Client and doc ALPN additions
Add ALPN support for all clients, update documentation, and add to ChangeLog.
This commit is contained in:
parent
f041cb484a
commit
dec769ce33
@ -20,6 +20,7 @@ Broker features:
|
||||
- Disallow writing to $ topics where appropriate.
|
||||
- Fix mosquitto_passwd crashing on corrupt password file. Closes #1207.
|
||||
- Add support for OCSP stapling.
|
||||
- Add support for ALPN on bridge TLS connections. Closes #924.
|
||||
|
||||
Client library features:
|
||||
- Add mosquitto_subscribe_multiple() for sending subscriptions to multiple
|
||||
@ -28,6 +29,7 @@ Client library features:
|
||||
- Add explicit support for TLS v1.3.
|
||||
- Drop support for TLS v1.0.
|
||||
- Add support for OCSP stapling to bridges.
|
||||
- Add support for ALPN on TLS connections. Closes #924.
|
||||
|
||||
Client features:
|
||||
- Add mosquitto_rr client, which can be used for "request-response" messaging,
|
||||
@ -39,6 +41,7 @@ Client features:
|
||||
messages on a broker.
|
||||
- -V now accepts `5, `311`, `31`, as well as `mqttv5` etc.
|
||||
- Add TLS Engine support.
|
||||
- Add support for ALPN on TLS connections. Closes #924.
|
||||
- Add explicit support for TLS v1.3.
|
||||
- Drop support for TLS v1.0.
|
||||
|
||||
|
@ -159,6 +159,7 @@ void client_config_cleanup(struct mosq_config *cfg)
|
||||
free(cfg->certfile);
|
||||
free(cfg->keyfile);
|
||||
free(cfg->ciphers);
|
||||
free(cfg->tls_alpn);
|
||||
free(cfg->tls_version);
|
||||
free(cfg->tls_engine);
|
||||
free(cfg->tls_engine_kpass_sha1);
|
||||
@ -870,6 +871,14 @@ int client_config_line_proc(struct mosq_config *cfg, int pub_or_sub, int argc, c
|
||||
}
|
||||
i++;
|
||||
#ifdef WITH_TLS
|
||||
}else if(!strcmp(argv[i], "--tls-alpn")){
|
||||
if(i==argc-1){
|
||||
fprintf(stderr, "Error: --tls-alpn argument given but no protocol specified.\n\n");
|
||||
return 1;
|
||||
}else{
|
||||
cfg->tls_alpn = strdup(argv[i+1]);
|
||||
}
|
||||
i++;
|
||||
}else if(!strcmp(argv[i], "--tls-engine")){
|
||||
if(i==argc-1){
|
||||
fprintf(stderr, "Error: --tls-engine argument given but no engine_id specified.\n\n");
|
||||
@ -1068,6 +1077,11 @@ int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
|
||||
mosquitto_lib_cleanup();
|
||||
return 1;
|
||||
}
|
||||
if(cfg->tls_alpn && mosquitto_string_option(mosq, MOSQ_OPT_TLS_ALPN, cfg->tls_alpn)){
|
||||
if(!cfg->quiet) fprintf(stderr, "Error: Problem setting TLS ALPN protocol.\n");
|
||||
mosquitto_lib_cleanup();
|
||||
return 1;
|
||||
}
|
||||
# ifdef FINAL_WITH_TLS_PSK
|
||||
if(cfg->psk && mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){
|
||||
if(!cfg->quiet) fprintf(stderr, "Error: Problem setting TLS-PSK options.\n");
|
||||
|
@ -67,6 +67,7 @@ struct mosq_config {
|
||||
char *keyfile;
|
||||
char *ciphers;
|
||||
bool insecure;
|
||||
char *tls_alpn;
|
||||
char *tls_version;
|
||||
char *tls_engine;
|
||||
char *tls_engine_kpass_sha1;
|
||||
|
@ -266,6 +266,7 @@ void print_usage(void)
|
||||
#ifdef WITH_TLS
|
||||
printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n");
|
||||
printf(" [--ciphers ciphers] [--insecure]\n");
|
||||
printf(" [--tls-alpn protocol]\n");
|
||||
printf(" [--tls-engine engine] [--keyform keyform] [--tls-engine-kpass-sha1]]\n");
|
||||
#ifdef FINAL_WITH_TLS_PSK
|
||||
printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n");
|
||||
|
@ -174,8 +174,10 @@ void print_usage(void)
|
||||
printf(" [--will-topic [--will-payload payload] [--will-qos qos] [--will-retain]]\n");
|
||||
#ifdef WITH_TLS
|
||||
printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n");
|
||||
printf(" [--ciphers ciphers] [--insecure]]\n");
|
||||
#ifdef WITH_TLS_PSK
|
||||
printf(" [--ciphers ciphers] [--insecure]\n");
|
||||
printf(" [--tls-alpn protocol]\n");
|
||||
printf(" [--tls-engine engine] [--keyform keyform] [--tls-engine-kpass-sha1]]\n");
|
||||
#ifdef FINAL_WITH_TLS_PSK
|
||||
printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n");
|
||||
#endif
|
||||
#endif
|
||||
|
@ -185,8 +185,9 @@ void print_usage(void)
|
||||
printf(" [--will-topic [--will-payload payload] [--will-qos qos] [--will-retain]]\n");
|
||||
#ifdef WITH_TLS
|
||||
printf(" [{--cafile file | --capath dir} [--cert file] [--key file]\n");
|
||||
printf(" [--ciphers ciphers] [--insecure] [--tls-engine engine]\n");
|
||||
printf(" [--keyform keyform] [--tls-engine-kpass-sha1]]\n");
|
||||
printf(" [--ciphers ciphers] [--insecure]\n");
|
||||
printf(" [--tls-alpn protocol]\n");
|
||||
printf(" [--tls-engine engine] [--keyform keyform] [--tls-engine-kpass-sha1]]\n");
|
||||
#ifdef FINAL_WITH_TLS_PSK
|
||||
printf(" [--psk hex-key --psk-identity identity [--ciphers ciphers]]\n");
|
||||
#endif
|
||||
|
@ -2070,6 +2070,10 @@ libmosq_EXPORT void mosquitto_log_callback_set(struct mosquitto *mosq, void (*on
|
||||
* accessed, this option allows a hex encoded SHA1 hash of the
|
||||
* private key password to be passed to the engine directly.
