Roger A. Light
d3d6f3a980
Fix compiling with openssl < 1.1.1.
2019-02-28 11:23:26 +00:00
Roger A. Light
463de0a2c1
Make error messages for missing config file clearer.
2019-02-28 11:13:47 +00:00
Roger A. Light
0632549ce9
Doc improvements for websockets_header_size.
2019-02-28 00:34:23 +00:00
Pierre Fersing
1aaf5f2348
Add websockets_headers_size option
...
Signed-off-by: Pierre Fersing <pierre.fersing@bleemeo.com>
2019-02-28 00:25:19 +00:00
Roger A. Light
1924afe49e
Add explicit support for TLS v1.3 and drop TLS v1.0.
2019-02-27 22:50:01 +00:00
Roger A. Light
130ddf47f7
Add dhparamfile
option, to allow DH parameters to be loaded.
...
This is for Ephemeral DH support on listeners.
2019-02-27 22:26:40 +00:00
Roger A. Light
4564ff1232
Set umask for temp file.
2019-02-27 17:49:19 +00:00
Roger A. Light
87b3ca35f1
Use mkstemp with mosquitto_passwd on non-Windows.
2019-02-27 16:38:54 +00:00
Roger A. Light
48d731ecb5
Use better random numbers for everything, where possible.
2019-02-27 14:15:31 +00:00
Roger A. Light
dfbd33e0f4
Update documentation for bridge backup, plus tweaks
...
Sets default to use the backoff mechanism.
2019-02-27 13:52:19 +00:00
Abilio Marques
87eb535307
bridge: add decorrelated jitter backoff mechanism
...
Signed-off-by: Abilio Marques <abiliojr@gmail.com>
2019-02-27 13:25:20 +00:00
Roger A. Light
72941db546
Coverity fixes
...
1399064
1399065
1398655
1398656
1398654
1399067
1399066
1399063
1399060
1399059
1399068
1399062
1398657
1398653
1302848
1302847
1399070
2019-02-27 12:38:20 +00:00
Steven Lawrance
208c3d3e85
Allow binding a listener to a specific network interface
...
Signed-off-by: Steven Lawrance <stl@koffein.net>
2019-02-27 09:38:39 +00:00
Roger A. Light
b2c0c3d573
Handle DISCONNECT with will.
2019-02-27 09:27:34 +00:00
Roger A. Light
3b6b6d5fa8
Test improvements
...
And some related fixes.
2019-02-27 09:27:34 +00:00
Roger A. Light
c506c8335b
Will delay tests and implementation.
2019-02-27 09:27:34 +00:00
Roger A. Light
b0c60fb6e1
Separate will reading code.
2019-02-27 09:27:34 +00:00
Roger A. Light
5aabc171b0
Merge branch 'mqtt5' into develop
2019-02-26 18:51:31 +00:00
Roger A. Light
e862a047a8
Rework TLS engine support.
2019-02-26 17:11:29 +00:00
Nicolás Pernas Maradei
20894fcbce
Add engine private key password support
...
Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.
The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]
By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.
Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.
This commit adds support for both clients (libmosquitto) and broker.
[1] https://goo.gl/qQoXBY
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
2019-02-26 15:50:37 +00:00
Nicolás Pernas Maradei
d5f039ec7c
Add TLS engine and keyform support to mosquitto
...
Add same OpenSSL engine support to mosquitto (server side) previously added to
client side only.
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
2019-02-26 15:50:37 +00:00
Roger A. Light
c3c8c99f5d
Fix dropping oversize messages for QoS>0.
2019-02-21 08:31:54 +00:00
Roger A. Light
1d17ced449
Broker configurable max_packet_size
...
Plus tests.
2019-02-19 15:57:20 +00:00
Roger A. Light
1877f8a326
Tests and implementation for maximum packet size.
...
This is for broker outgoing connack and publish packets only.
2019-02-18 19:50:51 +00:00
Roger A. Light
8db16591fa
Test and fix for subscription identifiers not being updated.
...
Closes #1169 . Thanks to Christoph Krey.
2019-02-18 12:24:19 +00:00
Roger A. Light
66c1e2ccf0
Add mosquitto_unsubscribe_multiple(), plus tests.
