key in hexadecimal (no leading 0x) to enable TLS-PSK mode.\n");
|
||||||
printf(" --psk-identity : client identity string for TLS-PSK mode.\n");
|
printf(" --psk-identity : client identity string for TLS-PSK mode.\n");
|
||||||
# endif
|
# endif
|
||||||
|
@ -155,7 +155,7 @@ void print_usage(void)
|
|||||||
#ifdef WITH_TLS
|
#ifdef WITH_TLS
|
||||||
printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n");
|
printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n");
|
||||||
printf(" [--ciphers ciphers] [--insecure]]\n");
|
printf(" [--ciphers ciphers] [--insecure]]\n");
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n");
|
printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
@ -218,7 +218,7 @@ void print_usage(void)
|
|||||||
printf(" hostname. Using this option means that you cannot be sure that the\n");
|
printf(" hostname. Using this option means that you cannot be sure that the\n");
|
||||||
printf(" remote host is the server you wish to connect to and so is insecure.\n");
|
printf(" remote host is the server you wish to connect to and so is insecure.\n");
|
||||||
printf(" Do not use this option in a production environment.\n");
|
printf(" Do not use this option in a production environment.\n");
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
printf(" --psk : pre-shared-key in hexadecimal (no leading 0x) to enable TLS-PSK mode.\n");
|
printf(" --psk : pre-shared-key in hexadecimal (no leading 0x) to enable TLS-PSK mode.\n");
|
||||||
printf(" --psk-identity : client identity string for TLS-PSK mode.\n");
|
printf(" --psk-identity : client identity string for TLS-PSK mode.\n");
|
||||||
#endif
|
#endif
|
||||||
|
8
config.h
8
config.h
@ -37,4 +37,12 @@
|
|||||||
#define uthash_malloc(sz) mosquitto__malloc(sz)
|
#define uthash_malloc(sz) mosquitto__malloc(sz)
|
||||||
#define uthash_free(ptr,sz) mosquitto__free(ptr)
|
#define uthash_free(ptr,sz) mosquitto__free(ptr)
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef WITH_TLS
|
||||||
|
# include <openssl/opensslconf.h>
|
||||||
|
# if defined(WITH_TLS_PSK) && !defined(OPENSSL_NO_PSK)
|
||||||
|
# define FINAL_WITH_TLS_PSK
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -183,7 +183,7 @@ int net__socket_close(struct mosquitto *mosq)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
static unsigned int psk_client_callback(SSL *ssl, const char *hint,
|
static unsigned int psk_client_callback(SSL *ssl, const char *hint,
|
||||||
char *identity, unsigned int max_identity_len,
|
char *identity, unsigned int max_identity_len,
|
||||||
unsigned char *psk, unsigned int max_psk_len)
|
unsigned char *psk, unsigned int max_psk_len)
|
||||||
@ -594,7 +594,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
|
|||||||
return MOSQ_ERR_TLS;
|
return MOSQ_ERR_TLS;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
}else if(mosq->tls_psk){
|
}else if(mosq->tls_psk){
|
||||||
SSL_CTX_set_psk_client_callback(mosq->ssl_ctx, psk_client_callback);
|
SSL_CTX_set_psk_client_callback(mosq->ssl_ctx, psk_client_callback);
|
||||||
#endif
|
#endif
|
||||||
|
@ -223,7 +223,7 @@ int mosquitto_tls_insecure_set(struct mosquitto *mosq, bool value)
|
|||||||
|
|
||||||
int mosquitto_tls_psk_set(struct mosquitto *mosq, const char *psk, const char *identity, const char *ciphers)
|
int mosquitto_tls_psk_set(struct mosquitto *mosq, const char *psk, const char *identity, const char *ciphers)
|
||||||
{
|
{
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if(!mosq || !psk || !identity) return MOSQ_ERR_INVAL;
|
if(!mosq || !psk || !identity) return MOSQ_ERR_INVAL;
|
||||||
|
|
||||||
/* Check for hex only digits */
|
/* Check for hex only digits */
|
||||||
|
@ -349,7 +349,7 @@ int mosquitto_topic_matches_sub2(const char *sub, size_t sublen, const char *top
|
|||||||
return MOSQ_ERR_SUCCESS;
|
return MOSQ_ERR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len)
|
int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len)
|
||||||
{
|
{
|
||||||
BIGNUM *bn = NULL;
|
BIGNUM *bn = NULL;
|
||||||
|
@ -33,7 +33,7 @@ int mosquitto__check_keepalive(struct mosquitto *mosq);
|
|||||||
uint16_t mosquitto__mid_generate(struct mosquitto *mosq);
|
uint16_t mosquitto__mid_generate(struct mosquitto *mosq);
|
||||||
FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read);
|
FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read);
|
||||||
|
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len);
|
int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -82,7 +82,7 @@ int bridge__new(struct mosquitto_db *db, struct mosquitto__bridge *bridge)
|
|||||||
new_context->tls_cert_reqs = SSL_VERIFY_PEER;
|
new_context->tls_cert_reqs = SSL_VERIFY_PEER;
|
||||||
new_context->tls_version = new_context->bridge->tls_version;
|
new_context->tls_version = new_context->bridge->tls_version;
|
||||||
new_context->tls_insecure = new_context->bridge->tls_insecure;
|
new_context->tls_insecure = new_context->bridge->tls_insecure;
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
new_context->tls_psk_identity = new_context->bridge->tls_psk_identity;
|
new_context->tls_psk_identity = new_context->bridge->tls_psk_identity;
|
||||||
new_context->tls_psk = new_context->bridge->tls_psk;
