TLS-PSK mismatch fix.
Produce an error if a TLS-PSK client tries to connect to a broker that is not configured with TLS-PSK.
This commit is contained in:
Roger A. Light
parent
fc4099eafa
commit
a37c8e65d2
@ -7,6 +7,13 @@ Broker:
|
||||
users this is not a risk. Closes #567213.
|
||||
- Fix `max_connections` option not being correctly counted.
|
||||
|
||||
Client library:
|
||||
- If a client uses TLS-PSK then force the default cipher list to use "PSK"
|
||||
ciphers only. This means that a client connecting to a broker configured
|
||||
with x509 certificates only will now fail. Prior to this, the client would
|
||||
connect successfully without verifying certificates, because they were not
|
||||
configured.
|
||||
|
||||
Clients:
|
||||
- mosquitto_sub and mosquitto_rr now open stdout in binary mode on Windows
|
||||
so binary payloads are not modified when printing.
|
||||
|
||||
@ -857,6 +857,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
|
||||
#ifdef FINAL_WITH_TLS_PSK
|
||||
}else if(mosq->tls_psk){
|
||||
SSL_CTX_set_psk_client_callback(mosq->ssl_ctx, psk_client_callback);
|
||||
if(mosq->tls_ciphers == NULL){
|
||||
SSL_CTX_set_cipher_list(mosq->ssl_ctx, "PSK");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user