d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,460 Commits 1 Branch 0 Tags 11 MiB
cc153cfc90
Commit Graph

109 Commits

Author SHA1 Message Date
Roger A. Light
cc153cfc90 Cleanup TLS UI method on exit. 2019-03-14 09:53:23 +00:00
Roger A. Light
2dd24449ad Fix "unused parameter" warnings. 2019-03-13 14:46:05 +00:00
Roger A. Light
a6f845bc67 Fix openssl deprecated function use. 2019-02-28 12:21:11 +00:00
Roger A. Light
d3d6f3a980 Fix compiling with openssl < 1.1.1. 2019-02-28 11:23:26 +00:00
krismattheus
479d8e5f1a fix incorrect return code when connecting in non-blocking mode 
Signed-off-by: krismattheus <kris.mattheus@visionbms.com>
 2019-02-28 00:16:04 +00:00
Roger A. Light
1924afe49e Add explicit support for TLS v1.3 and drop TLS v1.0. 2019-02-27 22:50:01 +00:00
Roger A. Light
5aabc171b0 Merge branch 'mqtt5' into develop 2019-02-26 18:51:31 +00:00
Roger A. Light
e862a047a8 Rework TLS engine support. 2019-02-26 17:11:29 +00:00
Nicolás Pernas Maradei
20894fcbce Add engine private key password support 
Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.

The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]

By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.

Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.

This commit adds support for both clients (libmosquitto) and broker.

[1] https://goo.gl/qQoXBY

Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
 2019-02-26 15:50:37 +00:00
Nicolás Pernas Maradei
f88cc06435 Add TLS engine and keyform support to libmosquitto 
- Clients can now offload crypto tasks to an external crypto device through
  the OpenSSL ENGINE API.
- The keyfiles can now be treated as PEM or ENGINE keys.
- Two new functions were added to libmosquitto to set up the previously
  mentioned features.
- Both mosquitto_sub and mosquitto_pub include support to turn on the mentioned
  features through command line options.

Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
 2019-02-26 15:48:00 +00:00
Roger A. Light
084062c85e Merge branch 'fixes' into mqtt5 2019-02-12 17:05:42 +00:00
Roger A. Light
7ff9c3763b Fix socks build when using cmake. 2019-02-08 13:01:07 +00:00
Roger A. Light
f952ae3a67 Fixed durable clients being unable to receive messages when offline. 
This occurred when per_listener_settings was set to true.

Closes #1081. Thanks to dwin-wangjt.
 2019-02-08 13:01:07 +00:00
Matthias Stone
4325c44baf Don't clear SSL context when TLS connection is closed. 
Previous behaviour would clear the external SSL_CTX provided by
MOSQ_OPT_SSL_CTX. This required the user to reset the SSL_CTX every
disconnect, and trust that they were not leaking references.

Recreating the SSL context for every connection is not necessary, and the
SSL context is freed in mosquitto_destroy, which is sufficient.

Signed-off-by: Matthias Stone <matthias@bellstone.ca>
 2019-02-08 13:01:07 +00:00
Roger A. Light
e8320cbf19 Fix TLS connections not working over SOCKS. 
Thanks to Mark Oeltjenbruns.
 2019-02-08 13:01:07 +00:00
Roger A. Light
be9c1071b0 Fix compilation when openssl deprecated APIs are not available. 
Closes #1094. Thanks to Rosen Penev.
 2019-02-08 13:01:07 +00:00
Roger A. Light
fcf4cd0b27 Merge branch 'master' into mqtt5 2018-12-19 14:11:11 +00:00
Roger A. Light
a00dd29af8 Fix building where TLS-PSK is not available. 
Closes #68.
 2018-12-11 10:55:31 +00:00
Roger A. Light
e169f1c7c2 When using ADNS, don't ask for all network protocols when connecting. 
This can lead to confusing "Protocol not supported" errors if the
network is down, because UDP sockets are provided.

Thanks to jsaak.

Closes #1062.

Bug: https://github.com/eclipse/mosquitto/issues/1062
 2018-12-04 12:39:00 +00:00
Roger A. Light
0a9ee5b4cf Fix memory leak when reconnecting with TLS errors. 
Fix memory leak that occurred if mosquitto_reconnect() was used when TLS
errors were present.

Closes #592. Thanks to smartdabao and aaronovz1.
 2018-10-23 10:46:55 +01:00
Roger Light
6c9e8d51c2 Merge branch 'develop' into mqtt5 2018-10-02 11:28:03 +01:00
Roger A. Light
0bacff11df Rename mqtt3_protocol.h -> mqtt_protocol.h. 2018-09-19 10:58:12 +01:00
Fredrik Fornwall
915e91d9be Fix build with OPENSSL_NO_ENGINE 
Signed-off-by: Fredrik Fornwall <fredrik@fornwall.net>
 2018-09-18 15:02:32 +01:00
Roger A. Light
0ec090f31a Fixes for building on FreeBSD. 2018-08-15 17:02:56 +01:00
Roger A. Light
10b19a42ed Fixes for building on NetBSD. 
Closes #258.

