d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix reconnecting in some cases when using MOSQ_OPT_TLS_USE_OS_CERTS.

Browse Source 
Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none
of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and
MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true.

Closes #2288. Thanks to Poltorak Serguei.
This commit is contained in:
Roger A. Light 2021-08-31 15:59:40 +01:00
parent e43d36020f
commit d09591d92e
4 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.txt
View File

@ -52,6 +52,10 @@ Client library:
- Threaded mode is deconfigured when the mosquitto_loop_start() thread ends, - Threaded mode is deconfigured when the mosquitto_loop_start() thread ends,
which allows mosquitto_loop_start() to be called again. Closes #2242. which allows mosquitto_loop_start() to be called again. Closes #2242.
- Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. Closes #2289. - Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. Closes #2289.
- Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none
of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and
MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true.
Closes #2288.
Apps: Apps:
- Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working. - Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working.

3
lib/mosquitto_internal.h
View File

@ -243,6 +243,9 @@ struct mosquitto {
#ifdef WITH_TLS #ifdef WITH_TLS
SSL *ssl; SSL *ssl;
SSL_CTX *ssl_ctx; SSL_CTX *ssl_ctx;
#ifndef WITH_BROKER
SSL_CTX *user_ssl_ctx;
#endif
char *tls_cafile; char *tls_cafile;
char *tls_capath; char *tls_capath;
char *tls_certfile; char *tls_certfile;

7
lib/net_mosq.c
View File

@ -669,14 +669,17 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
EVP_PKEY *pkey; EVP_PKEY *pkey;
#endif #endif
if(mosq->ssl_ctx){ #ifndef WITH_BROKER
if(mosq->user_ssl_ctx){
mosq->ssl_ctx = mosq->user_ssl_ctx;
if(!mosq->ssl_ctx_defaults){ if(!mosq->ssl_ctx_defaults){
return MOSQ_ERR_SUCCESS; return MOSQ_ERR_SUCCESS;
}else if(!mosq->tls_cafile && !mosq->tls_capath && !mosq->tls_psk){ }else if(!mosq->tls_cafile && !mosq->tls_capath && !mosq->tls_psk){
log__printf(mosq, MOSQ_LOG_ERR, "Error: MOSQ_OPT_SSL_CTX_WITH_DEFAULTS used without specifying cafile, capath or psk."); log__printf(mosq, MOSQ_LOG_ERR, "Error: If you use MOSQ_OPT_SSL_CTX then MOSQ_OPT_SSL_CTX_WITH_DEFAULTS must be true, or at least one of cafile, capath or psk must be specified.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
} }
#endif
/* Apply default SSL_CTX settings. This is only used if MOSQ_OPT_SSL_CTX /* Apply default SSL_CTX settings. This is only used if MOSQ_OPT_SSL_CTX
* has not been set, or if both of MOSQ_OPT_SSL_CTX and * has not been set, or if both of MOSQ_OPT_SSL_CTX and

8
lib/options.c
View File

@ -508,12 +508,12 @@ int mosquitto_void_option(struct mosquitto *mosq, enum mosq_opt_t option, void *
switch(option){ switch(option){
case MOSQ_OPT_SSL_CTX: case MOSQ_OPT_SSL_CTX:
#ifdef WITH_TLS #ifdef WITH_TLS
mosq->ssl_ctx = (SSL_CTX *)value; mosq->user_ssl_ctx = (SSL_CTX *)value;
if(mosq->ssl_ctx){ if(mosq->user_ssl_ctx){
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
SSL_CTX_up_ref(mosq->ssl_ctx); SSL_CTX_up_ref(mosq->user_ssl_ctx);
#else #else
CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX); CRYPTO_add(&(mosq->user_ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);
#endif #endif
} }
break; break;