2019-02-17 20:59:16 +00:00
Roger A. Light
1479c57e34
v5 report reason code=no sub when unsubscribing.
2019-02-17 10:14:02 +00:00
Roger A. Light
1ec0cea34a
Fix missing reason_code on v5 UNSUBACK.
...
Closes #1167 . Thanks to Christoph Krey.
2019-02-17 09:30:06 +00:00
Roger A. Light
5e8199323b
Fix clients being disconnected when ACLs are in use.
...
This only affects the case where a client connects using a username, and
the anonymous ACL list is defined but specific user ACLs are not
defined.
Closes #1162 . Thanks to quonb.
2019-02-14 17:46:01 +00:00
Roger A. Light
8350956a08
Make include_dir sort usefully case sensitive.
2019-02-13 22:55:15 +00:00
Roger A. Light
321e566af6
Fix unref'd messages being saved to the persistence file.
...
This was leaving dangling messages that were never freed.
Closes #389 . Thanks to pjchx.
2019-02-13 12:08:05 +00:00
Roger A. Light
084062c85e
Merge branch 'fixes' into mqtt5
2019-02-12 17:05:42 +00:00
Roger A. Light
9999faf9da
Add rewritten build test script and remove some build warnings.
2019-02-12 13:24:54 +00:00
Roger A. Light
04e89450c0
Don't require C99 compiler.
2019-02-09 13:52:09 +00:00
Roger A. Light
715da28602
Fix include_dir not sorting config files before loading.
...
Thanks to momoskitto.
2019-02-08 23:52:11 +00:00
Roger A. Light
2e1c2c430f
per_listener_settings true
must come before other security settings.
...
Produce error if this is not the case. Closes #1164 , thanks to
momoskitto.
2019-02-08 23:14:43 +00:00
Roger A. Light
9378016b19
Fix build failure when using WITH_ADNS=yes
2019-02-08 21:34:08 +00:00
Roger A. Light
05458eb35d
Fix some unused variable warnings.
2019-02-08 13:01:07 +00:00
Roger A. Light
1c075988ca
Log message for disconnecting a client with invalid UTF-8 topic.
...
Closes #1144 . Thanks to Kris Mattheus.
2019-02-08 13:01:07 +00:00
Roger A. Light
17b52bd5d1
Windows: Fix possible crash when client disconnects.
...
Closes #1137 . Thanks to Kris Mattheus.
2019-02-08 13:01:07 +00:00
Roger A. Light
d6a690aa8d
Fix Will not being sent for Websockets clients.
...
Closes #1143 . Thanks to salcedo.
2019-02-08 13:01:07 +00:00
Roger A. Light
29a1936c77
Fix spaces not being allowed in the bridge remote_username option.
...
Closes #1131 . Thanks to beville.
2019-02-08 13:01:07 +00:00
Roger Light
c40957a7d8
Fix and tests for CVE-2018-12546.
2019-02-08 13:01:07 +00:00
Roger A. Light
d8505624d0
Fix and tests for security bug #541870 .
2019-02-08 13:01:07 +00:00
Roger A. Light
36b5421c59
Fix and tests for security bug #543401 .
2019-02-08 13:01:07 +00:00
Steven Lawrance
84d5028c2e
Include sys/socket.h for AF_INET definition
...
Without this, mosquitto doesn't build on FreeBSD with websockets enabled
Signed-off-by: Steven Lawrance <stl@koffein.net>
2019-02-08 13:01:07 +00:00
Roger Light
5236295159
Handle mismatched handshakes properly.
...
For example, a QoS1 PUBLISH with QoS2 reply.
2019-02-08 13:01:07 +00:00
Vinod Kumar
78259850ed
ignore inline comments while parsing optional config params
...
Signed-off-by: Vinod Kumar <kumar003vinod@gmail.com>
2019-02-08 13:01:07 +00:00
Roger A. Light
be9c1071b0
Fix compilation when openssl deprecated APIs are not available.
...
Closes #1094 . Thanks to Rosen Penev.
2019-02-08 13:01:07 +00:00
Roger A. Light
70c4097b6f
Fix comparison of boolean values in CMake build.
...