|
||||
* Must be set before <mosquitto_connect>.
|
||||
* MOSQ_OPT_TLS_ALPN
|
||||
* If the broker being connected to has multiple services available
|
||||
* on a single TLS port, such as both MQTT and WebSockets, use this
|
||||
* option to configure the ALPN option for the connection.
|
||||
*/
|
||||
libmosq_EXPORT int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, const char *value);
|
||||
|
||||
|
@ -1704,6 +1704,14 @@ topic clients/total in 0 test/mosquitto/org $SYS/broker/
|
||||
<para>The following options are available for all bridges to
|
||||
configure SSL/TLS support.</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>bridge_alpn</option> <replaceable>alpn</replaceable></term>
|
||||
<listitem>
|
||||
<para>Configure the application layer protocol negotiation
|
||||
option for the TLS session. Useful for brokers that support
|
||||
both websockets and MQTT on the same port.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>bridge_cafile</option> <replaceable>file path</replaceable></term>
|
||||
<listitem>
|
||||
@ -1811,14 +1819,6 @@ topic clients/total in 0 test/mosquitto/org $SYS/broker/
|
||||
connection to succeed.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>bridge_alpn</option> <replaceable>alpn</replaceable></term>
|
||||
<listitem>
|
||||
<para>Configure the application layer protocol negotiation
|
||||
option for the TLS session. Useful for brokers that support
|
||||
both websockets and MQTT on the same port.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
@ -63,6 +63,7 @@
|
||||
<arg><option>--key</option> <replaceable>file</replaceable></arg>
|
||||
<arg><option>--ciphers</option> <replaceable>ciphers</replaceable></arg>
|
||||
<arg><option>--tls-version</option> <replaceable>version</replaceable></arg>
|
||||
<arg><option>--tls-alpn</option> <replaceable>protocol</replaceable></arg>
|
||||
<arg><option>--tls-engine</option> <replaceable>engine</replaceable></arg>
|
||||
<arg><option>--keyform</option>
|
||||
<group choice='req'>
|
||||
@ -455,6 +456,14 @@
|
||||
<para>The MQTT topic on which to publish the message. See <citerefentry><refentrytitle>mqtt</refentrytitle><manvolnum>7</manvolnum></citerefentry> for more information on MQTT topics.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>--tls-alpn</option></term>
|
||||
<listitem>
|
||||
<para>Provide a protocol to use when connecting to a broker
|
||||
that has multiple protocols available on a single port,
|
||||
e.g. MQTT and WebSockets.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>--tls-engine</option></term>
|
||||
<listitem>
|
||||
|
@ -70,6 +70,7 @@
|
||||
<arg><option>--cert</option> <replaceable>file</replaceable></arg>
|
||||
<arg><option>--key</option> <replaceable>file</replaceable></arg>
|
||||
<arg><option>--tls-version</option> <replaceable>version</replaceable></arg>
|
||||
<arg><option>--tls-alpn</option> <replaceable>protocol</replaceable></arg>
|
||||
<arg><option>--insecure</option></arg>
|
||||
</arg>
|
||||
<arg>
|
||||
@ -472,6 +473,13 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>--tls-alpn</option></term>
|
||||
<listitem>
|
||||
<para>Provide a protocol to use when connecting to a broker
|
||||
that has multiple protocols available on a single port,
|
||||
e.g. MQTT and WebSockets.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<term><option>--tls-version</option></term>
|
||||
<listitem>
|
||||
<para>Choose which TLS protocol version to use when
|
||||
|
@ -72,6 +72,7 @@
|
||||
<arg><option>--cert</option> <replaceable>file</replaceable></arg>
|
||||
<arg><option>--key</option> <replaceable>file</replaceable></arg>
|
||||
<arg><option>--tls-version</option> <replaceable>version</replaceable></arg>
|
||||
<arg><option>--tls-alpn</option> <replaceable>protocol</replaceable></arg>
|
||||
<arg><option>--tls-engine</option> <replaceable>engine</replaceable></arg>
|
||||
<arg><option>--keyform</option>
|
||||
<group choice='req'>
|
||||
@ -565,6 +566,14 @@ mosquitto_sub -t 'bbc/#' -T bbc/bbc1 --remove-retained</programlisting>
|
||||
topics or topic trees.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>--tls-alpn</option></term>
|
||||
<listitem>
|
||||
<para>Provide a protocol to use when connecting to a broker
|
||||
that has multiple protocols available on a single port,
|
||||
e.g. MQTT and WebSockets.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><option>--tls-engine</option></term>
|
||||
<listitem>
|
||||
|
@ -939,6 +939,11 @@
|
||||
# point using encryption.
|
||||
#bridge_insecure false
|
||||
|
||||
# If the remote broker has more than one protocol available on its port, e.g.
|
||||
# MQTT and WebSockets, then use bridge_alpn to configure which protocol is
|
||||
# requested. Note that WebSockets support for bridges is not yet available.
|
||||
#bridge_alpn
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# PSK based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
|
Loading…
Reference in New Issue
Block a user