d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,820 Commits 1 Branch 0 Tags 11 MiB
9bebab46ca
Commit Graph

124 Commits

Author SHA1 Message Date
Roger A. Light
47dadb902d Only call ERR_clear_error() after an error has occurred. 2019-10-24 22:57:05 +01:00
Roger A. Light
6a01453ce0 Build fixes. 2019-09-25 12:17:17 +01:00
Roger A. Light
d8f6215569 Windows fix 2019-08-01 20:46:23 +01:00
Roger A. Light
46d12086c9 Set sock to invalid after closing. 2019-07-30 15:06:55 +01:00
Karl Palsson
22303848e2 ssl: support openssl with ENGINE support disabled. 
Alternatively, just drop support for this config.

Signed-off-by: Karl Palsson <karlp@etactica.com>
 2019-05-02 16:44:14 +00:00
Karl Palsson
0928797e57 lib: fix missing openssl/ui.h include. 
Signed-off-by: Karl Palsson <karlp@etactica.com>
 2019-05-02 16:44:01 +00:00
Roger A. Light
dc4b823f92 Fix crash after client has been unable to connect to a broker 
This is part of the cleanup routine when the client is already exiting.

Closes #1246. Thanks to Christoph Krey.
 2019-04-30 13:23:25 +01:00
Roger A. Light
f041cb484a No need to support versions that aren't supported by upstream. 2019-04-11 11:13:58 +01:00
John Hickey
c011be62a4 Bridge TLS Application-Layer Protocol Negotiation 
In order to connect to brokers that support both websockets and
mqtt on the same port (such as Amazon IoT), we need to set an
application for the SSL context.  This change allows the specification
of an application by using the `bridge_alpn` configuration token.

Signed-off-by: John Hickey <jjh-github@daedalian.us>
 2019-04-04 17:27:52 -07:00
Roger A. Light
ea046c2405 Merge branch 'master' of git://github.com/LarsVoelker/mosquitto into LarsVoelker-master 2019-03-26 18:36:13 +00:00
Roger A. Light
320ddc1303 Merge branch 'master' 
Conflicts:
	CMakeLists.txt
	ChangeLog.txt
	client/Makefile
	config.mk
	installer/mosquitto.nsi
	installer/mosquitto64.nsi
	lib/mosquitto.h
	lib/mqtt3_protocol.h
	lib/util_mosq.c
	set-version.sh
	snap/snapcraft.yaml
	src/bridge.c
	src/database.c
	src/handle_connack.c
	src/loop.c
	src/persist.c
	test/broker/Makefile
 2019-03-16 10:05:38 +00:00
Roger A. Light
110f4aada6 Don't overwrite disused client state. 2019-03-15 21:38:24 +00:00
Roger A. Light
cc153cfc90 Cleanup TLS UI method on exit. 2019-03-14 09:53:23 +00:00
Roger A. Light
2dd24449ad Fix "unused parameter" warnings. 2019-03-13 14:46:05 +00:00
Roger A. Light
ce31269e05 Update changelog, bump version, bump copyright year. 2019-02-28 16:56:15 +00:00
Roger A. Light
988554e7f0 Fix openssl deprecated warnings. 2019-02-28 16:47:16 +00:00
Roger A. Light
a6f845bc67 Fix openssl deprecated function use. 2019-02-28 12:21:11 +00:00
Roger A. Light
d3d6f3a980 Fix compiling with openssl < 1.1.1. 2019-02-28 11:23:26 +00:00
krismattheus
479d8e5f1a fix incorrect return code when connecting in non-blocking mode 
Signed-off-by: krismattheus <kris.mattheus@visionbms.com>
 2019-02-28 00:16:04 +00:00
Roger A. Light
1924afe49e Add explicit support for TLS v1.3 and drop TLS v1.0. 2019-02-27 22:50:01 +00:00
Roger A. Light
5aabc171b0 Merge branch 'mqtt5' into develop 2019-02-26 18:51:31 +00:00
Roger A. Light
e862a047a8 Rework TLS engine support. 2019-02-26 17:11:29 +00:00
Nicolás Pernas Maradei
20894fcbce Add engine private key password support 
Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.

The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]

By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.

Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.

This commit adds support for both clients (libmosquitto) and broker.

[1] https://goo.gl/qQoXBY

Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
 2019-02-26 15:50:37 +00:00
Nicolás Pernas Maradei
f88cc06435 Add TLS engine and keyform support to libmosquitto 
- Clients can now offload crypto tasks to an external crypto device through
  the OpenSSL ENGINE API.
- The keyfiles can now be treated as PEM or ENGINE keys.
- Two new functions were added to libmosquitto to set up the previously
  mentioned features.
- Both mosquitto_sub and mosquitto_pub include support to turn on the mentioned
  features through command line options.

Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
 2019-02-26 15:48:00 +00:00
Roger A. Light
084062c85e Merge branch 'fixes' into mqtt5 2019-02-12 17:05:42 +00:00
Roger A. Light
7ff9c3763b Fix socks build when using cmake. 2019-02-08 13:01:07 +00:00
Roger A. Light
f952ae3a67 Fixed durable clients being unable to receive messages when offline. 
This occurred when per_listener_settings was set to true.

Closes #1081. Thanks to dwin-wangjt.
 2019-02-08 13:01:07 +00:00
Matthias Stone
4325c44baf Don't clear SSL context when TLS connection is closed. 
Previous behaviour would clear the external SSL_CTX provided by
MOSQ_OPT_SSL_CTX. This required the user to reset the SSL_CTX every
disconnect, and trust that they were not leaking references.

Recreating the SSL context for every connection is not necessary, and the
SSL context is freed in mosquitto_destroy, which is sufficient.

Signed-off-by: Matthias Stone <matthias@bellstone.ca>
 2019-02-08 13:01:07 +00:00
Roger A. Light
e8320cbf19 Fix TLS connections not working over SOCKS. 
Thanks to Mark Oeltjenbruns.
 2019-02-08 13:01:07 +00:00
Roger A. Light
be9c1071b0 Fix compilation when openssl deprecated APIs are not available. 
Closes #1094. Thanks to Rosen Penev.
 2019-02-08 13:01:07 +00:00
Roger A. Light
fcf4cd0b27 Merge branch 'master' into mqtt5 2018-12-19 14:11:11 +00:00
Roger A. Light
a00dd29af8 Fix building where TLS-PSK is not available. 
Closes #68.
 2018-12-11 10:55:31 +00:00
Roger A. Light
e169f1c7c2 When using ADNS, don't ask for all network protocols when connecting. 
This can lead to confusing "Protocol not supported" errors if the
network is down, because UDP sockets are provided.

Thanks to jsaak.

Closes #1062.

Bug: https://github.com/eclipse/mosquitto/issues/1062
 2018-12-04 12:39:00 +00:00
Roger A. Light
0a9ee5b4cf Fix memory leak when reconnecting with TLS errors. 
Fix memory leak that occurred if mosquitto_reconnect() was used when TLS
errors were present.

Closes #592. Thanks to smartdabao and aaronovz1.
 2018-10-23 10:46:55 +01:00
Roger Light
6c9e8d51c2 Merge branch 'develop' into mqtt5 2018-10-02 11:28:03 +01:00
Roger A. Light
0bacff11df Rename mqtt3_protocol.h -> mqtt_protocol.h. 2018-09-19 10:58:12 +01:00
Fredrik Fornwall
915e91d9be Fix build with OPENSSL_NO_ENGINE 
Signed-off-by: Fredrik Fornwall <fredrik@fornwall.net>
 2018-09-18 15:02:32 +01:00
Roger A. Light
0ec090f31a Fixes for building on FreeBSD. 2018-08-15 17:02:56 +01:00
Roger A. Light
10b19a42ed Fixes for building on NetBSD. 
Closes #258.

Thanks to Daniel Ölschlegel.
 2018-08-09 15:21:40 +01:00
Roger A. Light
c757cb0912 Remove incorrect comment. 2018-08-09 15:01:39 +01:00
Roger A. Light
e185d18917 Better fix for #851. 
Ensure all sockets that are closed are set to INVALID_SOCKET.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-08 15:23:03 +01:00
Roger A. Light
575dce91f0 Fix segfault on startup if bridge CA certificates could not be read. 
Closes #851.

Thanks to chelliwell.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-02 15:06:09 +01:00
Roger A. Light
4bacbecb1b Fix some places where return codes were incorrect. 
Closes #850.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-02 14:41:04 +01:00
Roger A. Light
bcf76b9cb6 Remove use of AI_ADDRCONFIG. 
Closes #869, #901.

Thanks to Alex Richman.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-02 01:11:31 +01:00
Roger A. Light
286400abcf Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. 
Closes #863.

Thanks to denigmus and Patrick TJ McPhee.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-02 00:27:52 +01:00
Roger A. Light
e90a32835b Merge branch 'fixes' into develop 2018-05-02 22:24:49 +01:00
Roger A. Light
6c7ecd7e97 Fix compiling without TLS. 2018-05-02 21:04:42 +01:00
Thomas Beckmann (M-Way)
ee610ab19a _mosquitto_net_read must call WSASetLastError when changing errno so that the error code can be picked up by _mosquitto_packet_read 
Signed-off-by: Thomas Beckmann (M-Way) <t.beckmann@mwaysolutions.com>
 2018-04-13 12:09:26 +01:00
Roger A. Light
e961bc9301 Comment to aid init_ssl_ctx understanding. 2018-04-12 21:37:44 +01:00
Roger A. Light
b649799c78 Protect mosq->ssl_ctx against double initialisation. 2018-04-12 01:11:46 +01:00