Closes #1101 . Thanks to Mojca Miklavec and Andrew L. Moore.
2019-02-08 13:01:07 +00:00
Roger A. Light
873ffce27a
Send DISCONNECT on invalid topic alias, plus test.
2019-01-25 22:53:31 +00:00
Roger A. Light
5e7f43c9ea
Temporarily disable all extended AUTH.
2019-01-25 22:02:12 +00:00
Roger A. Light
6b977fa198
Test and fixes for expiring retained messages.
2019-01-23 10:00:13 +00:00
Roger A. Light
ca3782b38d
Test and fixes for will message expiry interval.
2019-01-22 17:51:57 +00:00
Roger A. Light
6a59e92db8
Set remaining message expiry interval when republishing.
2019-01-22 12:43:52 +00:00
Roger A. Light
85615c1bae
AUTH packet can be truncated.
2019-01-18 21:38:29 +00:00
Roger A. Light
f9a17e2782
Add alias support to the broker.
2019-01-18 21:30:34 +00:00
Roger A. Light
37727b402b
Fix maximum qos on listener conf.
2019-01-17 21:04:46 +00:00
Roger Light
8513af4da5
Tests and fixes for shortened DISCONNECT packets.
2019-01-17 18:51:23 +00:00
Roger A. Light
5f8d86b4ee
Fix sub-denied test.
2019-01-10 22:10:32 +00:00
Roger A. Light
326292681a
Add maximum-qos support to broker and client.
...
This comes in the form of:
* Per listener maximum_qos option, which can be in the range 0-2.
* Changes to mosquitto_publish*() to return MOSQ_ERR_QOS_NOT_SUPPORTED
if attempting to publish with a higher QoS than supported.
* Bridges will downgrade messages to match the maximum QoS.
More tests on the broker side (specifically bridges) are required. This
needs bridge support for MQTT 5 first.
2019-01-09 18:03:01 +00:00
Roger Light
740a128769
Support PUBREC reason code >=0x80 as partial qos2 flow.
2019-01-09 15:00:12 +00:00
Roger Light
84660e1cbe
Send maximum limits for QoS>0.
...
This needs more work on the broker front to simplify the design.
2019-01-08 18:38:47 +00:00
Roger A. Light
16e83bfe5d
Process receive maximum (as max_inflight_messages).
2018-12-30 21:53:50 +00:00
Roger A. Light
7c3666d593
Subscription identifier support.
2018-12-20 15:32:43 +00:00
Roger A. Light
dab6452a1d
Add test for duplicate CONNECT.
2018-12-19 22:17:39 +00:00
Roger A. Light
ec1178806c
Fix bridge tests.
2018-12-19 14:38:49 +00:00
Roger A. Light
fcf4cd0b27
Merge branch 'master' into mqtt5
2018-12-19 14:11:11 +00:00
Roger A. Light
31e6dbbe74
Tests and fixes for subscription options.
2018-12-19 12:54:04 +00:00
Roger A. Light
72fdb590b1
Fix no local and retain as published for local bridges.
2018-12-19 10:45:40 +00:00
Roger A. Light
2919510384
No local support.
2018-12-14 13:54:26 +00:00
Roger A. Light
db7901884f
Retain-as-published support.
2018-12-14 13:36:02 +00:00
Roger A. Light
89f3d7bb3f
Don't print connect/disconnect messages when connection_messages false.
...
Closes #772 . Closes #613 . Closes #537 .
Thanks to Christopher Maynard, Brandon Arrendondo, and qubeck.
2018-12-11 10:55:39 +00:00
Roger A. Light
a00dd29af8
Fix building where TLS-PSK is not available.
...
Closes #68 .
2018-12-11 10:55:31 +00:00
Roger A. Light
9097577b49
Fix acl_file being ignore for default listener if with per_listener_settings
...
Close #1073 . Thanks to Jef Driesen.
Bug: https://github.com/eclipse/mosquitto/issues/1073
2018-12-09 21:23:46 +00:00
Jelle van der Waa
1a6f8d3c28
src: ASN1_STRING_data is deprecated in OpenSSL 1.1
...