|
new_context->tls_psk = new_context->bridge->tls_psk;
|
||||||
#endif
|
#endif
|
||||||
|
20
src/conf.c
20
src/conf.c
@ -341,7 +341,7 @@ void config__cleanup(struct mosquitto__config *config)
|
|||||||
#ifdef WITH_TLS
|
#ifdef WITH_TLS
|
||||||
mosquitto__free(config->bridges[i].tls_version);
|
mosquitto__free(config->bridges[i].tls_version);
|
||||||
mosquitto__free(config->bridges[i].tls_cafile);
|
mosquitto__free(config->bridges[i].tls_cafile);
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
mosquitto__free(config->bridges[i].tls_psk_identity);
|
mosquitto__free(config->bridges[i].tls_psk_identity);
|
||||||
mosquitto__free(config->bridges[i].tls_psk);
|
mosquitto__free(config->bridges[i].tls_psk);
|
||||||
#endif
|
#endif
|
||||||
@ -687,7 +687,7 @@ int config__read(struct mosquitto_db *db, struct mosquitto__config *config, bool
|
|||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
}
|
}
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if(config->bridges[i].tls_psk && !config->bridges[i].tls_psk_identity){
|
if(config->bridges[i].tls_psk && !config->bridges[i].tls_psk_identity){
|
||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration: missing bridge_identity.\n");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration: missing bridge_identity.\n");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
@ -921,7 +921,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
|
|||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
}
|
}
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
|
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
|
||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
@ -938,7 +938,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
|
|||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
}
|
}
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
|
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
|
||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
@ -955,7 +955,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
|
|||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
}
|
}
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
|
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
|
||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
@ -966,7 +966,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
|
|||||||
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge and/or TLS support not available.");
|
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge and/or TLS support not available.");
|
||||||
#endif
|
#endif
|
||||||
}else if(!strcmp(token, "bridge_identity")){
|
}else if(!strcmp(token, "bridge_identity")){
|
||||||
#if defined(WITH_BRIDGE) && defined(WITH_TLS_PSK)
|
#if defined(WITH_BRIDGE) && defined(FINAL_WITH_TLS_PSK)
|
||||||
if(reload) continue; // FIXME
|
if(reload) continue; // FIXME
|
||||||
if(!cur_bridge){
|
if(!cur_bridge){
|
||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
@ -1001,7 +1001,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
|
|||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
}
|
}
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
|
if(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){
|
||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Cannot use both certificate and psk encryption in a single bridge.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
@ -1036,7 +1036,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
|
|||||||
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available.");
|
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available.");
|
||||||
#endif
|
#endif
|
||||||
}else if(!strcmp(token, "bridge_psk")){
|
}else if(!strcmp(token, "bridge_psk")){
|
||||||
#if defined(WITH_BRIDGE) && defined(WITH_TLS_PSK)
|
#if defined(WITH_BRIDGE) && defined(FINAL_WITH_TLS_PSK)
|
||||||
if(reload) continue; // FIXME
|
if(reload) continue; // FIXME
|
||||||
if(!cur_bridge){
|
if(!cur_bridge){
|
||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
@ -1692,7 +1692,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
|
|||||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty protocol value in configuration.");
|
log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty protocol value in configuration.");
|
||||||
}
|
}
|
||||||
}else if(!strcmp(token, "psk_file")){
|
}else if(!strcmp(token, "psk_file")){
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
conf__set_cur_security_options(config, cur_listener, &cur_security_options);
|
conf__set_cur_security_options(config, cur_listener, &cur_security_options);
|
||||||
if(reload){
|
if(reload){
|
||||||
mosquitto__free(cur_security_options->psk_file);
|
mosquitto__free(cur_security_options->psk_file);
|
||||||
@ -1703,7 +1703,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
|
|||||||
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: TLS/TLS-PSK support not available.");
|
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: TLS/TLS-PSK support not available.");
|
||||||
#endif
|
#endif
|
||||||
}else if(!strcmp(token, "psk_hint")){
|
}else if(!strcmp(token, "psk_hint")){
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if(reload) continue; // Listeners not valid for reloading.