Thanks to Daniel Ölschlegel.
 2018-08-09 15:21:40 +01:00
Roger A. Light
c757cb0912 Remove incorrect comment. 2018-08-09 15:01:39 +01:00
Roger A. Light
e185d18917 Better fix for #851. 
Ensure all sockets that are closed are set to INVALID_SOCKET.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-08 15:23:03 +01:00
Roger A. Light
575dce91f0 Fix segfault on startup if bridge CA certificates could not be read. 
Closes #851.

Thanks to chelliwell.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-02 15:06:09 +01:00
Roger A. Light
4bacbecb1b Fix some places where return codes were incorrect. 
Closes #850.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-02 14:41:04 +01:00
Roger A. Light
bcf76b9cb6 Remove use of AI_ADDRCONFIG. 
Closes #869, #901.

Thanks to Alex Richman.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-02 01:11:31 +01:00
Roger A. Light
286400abcf Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. 
Closes #863.

Thanks to denigmus and Patrick TJ McPhee.

Signed-off-by: Roger A. Light <roger@atchoo.org>
 2018-08-02 00:27:52 +01:00
Roger A. Light
e90a32835b Merge branch 'fixes' into develop 2018-05-02 22:24:49 +01:00
Roger A. Light
6c7ecd7e97 Fix compiling without TLS. 2018-05-02 21:04:42 +01:00
Thomas Beckmann (M-Way)
ee610ab19a _mosquitto_net_read must call WSASetLastError when changing errno so that the error code can be picked up by _mosquitto_packet_read 
Signed-off-by: Thomas Beckmann (M-Way) <t.beckmann@mwaysolutions.com>
 2018-04-13 12:09:26 +01:00
Roger A. Light
e961bc9301 Comment to aid init_ssl_ctx understanding. 2018-04-12 21:37:44 +01:00
Roger A. Light
b649799c78 Protect mosq->ssl_ctx against double initialisation. 2018-04-12 01:11:46 +01:00
Roger A. Light
943b311344 Don't use deprecated openssl functions. 2018-04-11 22:10:48 +01:00
Roger A. Light
24d68b5af8 Remove support for openssl 1.0.0 and 1.0.1. 
These are no longer supported by openssl.
 2018-04-11 17:12:25 +01:00
Roger A. Light
8470ca89b9 Add MOSQ_OPT_SSL_CTX and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS options. 
Closes #567 and #715.
 2018-04-11 16:34:24 +01:00
Roger A. Light
f4d238be18 Bump copyright years. 2018-04-11 15:24:29 +01:00
Thomas Beckmann (M-Way)
8e3c2d9af7 _mosquitto_net_read must call WSASetLastError when changing errno so that the error code can be picked up by _mosquitto_packet_read 
Signed-off-by: Thomas Beckmann (M-Way) <t.beckmann@mwaysolutions.com>
 2018-04-09 22:46:53 +01:00
Viktor Gotwig
e90afb8526 Adding tls host name extension (SNI) 
Signed-off-by: Viktor Gotwig <viktor.gotwig@q-loud.de>
 2018-03-13 23:25:28 +00:00
Roger A. Light
81cb7ab547 Merge branch 'fixes' into develop 2018-02-13 14:16:47 +00:00
JonoJensen
7d8d04bc39 Fix issue when SSL_connect() returns SSL_ERROR_WANT_READ. A call to SSL_write here will later transmit a new client hello and make ssl connection fail. 
Signed-off-by: JonoJensen <jono.jensen@yahoo.se>
 2018-01-14 23:18:28 +00:00
Roger A. Light
b193918ca0 [649] Don't close socket again if nonblock fails. 
Thanks to Edwin van den Oetelaar.

Bug: https://github.com/eclipse/mosquitto/issues/649
 2017-12-21 21:56:01 +00:00
Roger A. Light
124ee1af91 [490] Further fix for auth related crashes. 
Bug: https://github.com/eclipse/mosquitto/issues/490
 2017-07-27 14:56:10 +01:00
Roger A. Light
22063013be [490] Fix auth plugin+WS client+MOSQ_ERR_AUTH related crash. 
Thanks to "hasunperera".

Bug: https://github.com/eclipse/mosquitto/issues/490
 2017-07-27 00:12:32 +01:00
Roger A. Light
e74203de2c Merge branch 'master' into develop 2017-07-16 22:52:01 +01:00
Jan Lukavsky
621f18d696 #419 Broker sometimes kills connection to client 
Signed-off-by: Jan Lukavsky <je.ik@seznam.cz>
 2017-06-11 22:00:45 +01:00
Roger A. Light
b61fefcf08 Merge branch 'master' into develop 2017-05-31 21:05:26 +01:00