- Broker will log warnings if sensitive files are world readable/writable, or
if the owner/group is not the same as the user/group the broker is running
as. In future versions the broker will refuse to open these files.
Do not try to open keyfile when keyform is "engine": this is not necessarily a real file.
Dynamic engines require init with OPENSSL_INIT_ENGINE_DYNAMIC before they can be loaded.
Signed-off-by: Bart Desplanques <bart.desplanques@gmail.com>
When calling mosquitto_tls_opts_set() multiple time in a row
on the same mosquitto context (Example: trying to reconnect
to mqtt broker), some of the tls options are not free, resulting in a memory leak.
The TLS options (tls_version, tls_ciphers) must be free before being set.
Signed-off-by: Guillaume PELLEGRINO <guillaume.pellegrino@yahoo.com>
next_msg_out must be protected with the msgtime_mutex
as done everywhere else in the code else there is a data race
e.g. if mosquitto_publish is called from another thread
Signed-off-by: Christian Salvasohn <csalvasohn@gmx.de>
When using the library asynchronously, TLS errors caused e.g. because
of the date/time not set correctly, cause the connection to be silently
dropped without the disconnection callback being invoked, as described
in issue #1052.
This commit fixes the issue, returning the behavior to the one the
library had previous to version 1.5.4, if a TLS error occurs, the
disconnect callback will be invoked for the client to get notified of
the error.
Signed-off-by: doragasu <doragasu@protonmail.com>
Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none
of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and
MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true.
Closes#2288. Thanks to Poltorak Serguei.
An MQTT v5 client connecting with a large number of user-property properties
could cause excessive CPU usage, leading to a loss of performance and
possible denial of service. This has been fixed.
If a plugin had granted ACL subscription access to a
durable/non-clean-session client, then removed that access, the client would
keep its existing subscription. This has been fixed.
Threaded mode is deconfigured when the mosquitto_loop_start() thread ends,
which allows mosquitto_loop_start() to be called again.
Closes#2242. Thanks to Timo Lange.