Nicolás Pernas Maradei
20894fcbce
Add engine private key password support
...
Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.
The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]
By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.
Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.
This commit adds support for both clients (libmosquitto) and broker.
[1] https://goo.gl/qQoXBY
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
2019-02-26 15:50:37 +00:00
Nicolás Pernas Maradei
d5f039ec7c
Add TLS engine and keyform support to mosquitto
...
Add same OpenSSL engine support to mosquitto (server side) previously added to
client side only.
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
2019-02-26 15:50:37 +00:00
Nicolás Pernas Maradei
f88cc06435
Add TLS engine and keyform support to libmosquitto
...
- Clients can now offload crypto tasks to an external crypto device through
the OpenSSL ENGINE API.
- The keyfiles can now be treated as PEM or ENGINE keys.
- Two new functions were added to libmosquitto to set up the previously
mentioned features.
- Both mosquitto_sub and mosquitto_pub include support to turn on the mentioned
features through command line options.
Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
2019-02-26 15:48:00 +00:00
Roger A. Light
f4e24f9524
Use higher resolution timer for random client id generation.
2019-02-26 14:26:05 +00:00
Roger A. Light
c3c8c99f5d
Fix dropping oversize messages for QoS>0.
2019-02-21 08:31:54 +00:00
Roger A. Light
1d17ced449
Broker configurable max_packet_size
...
Plus tests.
2019-02-19 15:57:20 +00:00
Roger A. Light
8fb4ad48b5
Strings for new error codes.
2019-02-19 15:53:15 +00:00
Roger A. Light
b9b8e0ff2a
Add client support for outgoing maximum packet size.
2019-02-19 15:14:34 +00:00
Roger A. Light
1877f8a326
Tests and implementation for maximum packet size.
...
This is for broker outgoing connack and publish packets only.
2019-02-18 19:50:51 +00:00
Roger A. Light
8db16591fa
Test and fix for subscription identifiers not being updated.
...
Closes #1169 . Thanks to Christoph Krey.
2019-02-18 12:24:19 +00:00
Roger A. Light
66c1e2ccf0
Add mosquitto_unsubscribe_multiple(), plus tests.
2019-02-17 20:59:16 +00:00
Roger A. Light
c823073be6
v5 unsubscribe test, single topic.
2019-02-17 19:47:53 +00:00
Roger A. Light
1479c57e34
v5 report reason code=no sub when unsubscribing.
2019-02-17 10:14:02 +00:00
Roger A. Light
1ec0cea34a
Fix missing reason_code on v5 UNSUBACK.
...
Closes #1167 . Thanks to Christoph Krey.
2019-02-17 09:30:06 +00:00
Roger A. Light
5e8199323b
Fix clients being disconnected when ACLs are in use.
...
This only affects the case where a client connects using a username, and
the anonymous ACL list is defined but specific user ACLs are not
defined.
Closes #1162 . Thanks to quonb.
2019-02-14 17:46:01 +00:00
Roger A. Light
458a9840ad
Bump version for test release.
2019-02-14 10:52:49 +00:00
Roger A. Light
6b43ba8201
Info on mqtt5 release.
2019-02-14 10:51:54 +00:00
Roger A. Light
a2d4535db8
Merge branch 'fixes'
2019-02-13 23:51:46 +00:00
Roger A. Light
bb72cf9088
Bump version number, update webpage.
2019-02-13 23:49:17 +00:00
Roger A. Light
8350956a08
Make include_dir sort usefully case sensitive.
2019-02-13 22:55:15 +00:00
Roger A. Light
321e566af6
Fix unref'd messages being saved to the persistence file.
...
This was leaving dangling messages that were never freed.
Closes #389 . Thanks to pjchx.
2019-02-13 12:08:05 +00:00
Roger A. Light
f9f3fdbfe3
Fix pattern matching test.
2019-02-13 12:05:43 +00:00
Roger A. Light
d5dfd575b3
Fix broker TLS tests.
2019-02-13 11:51:52 +00:00
Roger A. Light
1a6c3f0c86
Improve documentation around the include_dir
option.