ASN1_STRING_get0_data replaces ASN1_STRING_data in OpenSSL 1.1 therefore
add an #ifdef for backwards compatibility.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2018-12-09 21:22:04 +00:00
Roger A. Light
f90ba23738
Retain handling support.
2018-12-06 22:25:45 +00:00
Roger A. Light
9896e61727
Test and small fix for response-topic and correlation-data props.
2018-12-06 09:29:25 +00:00
Roger A. Light
6ef2c79e9a
Add max_keepalive, for limiting keepalives of MQTT v5 clients.
2018-12-06 08:49:02 +00:00
Roger A. Light
48c2217015
auto_id_prefix now defaults to 'auto-'.
2018-12-05 17:17:35 +00:00
Roger A. Light
1d3949bce0
Improve broker generated client ids for the non-Linux case.
...
Removes libuuid dependency.
2018-12-05 16:39:45 +00:00
Abilio Marques
ead440e47d
bridge: fix issue where keepalive_interval gets added to restart_timeout using ADNS
...
Signed-off-by: Abilio Marques <abiliojr@gmail.com>
2018-12-05 11:42:24 +00:00
Roger A. Light
3a871828ac
Print message on error when installing as a Windows service.
2018-12-05 11:25:41 +00:00
Roger A. Light
c9ed2708f6
Don't reload auth_opt_ options on reload.
...
This matches the behaviour of the other plugin options.
Closes #1068 . Thanks to Jason McFadyen.
Bug: https://github.com/eclipse/mosquitto/issues/1068
2018-12-04 20:51:25 +00:00
Roger A. Light
464b12f3d6
Fix outgoing retained messages not being sent by bridges.
...
This now happens on initial connection, after CONNACK is processed,
before it was happening (and being dropped) before the connection was
made.
Closes #1040 . Thanks to giover.
Bug: https://github.com/eclipse/mosquitto/issues/1040
2018-12-04 20:45:15 +00:00
Roger A. Light
e169f1c7c2
When using ADNS, don't ask for all network protocols when connecting.
...
This can lead to confusing "Protocol not supported" errors if the
network is down, because UDP sockets are provided.
Thanks to jsaak.
Closes #1062 .
Bug: https://github.com/eclipse/mosquitto/issues/1062
2018-12-04 12:39:00 +00:00
Roger A. Light
d29dac087d
Add socket_domain option.
2018-12-04 11:48:29 +00:00
Roger A. Light
7020fad86c
Add server support for Assigned Client Identifier.
2018-11-29 17:19:26 +00:00
Roger A. Light
d5108956bf
Process session-expiry-interval on CONNECT and DISCONNECT.
...
Add test to check for invalid values.
2018-11-27 12:23:21 +00:00
Roger A. Light
54db895cb3
Rename clean_session to clean_start for v5.
2018-11-27 10:02:10 +00:00
Roger A. Light
1241f68ff5
Macro update
2018-11-27 09:58:39 +00:00
Roger Light
17d213b79a
Declare lack of support for shared subs and sub IDs.
2018-11-22 18:54:12 +00:00
Roger Light
9560c5bac7
Add retain_available support.
2018-11-22 18:21:40 +00:00
Roger Light
6ca746695f
Pass db to send__connack() to give it access to config.
2018-11-22 17:32:43 +00:00
Roger A. Light
9464e3fe19
Guard against possible null client id.
2018-11-20 10:15:34 +00:00
Roger A. Light
098a1c8ecf
Fix subscribe_multiple datatypes.
2018-11-13 14:05:03 +00:00
Roger A. Light
beb96c6b8b
Merge branch 'master' into develop
2018-11-11 21:41:44 +00:00
Roger A. Light
b54e379fba
Fix websockets listeners not verifying client certs.
...
When using a TLS enabled websockets listener with "require_certificate"
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed. All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this. Closes #996 .
Thanks to creising.
2018-11-08 12:10:28 +00:00
Roger A. Light
ba67e1ffe5
Don't use gnu-specific strerror_r.
2018-11-07 18:27:15 +00:00
Roger A. Light
34c752a0d0
Give better error message if a client sends a password without a username.
...
Closes #1015 . Thanks to TabascoEye.
2018-11-07 17:29:39 +00:00