|
if(reload) continue; // Listeners not valid for reloading.
|
||||||
if(conf__parse_string(&token, "psk_hint", &cur_listener->psk_hint, saveptr)) return MOSQ_ERR_INVAL;
|
if(conf__parse_string(&token, "psk_hint", &cur_listener->psk_hint, saveptr)) return MOSQ_ERR_INVAL;
|
||||||
#else
|
#else
|
||||||
|
@ -420,7 +420,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
|
|||||||
rc = 1;
|
rc = 1;
|
||||||
goto handle_connect_error;
|
goto handle_connect_error;
|
||||||
}
|
}
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
if(context->listener->psk_hint){
|
if(context->listener->psk_hint){
|
||||||
/* Client should have provided an identity to get this far. */
|
/* Client should have provided an identity to get this far. */
|
||||||
if(!context->username){
|
if(!context->username){
|
||||||
@ -429,7 +429,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
|
|||||||
goto handle_connect_error;
|
goto handle_connect_error;
|
||||||
}
|
}
|
||||||
}else{
|
}else{
|
||||||
#endif /* WITH_TLS_PSK */
|
#endif /* FINAL_WITH_TLS_PSK */
|
||||||
client_cert = SSL_get_peer_certificate(context->ssl);
|
client_cert = SSL_get_peer_certificate(context->ssl);
|
||||||
if(!client_cert){
|
if(!client_cert){
|
||||||
send__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD);
|
send__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD);
|
||||||
@ -496,9 +496,9 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
|
|||||||
}
|
}
|
||||||
X509_free(client_cert);
|
X509_free(client_cert);
|
||||||
client_cert = NULL;
|
client_cert = NULL;
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
}
|
}
|
||||||
#endif /* WITH_TLS_PSK */
|
#endif /* FINAL_WITH_TLS_PSK */
|
||||||
}else{
|
}else{
|
||||||
#endif /* WITH_TLS */
|
#endif /* WITH_TLS */
|
||||||
if(username_flag){
|
if(username_flag){
|
||||||
|
@ -463,7 +463,7 @@ struct mosquitto__bridge{
|
|||||||
char *tls_certfile;
|
char *tls_certfile;
|
||||||
char *tls_keyfile;
|
char *tls_keyfile;
|
||||||
char *tls_version;
|
char *tls_version;
|
||||||
# ifdef WITH_TLS_PSK
|
# ifdef FINAL_WITH_TLS_PSK
|
||||||
char *tls_psk_identity;
|
char *tls_psk_identity;
|
||||||
char *tls_psk;
|
char *tls_psk;
|
||||||
# endif
|
# endif
|
||||||
|
@ -247,7 +247,7 @@ static int client_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WITH_TLS_PSK
|
#ifdef FINAL_WITH_TLS_PSK
|
||||||
static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len)
|
static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len)
|
||||||
{
|
{
|
||||||
struct mosquitto_db *db;
|
struct mosquitto_db *db;
|
||||||
@ -520,7 +520,7 @@ int net__socket_listen(struct mosquitto__listener *listener)
|
|||||||
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
|
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
|
||||||
}
|
}
|
||||||
|
|
||||||
# ifdef WITH_TLS_PSK
|
# ifdef FINAL_WITH_TLS_PSK
|
||||||
}else if(listener->psk_hint){
|
}else if(listener->psk_hint){
|
||||||
if(tls_ex_index_context == -1){
|
if(tls_ex_index_context == -1){
|
||||||
tls_ex_index_context = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
|
tls_ex_index_context = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
|
||||||
@ -543,7 +543,7 @@ int net__socket_listen(struct mosquitto__listener *listener)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# endif /* WITH_TLS_PSK */
|
# endif /* FINAL_WITH_TLS_PSK */
|
||||||
}
|
}
|
||||||
#endif /* WITH_TLS */
|
#endif /* WITH_TLS */
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user