Fix reconnecting in some cases when using MOSQ_OPT_TLS_USE_OS_CERTS.

Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true. Closes #2288. Thanks to Poltorak Serguei.
2021-08-31 15:59:40 +01:00 · 2021-08-31 15:59:40 +01:00 · d09591d92e
commit d09591d92e
parent e43d36020f
4 changed files with 17 additions and 7 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -52,6 +52,10 @@ Client library:
 - Threaded mode is deconfigured when the mosquitto_loop_start() thread ends,
  which allows mosquitto_loop_start() to be called again. Closes #2242.
 - Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. Closes #2289.
+- Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none
+  of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and
+  MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true.
+  Closes #2288.

 Apps:
 - Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working.
--- a/lib/mosquitto_internal.h
+++ b/lib/mosquitto_internal.h
@ -243,6 +243,9 @@ struct mosquitto {
 #ifdef WITH_TLS
 	SSL *ssl;
 	SSL_CTX *ssl_ctx;
+#ifndef WITH_BROKER
+	SSL_CTX *user_ssl_ctx;
+#endif
 	char *tls_cafile;
 	char *tls_capath;
 	char *tls_certfile;
--- a/lib/net_mosq.c
+++ b/lib/net_mosq.c
@ -669,14 +669,17 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
 	EVP_PKEY *pkey;
 #endif
 
-	if(mosq->ssl_ctx){
+#ifndef WITH_BROKER
+	if(mosq->user_ssl_ctx){
+		mosq->ssl_ctx = mosq->user_ssl_ctx;
 		if(!mosq->ssl_ctx_defaults){
 			return MOSQ_ERR_SUCCESS;
 		}else if(!mosq->tls_cafile && !mosq->tls_capath && !mosq->tls_psk){
-			log__printf(mosq, MOSQ_LOG_ERR, "Error: MOSQ_OPT_SSL_CTX_WITH_DEFAULTS used without specifying cafile, capath or psk.");
+			log__printf(mosq, MOSQ_LOG_ERR, "Error: If you use MOSQ_OPT_SSL_CTX then MOSQ_OPT_SSL_CTX_WITH_DEFAULTS must be true, or at least one of cafile, capath or psk must be specified.");
 			return MOSQ_ERR_INVAL;
 		}
 	}
+#endif

 	/* Apply default SSL_CTX settings. This is only used if MOSQ_OPT_SSL_CTX
 	 * has not been set, or if both of MOSQ_OPT_SSL_CTX and
--- a/lib/options.c
+++ b/lib/options.c
@ -508,12 +508,12 @@ int mosquitto_void_option(struct mosquitto *mosq, enum mosq_opt_t option, void *
 	switch(option){
 		case MOSQ_OPT_SSL_CTX:
 #ifdef WITH_TLS
-			mosq->ssl_ctx = (SSL_CTX *)value;
-			if(mosq->ssl_ctx){
+			mosq->user_ssl_ctx = (SSL_CTX *)value;
+			if(mosq->user_ssl_ctx){
 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-				SSL_CTX_up_ref(mosq->ssl_ctx);
+				SSL_CTX_up_ref(mosq->user_ssl_ctx);
 #else
-				CRYPTO_add(&(mosq->ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);
+				CRYPTO_add(&(mosq->user_ssl_ctx)->references, 1, CRYPTO_LOCK_SSL_CTX);
 #endif
 			}
 			break;