...
Closes #1154 . Thanks to Guzoft.
2019-02-13 10:08:44 +00:00
Roger A. Light
baa4642bd3
Generic ptest implementation.
2019-02-12 19:06:14 +00:00
Roger A. Light
b4a94f5900
Fix some ssl tests.
2019-02-12 18:51:19 +00:00
Roger A. Light
950ad8d16f
Speed up pattern matching test.
2019-02-12 18:29:05 +00:00
Roger A. Light
016ce7dca5
Simplify ptest implementation.
2019-02-12 18:28:54 +00:00
Roger A. Light
e2f269bda8
Test duration printing on ptest.
2019-02-12 17:12:38 +00:00
Roger A. Light
084062c85e
Merge branch 'fixes' into mqtt5
2019-02-12 17:05:42 +00:00
Roger A. Light
9999faf9da
Add rewritten build test script and remove some build warnings.
2019-02-12 13:24:54 +00:00
Roger A. Light
b6dc4e5780
Fix datatype_read test.
2019-02-12 11:34:45 +00:00
Roger A. Light
bb914b985c
Fix mosquitto_topic_matches_sub()
rc with sub=="topic/#abc".
...
This now returns MOSQ_ERR_INVAL as expected.
2019-02-12 11:34:45 +00:00
Roger A. Light
b6fb2c5824
Fix property write test after function changes.
2019-02-12 11:34:45 +00:00
Roger A. Light
e72d1d6ff5
Fix mosquitto_topic_matches_sub()
rc with sub=="topic/#abc".
...
This now returns MOSQ_ERR_INVAL as expected.
2019-02-12 11:26:23 +00:00
Roger A. Light
04e89450c0
Don't require C99 compiler.
2019-02-09 13:52:09 +00:00
Roger A. Light
715da28602
Fix include_dir not sorting config files before loading.
...
Thanks to momoskitto.
2019-02-08 23:52:11 +00:00
Roger A. Light
2e1c2c430f
per_listener_settings true
must come before other security settings.
...
Produce error if this is not the case. Closes #1164 , thanks to
momoskitto.
2019-02-08 23:14:43 +00:00
Roger A. Light
9378016b19
Fix build failure when using WITH_ADNS=yes
2019-02-08 21:34:08 +00:00
Roger A. Light
ff36baa49e
Bump Docker version.
2019-02-08 13:01:07 +00:00
Roger A. Light
1b5c900e77
Update CVE details and bump version number.
2019-02-08 13:01:07 +00:00
Roger A. Light
05458eb35d
Fix some unused variable warnings.
2019-02-08 13:01:07 +00:00
Roger A. Light
a4f68869bf
Fix cmake client build with TLS.
2019-02-08 13:01:07 +00:00
Roger A. Light
7ff9c3763b
Fix socks build when using cmake.
2019-02-08 13:01:07 +00:00
Roger A. Light
1c075988ca
Log message for disconnecting a client with invalid UTF-8 topic.
...
Closes #1144 . Thanks to Kris Mattheus.
2019-02-08 13:01:07 +00:00
Roger A. Light
f952ae3a67
Fixed durable clients being unable to receive messages when offline.
...
This occurred when per_listener_settings was set to true.
Closes #1081 . Thanks to dwin-wangjt.
2019-02-08 13:01:07 +00:00
Roger A. Light
17b52bd5d1
Windows: Fix possible crash when client disconnects.
...
Closes #1137 . Thanks to Kris Mattheus.
2019-02-08 13:01:07 +00:00
Roger A. Light
d6a690aa8d
Fix Will not being sent for Websockets clients.
...
Closes #1143 . Thanks to salcedo.
2019-02-08 13:01:07 +00:00
Roger A. Light
ab8b57ff54
Allow broker to always restart on Windows when using log_dest file
.
...
Closes #1080 . Thanks to lcouz.
2019-02-08 13:01:07 +00:00
Roger A. Light
29a1936c77
Fix spaces not being allowed in the bridge remote_username option.
...
Closes #1131 . Thanks to beville.
2019-02-08 13:01:07 +00:00